ZCS Open Source Multi Server Installation Guide 5.0 (Rev 5.0.19 September 2009)
Table of Contents Previous Next Index


Configuring LDAP Replication

Configuring LDAP Replication
Setting up LDAP replication lets you distribute Zimbra server queries to specific replica LDAP servers. Only one master LDAP server can be set up. This server is authoritative for user information, server configuration, etc. Replica LDAP servers can be defined to improve performance and to reduce the load on the master server. All updates are made to the master server and these updates are copied to the replica servers.
The Zimbra install program is used to configure a master LDAP server and additional read-only replica LDAP servers. The master LDAP server is installed and configured first, following the normal ZCS installation options. The LDAP replica server installation is modified to point the replica server to the LDAP master host.
When the master LDAP server and the replica LDAP servers are correctly installed, the following is automatically configured:
Installing Zimbra Master LDAP Server
You must install the master LDAP server before you can install replica LDAP servers. Refer to “Installing Zimbra LDAP Master Server” for master LDAP server installation instructions. After the installation of the master LDAP server has completed continue to the section titled 'Enabling Replication on the LDAP Master.
Enable Replication on the LDAP Master
On the master LDAP server, as a Zimbra user, type: /opt/zimbra/libexec/zmldapenablereplica and press Enter. This enables replication on the LDAP Master.
Installing a Replica LDAP Server
The master LDAP server must be running when you install the replica server. You run the ZCS install program on the replica server to install the LDAP package.
Follow steps 1 through 4 in “Starting the Installation Process” to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra software.
1.
Type Y and press Enter to install the zimbra-ldap package. In the screen shot below, the package to be installed is emphasized.
 
2.
Type Y, and press Enter to modify the system. The selected packages are installed.
The Main menu shows the default entries for the LDAP replica server. To expand the menu type X and press Enter.
 
3.
Type 1 to display the Common Configuration submenus. Type 2 to change the Ldap Master host name to the name of the Master LDAP host.
4.
Type 3, to change the port to the same port as configured for the Master LDAP server.
5.
Type 4 and change the password to the Master LDAP Admin user password. Type r to return to the main menu.
6.
Type 2 to display the LDAP configuration submenu.
Type 2 and change Create Domain: to No.
Type 4 for LDAP replication password, enter the same password to match the value on the Master LDAP Admin user password for this local config variable.
Note: All passwords must be set to match the master ldap admin user password.To determine this value on the master LDAP, run
zmlocalconfig -s ldap_replication_password
Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords. To find these values, run
zmlocalconfig -s ldap_amavis_password
zmlocalconfig -s ldap_postfix_password
 
   1) Status: Enabled
   7) Ldap Nginx password:  set
7.
When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.
 
8.
When Save Configuration data to a file appears, press Enter.
9.
When The system will be modified - continue? appears, type y and press Enter.
The server is modified. Installing all the components and configuring the server can take a few minutes.
10.
When Installation complete - press return to exit displays, press Enter.
The installation on the replica LDAP server is complete. The content of the master LDAP directory is copied to the replica LDAP server.
Test the replica
1.
Create several user accounts, either from the admin console or on the master LDAP server. The CLI command to create these accounts is
zmprov ca <name@domain.com> <password>
If you do not have a mailbox server setup, you can create domains instead. Use this CLI command to create a domain
zmprov cd <domain name>
2.
To see if the accounts were correctly copied to the replica LDAP server, on the replica LDAP server, type zmprov -l gaa. Type zmprov gad to check all domains.
The accounts/domains created on the master LDAP server should display on the replica LDAP server.
In cases where the mailbox server is not setup, you can also use the following command for account creation.
zmprov ca <name@domain> <password> zimbraMailTransport <where_to_deliver>
Note: In cases where the LDAP host does not have mailstore installed, type zmprov gaa may not display the accounts correctly. Instead, type zmprov -l gaa to see the accounts created on the master LDAP server.
Configuring Zimbra Servers to use LDAP Replica
To use the replica LDAP server instead of the master LDAP server, you must update the ldap_url value on the Zimbra servers that will query the replica instead of the master. For each server that you want to change:
1.
2.
zmlocalconfig -e ldap_url=ldap://<replicahost> ldap://<masterhost>
Enter more than one replica hostnames in the list typed as ldap://<replicahost1> ldap://<replicahost2> ldap://<masterhost>. The hosts are tried in the order listed. The master URL must always be included and is listed last.
Additional Steps for MTA hosts.
After updating the ldap_url, rerun /opt/zimbra/libexe/zmmtainit.
This rewrites the Postfix configuration with the updated ldap_url.
Uninstalling an LDAP replica server
If you do not want to use an LDAP replica server, follow these steps to disable it.
Note: Uninstalling an LDAP server is the same as disabling it on the master LDAP server.
Remove LDAP replica from all active servers
1.
On each member server, including the replica, verify the ldap_url value. Type zmlocalconfig [ldap_url]
2.
Remove the disabled LDAP replica server URL from zmlocalconfig. Do this by modifying the ldap_url to only include enabled ZCS LDAP servers. The master LDAP server should always be at the end of the ldap_url string value.
 
Disable LDAP on the Replica
To disable LDAP on the replica server,
1.
Enter zmcontrol stop to stop the Zimbra services on the server.
The status of the LDAP service changes to off. The (+) changes to (-) in front of zimbraServiceEnabled.
 
2.
Enter zmcontrol start to start other current Zimbra services on the server,
Additional steps for MTA host.
After updating the ldap_url with zmlocalconfig, rerun /opt/zimbra/libexec/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.
Disable LDAP Replication on the Master server
Follow these steps to disable and remove record of LDAP replication entirely across all nodes.
Edit /opt/zimbra/conf/slapd.conf by adding the following comments. Make sure you use the same number of hash marks (#) shown.
1.
Change include /opt/zimbra/conf/master-accesslog.conf
to ###include /opt/zimbra/conf/master-accesslog.conf
2.
overlay syncprov
syncprov-checkpoint 20 10
syncprov-sessionlog 500
include /opt/zimbra/conf/master-accesslog-overlay.conf
to
#overlay syncprov
#syncprov-checkpoint 20 10
#syncprov-sessionlog 500
###include /opt/zimbra/conf/master-accesslog-overlay.conf
3.
4.
To remove the accesslog database that was created on the master for replication, as root, enter
cd /opt/zimbra/openldap-data/
\rm -rf accesslog
 

Configuring LDAP Replication

Table of Contents Previous Next Index
ZCS Open Source Multi Server Installation Guide 5.0 (Rev 5.0.19 September 2009)
Copyright © 2009 Yahoo! Inc., Zimbra, a Yahoo! company