A strange problem occurred this morning. after a reform of an old DC pair with some new WindowsServer 2022,
every auth and DNS was fine, but after a reboot of the zimbra 9.0.0 OSE ldap service do not start at zimbra startup.
the error was : Operation not permitted
Feb 27 23:46:19 server slapd[37682]: @(#) $OpenLDAP: slapd 2.4.59 (Jun 21 2023 12:39:02) $#012#011build@c787:/home/build/git/88/packages/thirdparty/openldap/build/RHEL7_64/zimbra-openldap/rpm/BUILD/openldap-2.4.59/servers/slapd
Feb 27 23:46:19 server slapd[37682]: daemon: bind(7) failed errno=13 (Permission denied)
Feb 27 23:46:19 server slapd[37682]: slapd stopped.
Feb 27 23:46:19 server slapd[37682]: connections_destroy: nothing to destroy.
I have run all possible zmfixperms -extended but zimbra user stil can't launch ldap nor slapd
[zimbra@server ~]$ /opt/zimbra/libexec/zmslapd -l LOCAL0 -h 'ldap://server.domain.net:389 ldapi:///' -F /opt/zimbra/data/ldap/config -d 1
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /opt/zimbra/common/etc/openldap/ldap.conf
ldap_init: using /opt/zimbra/common/etc/openldap/ldap.conf
ldap_init: HOME env is /opt/zimbra
ldap_init: trying /opt/zimbra/ldaprc
ldap_init: trying /opt/zimbra/.ldaprc
ldap_init: using /opt/zimbra/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
65df0734 @(#) $OpenLDAP: slapd 2.4.59 (Jun 21 2023 12:39:02) $
build@c787:/home/build/git/88/packages/thirdparty/openldap/build/RHEL7_64/zimbra-openldap/rpm/BUILD/openldap-2.4.59/servers/slapd
65df0734 daemon_init: listen on ldap://server.domain.net:389
65df0734 daemon_init: listen on ldapi:///
65df0734 daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://server.domain.net:389)
65df0734 daemon: bind(7) failed errno=13 (Permission denied)
65df0734 slap_open_listener: failed on ldap://server.domain.net:389
65df0734 slapd stopped.
65df0734 connections_destroy: nothing to destroy.
what is strange is that root user can launch ldap with not problem.
this is on a centos7 server. may port 389 been restricted to root only recently ??
it runs cleanly and all other services start correctly once ldap is launched by root.
I can't explain the situation and I'm looking for a way to fix.
digged the DNS but found nothing relevant
pls provide direction or recommendations.
every auth and DNS was fine, but after a reboot of the zimbra 9.0.0 OSE ldap service do not start at zimbra startup.
the error was : Operation not permitted
Feb 27 23:46:19 server slapd[37682]: @(#) $OpenLDAP: slapd 2.4.59 (Jun 21 2023 12:39:02) $#012#011build@c787:/home/build/git/88/packages/thirdparty/openldap/build/RHEL7_64/zimbra-openldap/rpm/BUILD/openldap-2.4.59/servers/slapd
Feb 27 23:46:19 server slapd[37682]: daemon: bind(7) failed errno=13 (Permission denied)
Feb 27 23:46:19 server slapd[37682]: slapd stopped.
Feb 27 23:46:19 server slapd[37682]: connections_destroy: nothing to destroy.
I have run all possible zmfixperms -extended but zimbra user stil can't launch ldap nor slapd
[zimbra@server ~]$ /opt/zimbra/libexec/zmslapd -l LOCAL0 -h 'ldap://server.domain.net:389 ldapi:///' -F /opt/zimbra/data/ldap/config -d 1
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /opt/zimbra/common/etc/openldap/ldap.conf
ldap_init: using /opt/zimbra/common/etc/openldap/ldap.conf
ldap_init: HOME env is /opt/zimbra
ldap_init: trying /opt/zimbra/ldaprc
ldap_init: trying /opt/zimbra/.ldaprc
ldap_init: using /opt/zimbra/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
65df0734 @(#) $OpenLDAP: slapd 2.4.59 (Jun 21 2023 12:39:02) $
build@c787:/home/build/git/88/packages/thirdparty/openldap/build/RHEL7_64/zimbra-openldap/rpm/BUILD/openldap-2.4.59/servers/slapd
65df0734 daemon_init: listen on ldap://server.domain.net:389
65df0734 daemon_init: listen on ldapi:///
65df0734 daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://server.domain.net:389)
65df0734 daemon: bind(7) failed errno=13 (Permission denied)
65df0734 slap_open_listener: failed on ldap://server.domain.net:389
65df0734 slapd stopped.
65df0734 connections_destroy: nothing to destroy.
what is strange is that root user can launch ldap with not problem.
this is on a centos7 server. may port 389 been restricted to root only recently ??
it runs cleanly and all other services start correctly once ldap is launched by root.
I can't explain the situation and I'm looking for a way to fix.
digged the DNS but found nothing relevant
pls provide direction or recommendations.
Statistics: Posted by dominix — Wed Feb 28, 2024 2:14 pm