Upgrade from 7.2.0 to 8.0 fail with ldap error
Upgrade from 7.2.0 to 8.0 fail with ldap error
System ubuntu 10.04 LTS 64
Current Zimbra FOSS 7.2.0
Upgrade Fails with that log
Fri Sep 21 04:53:14 2012 done.
Fri Sep 21 04:53:15 2012 This appears to be 7.2.0_GA
Fri Sep 21 04:53:15 2012 Setting local config ssl_allow_untrusted_certs to true
Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='true' 2> /dev/null
Fri Sep 21 04:53:15 2012 Upgrading ldap data...
Fri Sep 21 04:53:15 2012 done.
Fri Sep 21 04:53:15 2012 Upgrading LDAP configuration database...
Fri Sep 21 04:53:15 2012 done.
Fri Sep 21 04:53:15 2012 Loading database...
Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/openldap/sbin/slapadd -q -b '' -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/ldap.80
505bd69c ldif_read_file: checksum error on "/opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif"
Fri Sep 21 04:53:16 2012 slapadd import failed.
Fri Sep 21 04:53:16 2012 UPGRADE FAILED - exiting.
any ideas?
maybe its nothing but why it stated untrusted certs to be true? ife installed a commercial certificate
is it just bogus or something wrong with the certs?
edit: what is interresting that i do not have a /olcDatabase={2}mdb.ldif so why he even bother to check that ?
i tried to find that file in any conifg but no luck i guess is related to some config key
Current Zimbra FOSS 7.2.0
Upgrade Fails with that log
Fri Sep 21 04:53:14 2012 done.
Fri Sep 21 04:53:15 2012 This appears to be 7.2.0_GA
Fri Sep 21 04:53:15 2012 Setting local config ssl_allow_untrusted_certs to true
Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='true' 2> /dev/null
Fri Sep 21 04:53:15 2012 Upgrading ldap data...
Fri Sep 21 04:53:15 2012 done.
Fri Sep 21 04:53:15 2012 Upgrading LDAP configuration database...
Fri Sep 21 04:53:15 2012 done.
Fri Sep 21 04:53:15 2012 Loading database...
Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/openldap/sbin/slapadd -q -b '' -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/ldap.80
505bd69c ldif_read_file: checksum error on "/opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif"
Fri Sep 21 04:53:16 2012 slapadd import failed.
Fri Sep 21 04:53:16 2012 UPGRADE FAILED - exiting.
any ideas?
maybe its nothing but why it stated untrusted certs to be true? ife installed a commercial certificate
is it just bogus or something wrong with the certs?
edit: what is interresting that i do not have a /olcDatabase={2}mdb.ldif so why he even bother to check that ?
i tried to find that file in any conifg but no luck i guess is related to some config key
Upgrade from 7.2.0 to 8.0 fail with ldap error
same problem where, but i have the file "olcDatabase={2}mdb.ldif"
i have noticed that there is a another log error: Package 'zimbra-ldap' isn't signed with proper key
when i do clean install no problem reported.
i have noticed that there is a another log error: Package 'zimbra-ldap' isn't signed with proper key
when i do clean install no problem reported.
Upgrade from 7.2.0 to 8.0 fail with ldap error
sounds like cert
do you have a comercial or a private cert?
make shure in case you got a private cert that it is up to date and still valid
btw oyu have that file?
what zimbra are you running ? FOSS or NE?
do you have a comercial or a private cert?
make shure in case you got a private cert that it is up to date and still valid
btw oyu have that file?
what zimbra are you running ? FOSS or NE?
Upgrade from 7.2.0 to 8.0 fail with ldap error
hi,
FOSS with self-signed certificate
how do i check the validation of certificat?
another error log: slapadd[1598] general protection ip:4eeba8 sp:7fbe6575d8d0 error:0 in slapd[400000+14e000]
cat /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b7f493ee
dn: olcDatabase={2}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcSuffix:
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm
ins,cn=zimbra" write
olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
write
olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi
mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z
imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi
ns,cn=zimbra" write by * none
olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write
by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam
avis,cn=appaccts,cn=zimbra" read by * read
olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr
ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn
.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zi
mbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di
splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal
Code,sn,st,street,streetAddress,telephoneNumber,title,uid,homePhone,pager,mob
ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base="
uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read
olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa
nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z
imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar
dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z
imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv
eryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpo
stfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmamavis,cn=appaccts,cn=zi
mbra" read by * read
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by *
read
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSizeLimit: unlimited
olcTimeLimit: unlimited
olcMonitoring: TRUE
olcDbDirectory: /opt/zimbra/data/ldap/mdb/db
olcDbNoSync: TRUE
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq
olcDbIndex: zimbraForeignPrincipal eq
olcDbIndex: zimbraYahooId eq
olcDbIndex: zimbraId eq
olcDbIndex: zimbraVirtualHostname eq
olcDbIndex: zimbraVirtualIPAddress eq
olcDbIndex: zimbraMailDeliveryAddress eq,sub
olcDbIndex: zimbraAuthKerberos5Realm eq
olcDbIndex: zimbraMailForwardingAddress eq
olcDbIndex: zimbraMailCatchAllAddress eq,sub
olcDbIndex: zimbraShareInfo sub
olcDbIndex: zimbraMailTransport eq
olcDbIndex: zimbraMailAlias eq,sub
olcDbIndex: zimbraACE sub
olcDbIndex: zimbraDomainName eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: zimbraCalResSite eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: displayName pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: zimbraCalResRoom eq,sub
olcDbIndex: zimbraCalResCapacity eq
olcDbIndex: zimbraCalResBuilding eq,sub
olcDbIndex: zimbraCalResFloor eq,sub
olcDbIndex: zimbraMailHost eq
olcDbMode: 0600
olcDbMaxsize: 85899345920
olcDbSearchStack: 16
structuralObjectClass: olcMdbConfig
entryUUID: 152ab0a8-333e-102d-8700-d562901af228
creatorsName: cn=config
createTimestamp: 20081020215916Z
olcDbCheckpoint: 64 5
entryCSN: 20120508131730.926865Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120508131730Z
FOSS with self-signed certificate
how do i check the validation of certificat?
another error log: slapadd[1598] general protection ip:4eeba8 sp:7fbe6575d8d0 error:0 in slapd[400000+14e000]
cat /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b7f493ee
dn: olcDatabase={2}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcSuffix:
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm
ins,cn=zimbra" write
olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
write
olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi
mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z
imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi
ns,cn=zimbra" write by * none
olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write
by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam
avis,cn=appaccts,cn=zimbra" read by * read
olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr
ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn
.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zi
mbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di
splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal
Code,sn,st,street,streetAddress,telephoneNumber,title,uid,homePhone,pager,mob
ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base="
uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read
olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa
nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z
imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar
dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z
imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv
eryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpo
stfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmamavis,cn=appaccts,cn=zi
mbra" read by * read
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by *
read
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSizeLimit: unlimited
olcTimeLimit: unlimited
olcMonitoring: TRUE
olcDbDirectory: /opt/zimbra/data/ldap/mdb/db
olcDbNoSync: TRUE
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq
olcDbIndex: zimbraForeignPrincipal eq
olcDbIndex: zimbraYahooId eq
olcDbIndex: zimbraId eq
olcDbIndex: zimbraVirtualHostname eq
olcDbIndex: zimbraVirtualIPAddress eq
olcDbIndex: zimbraMailDeliveryAddress eq,sub
olcDbIndex: zimbraAuthKerberos5Realm eq
olcDbIndex: zimbraMailForwardingAddress eq
olcDbIndex: zimbraMailCatchAllAddress eq,sub
olcDbIndex: zimbraShareInfo sub
olcDbIndex: zimbraMailTransport eq
olcDbIndex: zimbraMailAlias eq,sub
olcDbIndex: zimbraACE sub
olcDbIndex: zimbraDomainName eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: zimbraCalResSite eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: displayName pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: zimbraCalResRoom eq,sub
olcDbIndex: zimbraCalResCapacity eq
olcDbIndex: zimbraCalResBuilding eq,sub
olcDbIndex: zimbraCalResFloor eq,sub
olcDbIndex: zimbraMailHost eq
olcDbMode: 0600
olcDbMaxsize: 85899345920
olcDbSearchStack: 16
structuralObjectClass: olcMdbConfig
entryUUID: 152ab0a8-333e-102d-8700-d562901af228
creatorsName: cn=config
createTimestamp: 20081020215916Z
olcDbCheckpoint: 64 5
entryCSN: 20120508131730.926865Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120508131730Z
Upgrade from 7.2.0 to 8.0 fail with ldap error
Ahm did the file bevore the upgrade exist or is it after the upgrade?
i think its made during the process
about the cert use this
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
i think its made during the process
about the cert use this
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
-
- Posts: 2
- Joined: Sat Sep 13, 2014 2:54 am
Upgrade from 7.2.0 to 8.0 fail with ldap error
Hi,
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :
[QUOTE]Setting local config ssl_allow_untrusted_certs to true[/QUOTE]
So, this might not be certificate related.
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :
[QUOTE]Setting local config ssl_allow_untrusted_certs to true[/QUOTE]
So, this might not be certificate related.
Upgrade from 7.2.0 to 8.0 fail with ldap error
[quote user="gilles.guillotin"]Hi,
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :
So, this might not be certificate related.[/QUOTE]
thanks for the intel, i suspected something like that.
wll that line concern me, i got the same but have commercial certs installed, so like my initial posts says im curious now about that
also i read somewhere you need commercial certs and thers a bug with untrusted, i think somwhere at the releasenotes
can be wrong but i really think i picked that one up somewhere
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :
So, this might not be certificate related.[/QUOTE]
thanks for the intel, i suspected something like that.
wll that line concern me, i got the same but have commercial certs installed, so like my initial posts says im curious now about that
also i read somewhere you need commercial certs and thers a bug with untrusted, i think somwhere at the releasenotes
can be wrong but i really think i picked that one up somewhere
Upgrade from 7.2.0 to 8.0 fail with ldap error
in the release note they talk about certs:
...
Verify Certificates Expiration Date
ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
communication between some components. The self-signed certificates that
are automatically created by the ZCS install have a default expiration in ZCS
7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
days (5 years).
If you have an ZCS installation that is over one year old and are using self-
signed certificates, your certificates will need to be updated either prior to the
upgrade or immediately following the upgrade.
...
Verify Certificates Expiration Date
ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
communication between some components. The self-signed certificates that
are automatically created by the ZCS install have a default expiration in ZCS
7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
days (5 years).
If you have an ZCS installation that is over one year old and are using self-
signed certificates, your certificates will need to be updated either prior to the
upgrade or immediately following the upgrade.
Upgrade from 7.2.0 to 8.0 fail with ldap error
[quote user="apsantos"]in the release note they talk about certs:
...
Verify Certificates Expiration Date
ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
communication between some components. The self-signed certificates that
are automatically created by the ZCS install have a default expiration in ZCS
7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
days (5 years).
If you have an ZCS installation that is over one year old and are using self-
signed certificates, your certificates will need to be updated either prior to the
upgrade or immediately following the upgrade.[/QUOTE]
ok i looked it up theres aslo another issue but only for multinode. under known issue you will find that a roling upgrade on a multinodeconfig is only with a commercial cert possible
so does not affect single server installs
...
Verify Certificates Expiration Date
ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
communication between some components. The self-signed certificates that
are automatically created by the ZCS install have a default expiration in ZCS
7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
days (5 years).
If you have an ZCS installation that is over one year old and are using self-
signed certificates, your certificates will need to be updated either prior to the
upgrade or immediately following the upgrade.[/QUOTE]
ok i looked it up theres aslo another issue but only for multinode. under known issue you will find that a roling upgrade on a multinodeconfig is only with a commercial cert possible
so does not affect single server installs
-
- Posts: 4
- Joined: Sat Sep 13, 2014 2:55 am
Upgrade from 7.2.0 to 8.0 fail with ldap error
I had the same problem and it is not certificate related.
The problem was that i have changed ldap settings:
ldap_common_threads,ldap_common_toolthreads,ldap_db_cachesizeldap_db_idlcachesize,ldap_cache_domain_maxsize
by following OpenLDAP Performance Tuning instructions (OpenLDAP Performance Tuning - Zimbra :: Wiki).
I had set the ldap settings to default again:
su - zimbra
zmlocalconfig -e ldap_common_threads=8
zmlocalconfig -e ldap_common_toolthreads=1
zmlocalconfig -e ldap_db_cachesize=10000
zmlocalconfig -e ldap_db_idlcachesize=10000
zmlocalconfig -e ldap_cache_domain_maxsize=100
zmcontrol restart
and upgrade to 8.0 finished successfully.
For multinode installation do this on ldap master and replicas to.
The problem was that i have changed ldap settings:
ldap_common_threads,ldap_common_toolthreads,ldap_db_cachesizeldap_db_idlcachesize,ldap_cache_domain_maxsize
by following OpenLDAP Performance Tuning instructions (OpenLDAP Performance Tuning - Zimbra :: Wiki).
I had set the ldap settings to default again:
su - zimbra
zmlocalconfig -e ldap_common_threads=8
zmlocalconfig -e ldap_common_toolthreads=1
zmlocalconfig -e ldap_db_cachesize=10000
zmlocalconfig -e ldap_db_idlcachesize=10000
zmlocalconfig -e ldap_cache_domain_maxsize=100
zmcontrol restart
and upgrade to 8.0 finished successfully.
For multinode installation do this on ldap master and replicas to.