At last i was able to install a Rapid Freessl cert into Zimbra NE 5.0.8 Centos 5.2
Amazing!
I got only this serror:
httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd-2.2.8/modules/libphp5.so into server: /opt/zimbra/httpd-2.2.8/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
This error is a know bug, you can find it in bugzilla
[192.168.30.5 18:17:59 zimbra@zimbra ~/freessl ]$ sudo zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
You should use cli instead of gui.
with gui i got errors.
Friday, July 25, 2008
Saturday, July 19, 2008
The problem:
every time a client send out mails using mailman to more than 100 subscribed account, qmail stop to work.
Analisys.
Issue is due to inetd. I have debian etch and inetutils-inetd installed.
To avoid mailman issue, the fix is:
smtp stream tcp nowait.max
where max is a vaery large number
BUT:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451478
inetutils-inetd does not support nowait.max
you MUST use openbsd-inetd
do not use xinted as plesk do not provide /etc/xinetd.d/* files, you have to do them yourself
every time a client send out mails using mailman to more than 100 subscribed account, qmail stop to work.
Analisys.
Issue is due to inetd. I have debian etch and inetutils-inetd installed.
To avoid mailman issue, the fix is:
smtp stream tcp nowait.max
where max is a vaery large number
BUT:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451478
inetutils-inetd does not support nowait.max
you MUST use openbsd-inetd
do not use xinted as plesk do not provide /etc/xinetd.d/* files, you have to do them yourself
Wednesday, April 30, 2008
At last i was able to change password using windows CtrlAltCanc
chgpwd.php
define ('LDAP_SERVER', 'xxxx.xxxx.it');
define ('BASE_DN', 'dc=xxxx,dc=it');
define ('LDAP_OU', 'ou=People');
define ('LDAP_DN', 'uid');
define ('GROUP_DN', 'ou=Groups');
define ('AUTH_OK', 0);
define ('AUTH_KO', 1);
class ldapUtils{
var $lastError = array();
var $ldapConn;
var $daysLeft;
function admin_change_password($ldapUid,$ldapNewPass){
/* try to connect to the server */
$this->ldapConn = ldap_connect(LDAP_SERVER);
if (!$this->ldapConn){
$this->_ldapGetLastError();
return AUTH_KO;
}
$user_ldaprdn = LDAP_DN . '=' . $ldapUid . ',' . LDAP_OU . ',' . BASE_DN;
$admin_ldaprdn = 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot';
$admin_ldappass = 'xxxx'; // associated password
$ldapBind = ldap_bind($this->ldapConn,$admin_ldaprdn,$admin_ldappass);
if (!$ldapBind){
$this->_ldapGetLastError();
return AUTH_KO;
}
$hashpass = '';
$hashpass = shell_exec("/usr/sbin/slappasswd -s ". $ldapNewPass);
$len = strlen($hashpass) - 1;
$hashpass = substr($hashpass,0,$len);
$stringCrypt = '';
$stringCrypt = shell_exec("/usr/sbin/mkntpwd ". $ldapNewPass);
$sambaPassword = preg_split("/:/",$stringCrypt);
ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$entry['userpassword'] = $hashpass;
$entry['sambantPassword'] = $sambaPassword[1];
$entry['sambalmPassword'] = $sambaPassword[0];
$entry['sambaPwdLastSet'] = date("U");
$entry['sambaPwdMustChange'] = date("U") + 90 * 86400;
$result = ldap_mod_replace($this->ldapConn, $user_ldaprdn, $entry );
echo $result . "\n";
var_dump($entry);
if ($result){
return AUTH_OK;
} else{
$this->_ldapGetLastError();
return AUTH_KO;
}
}
}
openlog("chgpwd.php", LOG_PID, LOG_LOCAL0);
syslog(LOG_WARNING, 'change password ' );
if(isset($argv[1]) ){
echo "password:" ;
$stdin = fopen('php://stdin', 'r');
$newpass = '';
$newpass = fgets($stdin);
syslog(LOG_WARNING, 'change password: ' . $argv[1] . ' - ' . $newpass );
$ldap = new ldapUtils();
if( $ldap->admin_change_password($argv[1], $newpass) == AUTH_KO ){
syslog(LOG_WARNING, 'failed to change password'. $argv[1] . ' - ' . $newpass);
closelog();
return AUTH_KO;
}
syslog(LOG_WARNING, 'password changed');
echo "changed";
return AUTH_OK;
} else {
syslog(LOG_WARNING, 'mancano i parametri');
closelog();
return AUTH_KO;
}
?>
chgpwd.php
define ('LDAP_SERVER', 'xxxx.xxxx.it');
define ('BASE_DN', 'dc=xxxx,dc=it');
define ('LDAP_OU', 'ou=People');
define ('LDAP_DN', 'uid');
define ('GROUP_DN', 'ou=Groups');
define ('AUTH_OK', 0);
define ('AUTH_KO', 1);
class ldapUtils{
var $lastError = array();
var $ldapConn;
var $daysLeft;
function admin_change_password($ldapUid,$ldapNewPass){
/* try to connect to the server */
$this->ldapConn = ldap_connect(LDAP_SERVER);
if (!$this->ldapConn){
$this->_ldapGetLastError();
return AUTH_KO;
}
$user_ldaprdn = LDAP_DN . '=' . $ldapUid . ',' . LDAP_OU . ',' . BASE_DN;
$admin_ldaprdn = 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot';
$admin_ldappass = 'xxxx'; // associated password
$ldapBind = ldap_bind($this->ldapConn,$admin_ldaprdn,$admin_ldappass);
if (!$ldapBind){
$this->_ldapGetLastError();
return AUTH_KO;
}
$hashpass = '';
$hashpass = shell_exec("/usr/sbin/slappasswd -s ". $ldapNewPass);
$len = strlen($hashpass) - 1;
$hashpass = substr($hashpass,0,$len);
$stringCrypt = '';
$stringCrypt = shell_exec("/usr/sbin/mkntpwd ". $ldapNewPass);
$sambaPassword = preg_split("/:/",$stringCrypt);
ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$entry['userpassword'] = $hashpass;
$entry['sambantPassword'] = $sambaPassword[1];
$entry['sambalmPassword'] = $sambaPassword[0];
$entry['sambaPwdLastSet'] = date("U");
$entry['sambaPwdMustChange'] = date("U") + 90 * 86400;
$result = ldap_mod_replace($this->ldapConn, $user_ldaprdn, $entry );
echo $result . "\n";
var_dump($entry);
if ($result){
return AUTH_OK;
} else{
$this->_ldapGetLastError();
return AUTH_KO;
}
}
}
openlog("chgpwd.php", LOG_PID, LOG_LOCAL0);
syslog(LOG_WARNING, 'change password ' );
if(isset($argv[1]) ){
echo "password:" ;
$stdin = fopen('php://stdin', 'r');
$newpass = '';
$newpass = fgets($stdin);
syslog(LOG_WARNING, 'change password: ' . $argv[1] . ' - ' . $newpass );
$ldap = new ldapUtils();
if( $ldap->admin_change_password($argv[1], $newpass) == AUTH_KO ){
syslog(LOG_WARNING, 'failed to change password'. $argv[1] . ' - ' . $newpass);
closelog();
return AUTH_KO;
}
syslog(LOG_WARNING, 'password changed');
echo "changed";
return AUTH_OK;
} else {
syslog(LOG_WARNING, 'mancano i parametri');
closelog();
return AUTH_KO;
}
?>
Subscribe to:
Posts (Atom)