Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master
-
Running Zimbra 8.8 here and ran into this error on starting services: "Unable to start TLS: hostname verification failed when connecting to ldap master." This can be pretty frustrating, especially as pretty much nothing online tells you what might be wrong. In my case, I found that the issue came from the system now expecting a TLS based LDAPS connection, but being configured for a standard LDAP connection.
As the zimbra user, we can configure this like so, for a single server configuration....
su - zimbra zmlocalconfig -e ldap_master_url=ldaps://zimbrahostname:636 zmlocalconfig -e ldap_url=ldaps://zimbrahostname:636 zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_port=636 zmcontrol stop zmcontrol startFirst tested in Zimbra 8.8.5
-
@scottalanmiller said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
en connecting to ldap master." This can be pretty frustrating, especially as pretty much nothing online tells you what might b
So this just happened during an upgrade? Do I assume that it was in the manual that you needed to do this, and it was overlooked? or that the devs didn't bother to tell you, confirm that config during upgrade, etc?
-
@dashrender said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
@scottalanmiller said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
en connecting to ldap master." This can be pretty frustrating, especially as pretty much nothing online tells you what might b
So this just happened during an upgrade?
no
-
@dashrender said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
Do I assume that it was in the manual that you needed to do this, and it was overlooked? or that the devs didn't bother to tell you, confirm that config during upgrade, etc?
I don't know the source of the change. It happened during a cert renewal.
-
This is with your LDAP SSL not with the Host SSL Certificate correct?
-
@dbeato said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
This is with your LDAP SSL not with the Host SSL Certificate correct?
In theory they should be the same.
-
Thank you so much scottalanmiller, saved me tonight after Letsencrypt certificate installation result in TLS error...
-
@condealisson said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
Thank you so much scottalanmiller, saved me tonight after Letsencrypt certificate installation result in TLS error...
Glad that it helped you!
-
@scottalanmiller Thanks... That did the trick.
-
I am still trying to understand this issue, but it is probably due to having multiple Zimbra servers in a pool. Usually in one Zimbra Server setup that usually doesn't happen.
-
@dbeato said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
I am still trying to understand this issue, but it is probably due to having multiple Zimbra servers in a pool. Usually in one Zimbra Server setup that usually doesn't happen.
No, we don't use a pool here.
-
Had this error after installing a new commercial certificate. The error seems valid as my server hostname and certificate name do not match, but it is my understanding this name mismatch is allowed and should still work.
To resolve this I just ran these two commands as Zimbra user.
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0I am slightly concerned as to the security implications of disabling these settings. I am still on ldap not ldaps and this is on CentOS 7.
