Upgrade Script Check - Validating LDAP configuration
Upgrade Script Check - Validating LDAP configuration
Upgrade Script Check - Validating LDAP configuration
In Zimbra Collaboration 8.6 and above, Zimbra implemented a new Upgrade script to check some important functionalities in our system, one of them is check that the password in the LDAP and in the Zimbra system match, if not we will see an error.
The upgrade process will start:
root@mail:/home/user/zcs-NETWORK-8.6.0_GA_1153.UBUNTU14_64.20141215151218# ./install.sh Operations logged to /tmp/install.log.32857 Checking for existing installation... zimbra-ldap...FOUND zimbra-ldap-8.5.0.GA.3042.UBUNTU14.64 zimbra-logger...FOUND zimbra-logger-8.5.0.GA.3042.UBUNTU14.64 zimbra-mta...FOUND zimbra-mta-8.5.0.GA.3042.UBUNTU14.64 zimbra-dnscache...NOT FOUND zimbra-snmp...FOUND zimbra-snmp-8.5.0.GA.3042.UBUNTU14.64 zimbra-store...FOUND zimbra-store-8.5.0.GA.3042.UBUNTU14.64 zimbra-apache...FOUND zimbra-apache-8.5.0.GA.3042.UBUNTU14.64 zimbra-spell...FOUND zimbra-spell-8.5.0.GA.3042.UBUNTU14.64 zimbra-convertd...FOUND zimbra-convertd-8.5.0.GA.3042.UBUNTU14.64 zimbra-memcached...FOUND zimbra-memcached-8.5.0.GA.3042.UBUNTU14.64 zimbra-proxy...FOUND zimbra-proxy-8.5.0.GA.3042.UBUNTU14.64 zimbra-archiving...FOUND zimbra-archiving-8.5.0.GA.3042.UBUNTU14.64 zimbra-core...FOUND zimbra-core-8.5.0.GA.3042.UBUNTU14.64 ZCS upgrade from 8.5.0 to 8.6.0 will be performed.
And then the upgrade script with the checks will fail in the LDAP test:
Validating existing license is not expired and qualifies for upgrade License is valid and supports this upgrade. Continuing. Validating ldap configuration Error: Unable to bind to the LDAP server as the root LDAP user. This is required to upgrade.
* This error is not related to Zimbra, in some point of the time, the password was changed in a wrong way to do it.
Workaround
Note: Please before do this step, or the upgrade step, be sure that you have a strong backup, is always better have:
- a) Zimbra Backup
- b) A snapshot in case that you have Virtual Environment
- c) A Backup in other Storage of your VM, not just the snapshot.
If we have one of the previous points, or all, please continue with this steps.
Like Zimbra user, please stop all your Zimbra services:
zmcontrol stop
Like Zimbra user, please run the next command to check the actual password that is stored in Zimbra:
zimbra@zimbra-sn-u14-10:~$ zmlocalconfig -s ldap_root_password ldap_root_password = Y0uRP4S5w0Rd
Now generate a new secret hash with the password that you have in Zimbra:
/opt/zimbra/openldap/sbin/slappasswd -s Y0uRP4S5w0Rd {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
Note: From the starting of ZCS v8.7.x, path of "slappasswd" has been changed from "/opt/zimbra/openldap/sbin/slappasswd" to "/opt/zimbra/common/sbin/slappasswd".
Please update the command accordingly if you are doing this step for a system >= ZCS v8.7.x
Keep in mind the line, we will need it soon.
Move to the next directory:
cd /opt/zimbra/data/ldap/config/cn=config
Edit the next file (important, we need to have the LDAP service stopped)
vi olcDatabase={0}config.ldif
You will see a line like this, please note that the line have double symbol "::"
olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1
Then change it for the next line, please pay attention that now need to have only 1 ":" symbol
olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
You did the trick, now just run Zimbra again:
zmcontrol start
Try to run again the Upgrade process.
Identified Support/Known Issues