ZCS Multi_Server Installation Guide, Open Source 4.5

LDAP Replication Installation

Installing Zimbra Master LDAP Server

Installing a Replica LDAP Server

Setting Up Zimbra LDAP Servers for Replication

Configuring Zimbra Servers to use LDAP Replica

Setting up LDAP replication lets you distribute Zimbra server queries to specific replica LDAP servers. Only one master LDAP server can be set up. This server is authoritative for user information, server configuration, etc. Replica LDAP servers can be defined to improve performance and to reduce the load on the master server. All updates are made to the master server and these updates are copied to the replica servers.

The Zimbra install program is used to configure a master LDAP server and additional read-only replica LDAP servers. The master LDAP server is installed and configured first, following the normal ZCS installation options. The LDAP replica server installation is modified to point the replica server to the LDAP master host and to set the replica LDAP status to Disabled.

After the master LDAP server and the replica LDAP servers are correctly installed and configured, the following additional configuration is required.

•	SSH keys are set up on each LDAP server

•	Trusted authentication between the master LDAP and the LDAP replica servers is set up

•	The content of the master LDAP directory is copied to the replica LDAP server. Replica LDAP servers are read-only.

•	Zimbra servers are configured to query the replica LDAP server instead of the master LDAP server.

Installing Zimbra Master LDAP Server

You must install the master LDAP server before you can install replica LDAP servers.

1.	Follow steps 1 through 4 in the Multiple-Server installation chapter, Starting the Installation Process section to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra software.

2.	The Zimbra packages to installed should be marked Y. Those packages that should not be installed mark N.

Note: These directions and screen shots are for installing the zimbra-LDAP package.

 

Select the packages to install Install zimbra-ldap [Y] Install zimbra-mta [Y]N Install zimbra-snmp [Y]N Install zimbra-store [Y]N Install zimbra-logger [Y]N Install zimbra-spell [Y]N   Installing: zimbra-core zimbra-ldap   This system will be modified. Continue [N} Y Configuration section

3.	Type y, and press Enter to modify the system. The selected packages are installed on the server.

The Main menu shows the default entries for the LDAP server. To expand the menu to see the configuration values type x and press Enter. The main menu expands to display configuration details for the LDAP server.

 

Main menu   1) Hostname: ldap.example.com 2) Ldap Master host:                   ldap.example.com 3) Ldap port: 389 4) Ldap password: set 5) zimbra-ldap: Enabled +Create Domain: yes +Domain to create: ldap.example.com    r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit   Address unconfigured (**) items (? - help)

4.	Type 4 to display the automatically generated LDAP password. You can change this password.

Note: Remember the LDAP password, the LDAP master host name, and the LDAP port. You must configure this information when you install the LDAP replica servers.

5.	Type 5 to change the zimbra-ldap settings.

•	Type 3 to change the default domain name to the email domain name.

 

Ldap configuration   1) Status: Enabled 2) Create Domain: yes 3) Domain to create: ldap.example.com Select, or 'r' for previous menu [r] 3   Create Domain: [ldap.example.com] example.com

6.	When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.

 

Select, or press 'a' to apply config (? - help) a Save configuration data? [Yes] Save config in file: [/opt/zimbra/config.2843] Saving config in /opt/zimbra/config.2843...Done The system will be modified - continue? [No] y Operations logged to /tmp/zmsetup.log.2843 Setting local config zimbra_server_hostname to [ldap.example.com] . Operations logged to /tmp/zmsetup.log.2843   Installation complete - press return to exit

7.	When Save Configuration data to a file appears, press Enter.

8.	When The system will be modified - continue? appears, type y and press Enter.

The server is modified. Installing all the components and configuring the server can take a few minutes.

9.	When Installation complete - press return to exit displays, press Enter.

The installation of the master LDAP server is complete.

Installing a Replica LDAP Server

The master LDAP server must be running when you install the replica server. You run the ZCS install program on the replica server to install the LDAP package, but you make the following configuration changes.

•	In the Zimbra LDAP menu, you must change the LDAP configuration status to Disabled.

Important: If you do not disable the ldap replica servers, a new directory server is created and you will have separate mail systems.

•	On the Main menu, you change the LDAP master host name, port and LDAP password to be the same as on the Master LDAP server.

Follow steps 1 through 4 in Starting the Installation Process section to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra software.

1.	The zimbra-ldap package should be marked y.

 

Select the packages to install Install zimbra-ldap [Y] Install zimbra-mta [Y]N Install zimbra-snmp [Y]N Install zimbra-store [Y]N Install zimbra-logger [Y]N Install zimbra-spell [Y]N   Installing: zimbra-core zimbra-ldap   This system will be modified. Continue [N} Y Configuration section

2.	Type y, and press Enter to modify the system. The selected packages are installed.

The Main menu shows the default entries for the LDAP replica server. To expand the menu type x and press Enter.

 

Main menu   1) Hostname: ldapRep.example.com 2) Ldap Master host:                   ldapRep.example.com 3) Ldap port: 389 4) Ldap password: set 5) zimbra-ldap: Enabled +Create Domain: yes +Domain to create: ldapRep.example.com    r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit   Address unconfigured (**) items (? - help)

 

3.	Type 5 to disable the zimbra-ldap settings.

•	Type 1 to change the Status to Disabled. Important, if you do not disable the replica LDAP servers, a new directory server is created and you will have separate mail systems.

 

Ldap configuration   1) Status: Disabled   Select, or 'r' for previous menu [r]

4.	Type 2 and change the Ldap Master host name to the Master LDAP host name.

5.	Type 3, and change the port to the same port as configured for the Master LDAP server.

6.	Type 4 and change the password to the Master LDAP server password.

7.	When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.

 

Select, or press 'a' to apply config (? - help) a Save configuration data? [Yes] Save config in file: [/opt/zimbra/config.2843] Saving config in /opt/zimbra/config.2843...Done The system will be modified - continue? [No] y Operations logged to /tmp/zmsetup.log.2843 Setting local config zimbra_server_hostname to [ldap.example.com] . Operations logged to /tmp/zmsetup.log.2843   Installation complete - press return to exit

8.	When Save Configuration data to a file appears, press Enter.

9.	When The system will be modified - continue? appears, type y and press Enter.

The server is modified. Installing all the components and configuring the server can take a few minutes.

10.	When Installation complete - press return to exit displays, press Enter.

The installation on the replica LDAP server is complete.

Setting Up Zimbra LDAP Servers for Replication

After the master and replica LDAP servers are installed, before LDAP replication will work you must complete the following steps.

•	Populate the ssh keys

•	Set up replication

•	Test the replica

CLI commands are run as Zimbra user.

To set up the LDAP servers

1.	On the master LDAP server type:

•	zmupdateauthkeys and press Enter. The key is updated on /opt/zimbra/.ssh/authorized_keys.

•	zmldapenablereplica and press Enter. This enables replication on the Master.

2.	On the LDAP replica server type:

•	zmupdateauthkeys and press Enter

•	zmldapenablereplica and press Enter. This sets up the replication account in the directory and makes a copy of the master content to the replica LDAP server.

Note: If zmupdateauthkeys does not fetch the keys correctly, run zmsshkeygen on both servers and rerun zmupdateauthkeys.

To test the replica

1.	Create several user accounts, either from the admin console or on the master LDAP server. The CLI command is zmprov ca <name@domain.com> <password>

2.	To see if the accounts were correctly copied to the replica LDAP server, on the replica LDAP server, type zmprov gaa. The accounts created on the master LDAP server should display on the replica LDAP server.

Configuring Zimbra Servers to use LDAP Replica

To use the replica LDAP server instead of the master LDAP server, you must update the ldap_url value on the Zimbra servers that will query the replica instead of the master. For each server that you want to change:

1.	Stop the Zimbra services on the server, zmcontrol stop.

2.	Update the ldap_url value. Enter the replica LDAP server URL

zmlocalconfig -e ldap_url=”ldap://<replicahost> ldap://<masterhost>”

Enter more than one replica hostnames in the list typed as ”ldap://<replicahost1> ldap://<replicahost2> ldap://<masterhost>”. The hosts are tried in the order listed. The master URL must always be included and is listed last.

3.	Restart the Zimbra server, zmcontrol start.

ZCS Multi_Server Installation Guide, Open Source 4.5