Problems installing (cvs) on FC4 (x86_64)

[shohamlevy]

Hi.
Let me start by saying that I really appreciate the fact that Zimbra is FOSS. I also know that it is just the beginning, and that as such it suffers from many compatibility issues.
I am trying to build and install from the CVS version. I am using FC4, on a x86_64 machine. I have encountered some problems while building ThirdParty tools - but I resolved them (I can send the diffs if needed): they mostly invlove adding "-fPIC" to the Native compilation. Once I am done, I will post my experience.
Also, the CVS head is not very stable, and doesn't always compile. Can you please make sure that at least the CVS HEAD branch compiles? I was forced many times to mix-and-match files from vaious dates, just to make the server/client compile
I use the following guidelines:

* http://www.zimbra.com/blog/archives/200 ... _with.html"

* ZimbraServer/docs/build_cvs_howto.txt
Currently, I have reached the stage where I need to run /opt/zimbra/libexec/zmldapinit. It fails, because of an authentication?? file.

++++++

TLS: could not load verify locations (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').

++++++
What is this ca.pem file? The "conf/ca" directory is empty in my case - where should have it been initialized?
Thanks.
These are the last lines of running the init script in verbose mode (+slapd in verbose):

=================================================



daemon_init: ldap://:389/

/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema: line 2832: bad config line (ignored)

bdb_db_init: Initializing BDB database

TLS: could not load verify locations (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').

TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:104

TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:107

TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:279

main: TLS init def ctx failed: -1

slapd stopped.

connections_destroy: nothing to destroy.

Started slapd: pid
if [ $? -ne 0 ]; then

exit 1

fi
${zimbra_home}/openldap/bin/ldapmodify -a -c -H ldap://127.0.0.1:389 -w ${ldap_root_password} -D "${zimbra_ldap_userdn}" -x -f ${config_dir}/zimbra.ldif

ldap_bind: Can't contact LDAP server (-1)
if [ $? -ne 0 ]; then

exit 2

fi



===============================

[marcmac]

You can do one of two things here - create certs for ldap to use (zmcreateca, zmcreatecert, zmcertinstall mailbox)
OR
edit /opt/zimbra/bin/ldap, and remove the "ldaps://" specifier, and the last four lines of /opt/zimbra/conf/slapd.conf (start with TLS). (You may need to make that change in /opt/zimbra/openldap/etc/openldap/slapd.conf)

[shohamlevy]

Hi Marc, thanks for the fast reply. It helped me make some progress, but not enough. Btw, I saw that last time I mistakenly used the GNU java, not JDK from SUN. I found out when the "zmcreatecert" gave me keytool errors - of course, this is a JDK extension, not in the GNU Java.
I tried both ways. Slapd hangs on startup, and I still get errors on the zimbra.schema:

========================

daemon_init: ldap://:389/

/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema: line 2832: bad config line (ignored)

bdb_db_init: Initializing BDB database

bdb_db_open:

slapd starting

========================

... and then it hangs forever.
Any ideas?

[marcmac]

How are you starting ldap?
Try commenting out the "loglevel 0" line in /opt/zimbra/conf/slapd.conf and restarting, that may give more info.
Don't worry about the schema error, it's not hurting anything.

[shohamlevy]

Sorry for the delay, I am on GMT+2.
I removed the "loglevel 0" - but it did not make a difference. So I sudo'd myself to run strace, and here are the last lines of the command:

*******

sudo strace /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u `whoami` -h "ldap://:389/" -f /opt/zimbra/conf/slapd.conf -d 10

*******
Output (last strace lines):

==============================



sendto(3, "Dec 13 11:26:23 slapd[10615"..., 50, MSG_NOSIGNAL, NULL, 0) = 50

open("/opt/zimbra/openldap/var/run/slapd.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 9

fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000

write(9, "10615
", 6) = 6

close(9) = 0

munmap(0x2aaaab8c8000, 4096) = 0

open("/opt/zimbra/openldap/var/run/slapd.args", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 9

fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000

write(9, "/opt/zimbra/openldap/libexec/sla"..., 113) = 113

close(9) = 0

munmap(0x2aaaab8c8000, 4096) = 0

mmap(NULL, 610304, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000

mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x40, -1, 0) = 0x40000000

mprotect(0x40000000, 4096, PROT_NONE) = 0

clone(child_stack=0x40800270, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED, parent_tidptr=0x408009f0, tls=0x40800960, child_tidptr=0x408009f0) = 10616

futex(0x408009f0, FUTEX_WAIT, 10616, NULLdaemon: added 6r

daemon: select: listen=6 active_threads=0 tvp=NULL



===============================
Thanks.

[marcmac]

What do you get from ldd /opt/zimbra/openldap/libexec/slapd?

[shohamlevy]

$ ldd openldap/libexec/slapd

libsasl2.so.2 => /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2 (0x00002aaaaaad1000)

libssl.so.5 => /lib64/libssl.so.5 (0x0000003aaa200000)

libcrypto.so.5 => /lib64/libcrypto.so.5 (0x0000003aaa600000)

libbind.so.3 => /usr/lib64/libbind.so.3 (0x0000003504000000)

libc.so.6 => /lib64/libc.so.6 (0x0000003aa4a00000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003aaba00000)

libdl.so.2 => /lib64/libdl.so.2 (0x0000003aa4f00000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003aa6900000)

libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003aaa400000)

libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003aa9800000)

libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003aa9600000)

libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003aa9e00000)

libz.so.1 => /usr/lib64/libz.so.1 (0x0000003aa5100000)

libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003aac300000)

/lib64/ld-linux-x86-64.so.2 (0x0000003aa4800000)

libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003aa9a00000)

[/COLOR][/FONT]



=================================


In addition, I now have problems with zmcreatecert -



$ ./bin/zmcreatecert

** Importing CA
keytool error: java.lang.Exception: Certificate not imported, alias already exists



==============

keytool command exit status is: 1

[marcmac]

It looks like it's finding the libs ok. I'm not really sure why ldap isn't starting - does the openldap build tell you anything?
Which version of slapd are you using?
Search the forums for how to remove the my_ca alias.