LDAP problem

[plagoutte]

Hello,

I involuntarily deleted the file data.mdb of LDAP and restarted Zimbra, hoping it will fix my mistake. But now, noting works...

Code: Select all

zimbra@phlag:~$ zmcontrol start
Host morambeau.com
     Starting ldap...Done.
Search error: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
     Starting zmconfigd...Failed.
Starting zmconfigd...failed.


     Starting dnscache...Done.
     Starting logger...Failed.
Starting logswatch...[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1574364595157:c2c8e25a8b84aba2
Code:ldap.LDAP_ERROR
     at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
     at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
     at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:40)
     at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
     at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
     at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:111)
     at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
     at com.zimbra.cs.ldap.LdapClient.getInstanceIfLDAPavailable(LdapClient.java:62)
     at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:69)
     at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:94)
     at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:47)
     at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:291)
     at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:288)
     at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
     at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
     at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
     at java.base/java.lang.Class.newInstance(Class.java:584)
     at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:354)
     at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:310)
     at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:1032)
     at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:4156)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials')
     at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
     at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
     at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:876)
     at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:779)
     at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:726)
     at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:114)
     ... 18 more
zimbra logger service is not enabled! failed.


     Starting mailbox...Failed.


     Starting memcached...Done.
     Starting proxy...Done.
     Starting amavis...Done.
     Starting antispam...Done.
     Starting antivirus...Done.
     Starting opendkim...Failed.
opendkim: /opt/zimbra/conf/opendkim.conf: ldap://morambeau.com:389/?DKIMSelector?sub?(DKIMIdentity=$d): dkimf_db_open(): Invalid credentials
Failed to start opendkim: 0


     Starting snmp...Done.
     Starting spell...Done.
     Starting mta...Done.
     Starting stats...Done.
     Starting service webapp...Failed.


     Starting zimbra webapp...Failed.


     Starting zimbraAdmin webapp...Failed.


     Starting zimlet webapp...Failed.


zimbra@phlag:~$

If I understand right, Zimbra restored the file thanks to its cache, but the passwords doesn't match anymore... This is what I tried :

./install.sh -s
./install.sh => not working (cf below)
Check the passwords in the config and change the LDAP root password with zmldappasswd -r

Infos :

Error chen trying to upgrade :

Code: Select all

ZCS upgrade from 8.8.15 to 8.8.15 will be performed.
Validating ldap configuration
Error: Unable to bind to the LDAP server as the zimbra LDAP user.
     This is required to upgrade.

I used the command "zmlocalconfig -s | grep ldap | grep pass" to show the current passwords : they all are equals, after modifying the LDAP root password with zmldappasswd

LDAP test :

Code: Select all

zimbra@phlag:~$ ldapsearch -LLL -h localhost -p 389 -D uid=zimbra,cn=admins,cn=zimbra -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
zimbra@phlag:~$

I really hope someone can help me to repair my fault...
Regards
I use Zimbra 8.8.15 patch 4

Sorry for my English level, I'm French

[gabrieles]

If I understand right, Zimbra restored the file thanks to its cache, but the passwords doesn't match anymore... This is what I tried :

What you aree seeing is the service startup procedure. When starting/restarting, the zmcontrol procedure asks the ldap for what services are installed and enabled on that server and what have to be started. If ldap is unreachable, zmcontrol tries to search them in HIS cache.
Unfortunately if you have wiped your mdb and don't have any sort of backup (ldap replicas, slapcat, zmbackup legacy, backup ng, third party backup systems...) , your ldap will not start and not only your user's password, but all your attributes are lost.
Trying to reinstall only software doesn't repair the damage, neither changing the ldap passwords.