| Welcome to the Zimbra - Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
07-27-2007, 05:29 AM
| | |  Something's wrong with the LDAP replication Wiki
Hello all,
I have a Zimbra 4.5.6 OSE runs OK.
Now, I'm trying to setup a LDAP replication server for my Zimbra according to the wiki: LDAP - ZimbraWiki
It is said that on the slave server, when we install zimbra_ldap, we must type in Master LDAP hostname as the master LDAP. But, if I do that, the installation script won't offer me an 'a' menu as apply. But, if I use the slave hostname as the master, the 'a' appears.
Is there something wrong with the instuction? What should I type in for the Slave hostname? The Master hostname or the slave?
This is the install script (NO 'a' for apply): Code: Main menu
1) Hostname: centosbdc.pluto.com
2) Ldap master host: centos5.pluto.com
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items or correct ldap configuration (? - help) |
07-27-2007, 07:57 AM
| | | 
After reading more and more howtos, I've come to the conclusion that there's indeed something wrong (with my master ldap installation?). So I decided to 'trick' the installation script in slave ldap server by using it's own hostname as master server.
Then, I manually configure it to reference the master server: Code: [zimbra@centosbdc ~]$ zmlocalconfig -e ldap_master_url=ldap://centos5.pluto.com:389 But when running the zmldapenablereplica on the slave server: Code: [zimbra@centosbdc ~]$ libexec/zmldapenablereplica
Looking for LDAP installation...succeeded
Verifying ldap on ldap://centos5.pluto.com:389...FAILED
ERROR: Unable to verify ldap connection on ldap://centos5.pluto.com:389 - exiting
/opt/zimbra/bin/ldapsearch -x -H ldap://centos5.pluto.com:389 -D uid=zimbra,cn=admins,cn=zimbra -w 123456
ldap_bind: Can't contact LDAP server (-1) Cannot contact LDAP server
What is possibly causing this?
1. The master ldap server is running.
2. Both servers can ping each other
3. DNS is on master server, and slave server is pointed to the master in /etc/resolv.conf
4. From slave server I can dig centos5.pluto.com
5. There's no firewall in both servers.
6. SELinux is in permissive mode in both servers.
The only thing that I suspect is that using nmap, I find out that master ldap only listen to localhost and not network. I've searched the forum and it seems that it is an intended design to protect it from crackers?
Please any help will he great.
Thank you.  |
07-27-2007, 08:31 AM
| | | 
slapd on master server: Code: /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://centos5.pluto.com:389 -f /opt/zimbra/conf/slapd.conf running command hostname on master server:
[code][[root@centos5 ~]# hostname
centos5.pluto.com
/CODE]
digging and hosting: Code: [root@centos5 ~]# dig pluto.com any
; <<>> DiG 9.3.3rc2 <<>> pluto.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8045
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;pluto.com. IN ANY
;; ANSWER SECTION:
pluto.com. 172800 IN SOA ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
pluto.com. 172800 IN NS ns1.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
pluto.com. 172800 IN MX 10 mail.pluto.com.
;; ADDITIONAL SECTION:
ns1.pluto.com. 172800 IN A 192.168.0.199
mail.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 27 21:29:05 2007 All looks ok to me? |
07-27-2007, 08:50 AM
| | Zimbra Consultant & Moderator | |
Posts: 11,506
| |
Quote:
Originally Posted by fajarpri  All looks ok to me? | Where in the DNS info you posted above do you see anything for centos5.pluto.com? Try the following commands: Code: host `hostname`
dig pluto.com mx
dig pluto.com any and see what it says. The reason your LDAP replica doesn't work is because the hostname of your master LDAP isn't able to be resolved.
__________________
Regards
Bill
|
07-27-2007, 09:10 AM
| | |
From master server: Code: [root@centos5 ~]# host centos5.pluto.com
centos5.pluto.com has address 192.168.0.199 Code: [root@centos5 ~]# dig pluto.com mx
; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14682
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;pluto.com. IN MX
;; ANSWER SECTION:
pluto.com. 172800 IN MX 10 mail.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
;; AUTHORITY SECTION:
pluto.com. 172800 IN NS ns1.pluto.com.
;; ADDITIONAL SECTION:
mail.pluto.com. 172800 IN A 192.168.0.199
ns1.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 27 22:04:56 2007
;; MSG SIZE rcvd: 124 Code: [root@centos5 ~]# dig pluto.com any
; <<>> DiG 9.3.3rc2 <<>> pluto.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36195
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;pluto.com. IN ANY
;; ANSWER SECTION:
pluto.com. 172800 IN SOA ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
pluto.com. 172800 IN NS ns1.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
pluto.com. 172800 IN MX 10 mail.pluto.com.
;; ADDITIONAL SECTION:
ns1.pluto.com. 172800 IN A 192.168.0.199
mail.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 27 22:05:40 2007
;; MSG SIZE rcvd: 166 From slave server (with /etc/resolv.conf pointing to 192.168.0.199 [master]) Code: [root@centosbdc ~]# host centos5.pluto.com
centos5.pluto.com has address 192.168.0.199 Code: [root@centosbdc ~]# dig pluto.com mx
; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14310
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;pluto.com. IN MX
;; ANSWER SECTION:
pluto.com. 172800 IN MX 10 mail.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
;; AUTHORITY SECTION:
pluto.com. 172800 IN NS ns1.pluto.com.
;; ADDITIONAL SECTION:
mail.pluto.com. 172800 IN A 192.168.0.199
ns1.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 0 msec
;; SERVER: 192.168.0.199#53(192.168.0.199)
;; WHEN: Fri Jul 27 22:11:24 2007
;; MSG SIZE rcvd: 124 Code: [root@centosbdc ~]# dig pluto.com any
; <<>> DiG 9.3.3rc2 <<>> pluto.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32338
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;pluto.com. IN ANY
;; ANSWER SECTION:
pluto.com. 172800 IN SOA ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
pluto.com. 172800 IN NS ns1.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
pluto.com. 172800 IN MX 10 mail.pluto.com.
;; ADDITIONAL SECTION:
ns1.pluto.com. 172800 IN A 192.168.0.199
mail.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 0 msec
;; SERVER: 192.168.0.199#53(192.168.0.199)
;; WHEN: Fri Jul 27 22:11:47 2007
;; MSG SIZE rcvd: 166 Looks OK? Should I install a slave dns server in the slave server? Can't I use /etc/resolv.conf to point to the dns server in the master ldap server? |
07-27-2007, 09:28 AM
| | Zimbra Consultant & Moderator | |
Posts: 11,506
| |
Quote:
Originally Posted by fajarpri Looks OK? Should I install a slave dns server in the slave server? Can't I use /etc/resolv.conf to point to the dns server in the master ldap server? | I'm a bit confused as to how this can look good? Your first post has this: Code: Main menu
1) Hostname: centosbdc.pluto.com
2) Ldap master host: centos5.pluto.com
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items or correct ldap configuration (? - help) You have your ldap master host set to: and you seem to have no DNS records pointing to that server - that's why you don't get the 'a for apply' in the menu. You need to correct your DNS records.
__________________
Regards
Bill
|
07-27-2007, 09:33 AM
| | |
Hello Bill,
What I mean looks good, is that if I do Code: dig centos5.pluto.com It will show.
However, I think I now why will not show centos5.pluto.com
It's because in the zone file I don't use centos5.pluto.com as the SOA, instead I use ns1.pluto.com.
Ok, be right back. I'm correcting it now. Will report ASAP. |
07-27-2007, 09:45 AM
| | |
OK, I'm stumped.
I think I've corrected my zone file to look like this: Code: $ORIGIN .
$TTL 172800 ; 2 days
pluto.com IN SOA centos5.pluto.com. admin.pluto.com. (
2007070008 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS centos5.pluto.com.
MX 10 mail.pluto.com.
MX 20 ubuntubdc.pluto.com.
$ORIGIN pluto.com.
mail CNAME centos5
centos5 A 192.168.0.199
centosbdc A 192.168.0.198
$TTL 21600 ; 6 hours
voyager2 A 192.168.0.60
TXT "007531355f86a33b0786403d71005ae290"
$TTL 172800 ; 2 days
www CNAME centos5
And when I dig pluto.com any: Code: [root@centos5 ~]# dig pluto.com any
; <<>> DiG 9.3.3rc2 <<>> pluto.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;pluto.com. IN ANY
;; ANSWER SECTION:
pluto.com. 172800 IN SOA centos5.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
pluto.com. 172800 IN NS centos5.pluto.com.
pluto.com. 172800 IN MX 10 mail.pluto.com.
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
;; ADDITIONAL SECTION:
centos5.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 27 22:42:15 2007
;; MSG SIZE rcvd: 154 digging pluto.com mx: Code: [root@centos5 ~]# dig pluto.com mx
; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60971
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;pluto.com. IN MX
;; ANSWER SECTION:
pluto.com. 172800 IN MX 20 ubuntubdc.pluto.com.
pluto.com. 172800 IN MX 10 mail.pluto.com.
;; AUTHORITY SECTION:
pluto.com. 172800 IN NS centos5.pluto.com.
;; ADDITIONAL SECTION:
centos5.pluto.com. 172800 IN A 192.168.0.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 27 22:42:18 2007
;; MSG SIZE rcvd: 112 But still when creating the slave ldap server, the 'a' menu isn't shown when I change the master server to centos5.pluto.com
I'm stumped. |
07-27-2007, 10:12 AM
| | |
I'm really2 stumpped  |
07-27-2007, 10:41 AM
| | Zimbra-Yahoo Consultant | |
Posts: 5,608
| |
From the slave, can you telnet to port 389 on the master? | | Thread Tools | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
