ZCS Multi-Server Installation Guide, Network Edition 4.0

LDAP Replication Installation

Installing Zimbra LDAP Master Server

Installing a LDAP Replica Server

Setting Up Zimbra LDAP Servers for Replication

Configuring Zimbra Servers to use LDAP Replica

LDAP replication lets you distribute Zimbra server queries to specific LDAP replica servers. The Zimbra install program is used to configure a master LDAP server and additional read-only replica servers. The master LDAP server is installed following the normal ZCS installation options. The LDAP replica server installation is modified to point the replica server to the LDAP master host and to set the replica LDAP status to Disabled.

After the LDAP servers are correctly installed and configured, the following additional configuration is required.

•	SSH keys are set up on each LDAP server

•	Trusted authentication between the master LDAP and the LDAP replica servers is set up

•	The content of the master LDAP directory is copied to the LDAP replica server. LDAP replica servers are read-only.

•	Zimbra servers are configured to query the LDAP replica server instead of the master LDAP server.

Note: To install a LDAP replica on a previously existing Zimbra server, you run the install program again and perform an upgrade to the server to add the Zimbra LDAP package.

Installing Zimbra LDAP Master Server

You must install the Zimbra Master LDAP server before you can install LDAP replica servers.

1.	Follow steps 1 through 4 in the Multiple-Server installation chapter, Starting the Installation Process section to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra software.

2.	The Zimbra packages to installed should be marked Y. Those packages that should not be installed mark N.

Note: These directions and screen shots are for installing the zimbra-LDAP package.

 

Select the packages to install Install zimbra-ldap [Y] Install zimbra-mta [Y]N Install zimbra-snmp [Y]N Install zimbra-store [Y]N Install zimbra-logger [Y]N Install zimbra-spell [Y]N   Installing: zimbra-core zimbra-ldap   This system will be modified. Continue [N} Y Configuration section

3.	Type y, and press Enter to modify the system. The selected packages are installed on the server.

The Main menu shows the default entries for the LDAP server. To expand the menu to see the configuration values type x and press Enter. The main menu expands to display configuration details for the LDAP server.

 

Main menu   1) Hostname: ldap.example.com 2) Ldap Master host:                   ldap.example.com 3) Ldap port: 389 4) Ldap password: set 5) zimbra-ldap: Enabled +Create Domain: yes +Domain to create: ldap.example.com    r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit   Address unconfigured (**) items (? - help)

4.	Type 4 to display the automatically generated LDAP password. You can change this password.

Note: Remember the LDAP password, the LDAP master host name, and the LDAP port. You must configure this information when you install the LDAP replica servers.

5.	Type 5 to change the zimbra-ldap settings.

•	Type 3 to change the default domain name to the email domain name.

 

Ldap configuration   1) Status: Enabled 2) Create Domain: yes 3) Domain to create: ldap.example.com Select, or 'r' for previous menu [r] 3   Create Domain: [ldap.example.com] example.com

6.	When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.

 

Select, or press 'a' to apply config (? - help) a Save configuration data? [Yes] Save config in file: [/opt/zimbra/config.2843] Saving config in /opt/zimbra/config.2843...Done The system will be modified - continue? [No] y Operations logged to /tmp/zmsetup.log.2843 Setting local config zimbra_server_hostname to [ldap.example.com] . Operations logged to /tmp/zmsetup.log.2843   Installation complete - press return to exit

7.	When Save Configuration data to a file appears, press Enter.

8.	When The system will be modified - continue? appears, type y and press Enter.

The server is modified. Installing all the components and configuring the server can take a few minutes.

9.	When Installation complete - press return to exit displays, press Enter.

The installation of the master LDAP server is complete.

Installing a LDAP Replica Server

You run the ZCS install program on the replica server to install the LDAP package, but you make the following configuration changes.

•	In the Zimbra LDAP menu, you must change the Status to Disabled.

Important: If you do not disable the ldap replica servers, a new directory server is created and you will have separate mail systems.

•	On the Main menu, change LDAP master host name, port and LDAP password to be the same information as on the Master LDAP server.

Follow steps 1 through 4 in Starting the Installation Process section to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra software.

1.	The zimbra-ldap package should be marked y.

 

Select the packages to install Install zimbra-ldap [Y] Install zimbra-mta [Y]N Install zimbra-snmp [Y]N Install zimbra-store [Y]N Install zimbra-logger [Y]N Install zimbra-spell [Y]N   Installing: zimbra-core zimbra-ldap   This system will be modified. Continue [N} Y Configuration section

2.	Type y, and press Enter to modify the system. The selected packages are installed.

The Main menu shows the default entries for the LDAP replica server. To expand the menu type x and press Enter.

 

Main menu   1) Hostname: ldapRep.example.com 2) Ldap Master host:                   ldapRep.example.com 3) Ldap port: 389 4) Ldap password: set 5) zimbra-ldap: Enabled +Create Domain: yes +Domain to create: ldapRep.example.com    r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit   Address unconfigured (**) items (? - help)

 

3.	Type 5 to disable the zimbra-ldap settings.

•	Type 1 to change the Status to Disabled. Important, if you do not disable the ldap replica servers, a new directory server is created and you will have separate mail systems.

 

Ldap configuration   1) Status: Disabled   Select, or 'r' for previous menu [r]

4.	Type 2 and change the LDAP Master host name to the Master LDAP host name that you configured earlier.

5.	Type 3, and change the port to the same port as configured for the Master LDAP server.

6.	Type 4 and change the password to the Master LDAP server password.

7.	When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.

 

Select, or press 'a' to apply config (? - help) a Save configuration data? [Yes] Save config in file: [/opt/zimbra/config.2843] Saving config in /opt/zimbra/config.2843...Done The system will be modified - continue? [No] y Operations logged to /tmp/zmsetup.log.2843 Setting local config zimbra_server_hostname to [ldap.example.com] . Operations logged to /tmp/zmsetup.log.2843   Installation complete - press return to exit

8.	When Save Configuration data to a file appears, press Enter.

9.	When The system will be modified - continue? appears, type y and press Enter.

The server is modified. Installing all the components and configuring the server can take a few minutes.

10.	When Installation complete - press return to exit displays, press Enter.

The installation is complete.

Setting Up Zimbra LDAP Servers for Replication

After the master and replica LDAP servers are installed, before LDAP replication will work you must complete the following steps.

•	Populate the ssh keys

•	Set up replication

•	Test the replica

CLI commands are run as Zimbra user.

To set up the LDAP servers

1.	On the master LDAP server,

•	Type zmupdateauthkeys and press Enter.

•	Type zmldapenablereplica, and press Enter

The key is updated on /opt/zimbra/.ssh/authorized_keys.

2.	On the LDAP replica server,

•	Type zmupdateauthkeys and press Enter

•	Type zmldapenablereplica and press Enter

This sets up the replication account in the directory and makes a copy of the master content to the replica LDAP server.

Note: If zmupdateauthkeys does not fetch the keys correctly, run zmsshkeygen on both servers and rerun zmupdateauthkeys.

To test the replica

1.	Create several user accounts, either from the admin console or on the master LDAP server. The CLI command is zmprov ca <name@domain.com> <password>

2.	To see if the accounts were correctly copied to the LDAP replica server, on the replica LDAP server, type zmprov gaa. The accounts created on the master LDAP should display on the LDAP replica.

Configuring Zimbra Servers to use LDAP Replica

To use the LDAP replica server instead of the master LDAP server, you must add the LDAP replica URL on each Zimbra server

1.	Stop the Zimbra services on the server, zmcontrol stop.

2.	Enter the LDAP replica server URL”

zmlocalconfig -e ldap_url=”ldap://<replicahost>ldap://<masterhost>”

Enter more than one replica hostnames in the list typed as ”ldap://<replicahost1>”ldap://<replicahost2>ldap://<masterhost>”. The hosts are tried in the order listed.

3.	Restart the Zimbra server, zmcontrol start.

ZCS Multi-Server Installation Guide, Network Edition 4.0