Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Something's wrong with the LDAP replication Wiki

  1. #1
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Angry Something's wrong with the LDAP replication Wiki

    Hello all,
    I have a Zimbra 4.5.6 OSE runs OK.
    Now, I'm trying to setup a LDAP replication server for my Zimbra according to the wiki: LDAP - ZimbraWiki

    It is said that on the slave server, when we install zimbra_ldap, we must type in Master LDAP hostname as the master LDAP. But, if I do that, the installation script won't offer me an 'a' menu as apply. But, if I use the slave hostname as the master, the 'a' appears.

    Is there something wrong with the instuction? What should I type in for the Slave hostname? The Master hostname or the slave?

    This is the install script (NO 'a' for apply):
    Code:
    Main menu
    
       1) Hostname:                                centosbdc.pluto.com           
       2) Ldap master host:                        centos5.pluto.com             
       3) Ldap port:                               389                           
       4) Ldap password:                           set                           
       5) zimbra-ldap:                             Enabled                       
       r) Start servers after configuration        yes                           
       s) Save config to file                                                    
       x) Expand menu                                                            
       q) Quit                                    
    
    Address unconfigured (**) items or correct ldap configuration  (? - help)

  2. #2
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    After reading more and more howtos, I've come to the conclusion that there's indeed something wrong (with my master ldap installation?). So I decided to 'trick' the installation script in slave ldap server by using it's own hostname as master server.

    Then, I manually configure it to reference the master server:
    Code:
    [zimbra@centosbdc ~]$ zmlocalconfig -e ldap_master_url=ldap://centos5.pluto.com:389
    But when running the zmldapenablereplica on the slave server:
    Code:
    [zimbra@centosbdc ~]$ libexec/zmldapenablereplica 
    Looking for LDAP installation...succeeded
    Verifying ldap on ldap://centos5.pluto.com:389...FAILED
    ERROR: Unable to verify ldap connection on ldap://centos5.pluto.com:389 - exiting
    /opt/zimbra/bin/ldapsearch -x -H ldap://centos5.pluto.com:389 -D uid=zimbra,cn=admins,cn=zimbra -w 123456
    ldap_bind: Can't contact LDAP server (-1)
    Cannot contact LDAP server

    What is possibly causing this?
    1. The master ldap server is running.
    2. Both servers can ping each other
    3. DNS is on master server, and slave server is pointed to the master in /etc/resolv.conf
    4. From slave server I can dig centos5.pluto.com
    5. There's no firewall in both servers.
    6. SELinux is in permissive mode in both servers.

    The only thing that I suspect is that using nmap, I find out that master ldap only listen to localhost and not network. I've searched the forum and it seems that it is an intended design to protect it from crackers?

    Please any help will he great.
    Thank you.

  3. #3
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Question

    slapd on master server:
    Code:
    /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://centos5.pluto.com:389 -f /opt/zimbra/conf/slapd.conf
    running command hostname on master server:
    [CODE][[root@centos5 ~]# hostname
    centos5.pluto.com
    /CODE]

    digging and hosting:
    Code:
    [root@centos5 ~]# dig pluto.com any
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8045
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      ANY
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      SOA     ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
    pluto.com.              172800  IN      NS      ns1.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    
    ;; ADDITIONAL SECTION:
    ns1.pluto.com.          172800  IN      A       192.168.0.199
    mail.pluto.com.         172800  IN      A       192.168.0.199
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 27 21:29:05 2007
    All looks ok to me?

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by fajarpri View Post
    All looks ok to me?
    Where in the DNS info you posted above do you see anything for centos5.pluto.com? Try the following commands:

    Code:
    host `hostname`
    dig pluto.com mx
    dig pluto.com any
    and see what it says. The reason your LDAP replica doesn't work is because the hostname of your master LDAP isn't able to be resolved.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    From master server:
    Code:
    [root@centos5 ~]# host centos5.pluto.com
    centos5.pluto.com has address 192.168.0.199
    Code:
    [root@centos5 ~]# dig pluto.com mx
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14682
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      MX
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    
    ;; AUTHORITY SECTION:
    pluto.com.              172800  IN      NS      ns1.pluto.com.
    
    ;; ADDITIONAL SECTION:
    mail.pluto.com.         172800  IN      A       192.168.0.199
    ns1.pluto.com.          172800  IN      A       192.168.0.199
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 27 22:04:56 2007
    ;; MSG SIZE  rcvd: 124
    Code:
    [root@centos5 ~]# dig pluto.com any
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36195
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      ANY
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      SOA     ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
    pluto.com.              172800  IN      NS      ns1.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    
    ;; ADDITIONAL SECTION:
    ns1.pluto.com.          172800  IN      A       192.168.0.199
    mail.pluto.com.         172800  IN      A       192.168.0.199
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 27 22:05:40 2007
    ;; MSG SIZE  rcvd: 166

    From slave server (with /etc/resolv.conf pointing to 192.168.0.199 [master])

    Code:
    [root@centosbdc ~]# host centos5.pluto.com
    centos5.pluto.com has address 192.168.0.199
    Code:
    [root@centosbdc ~]# dig pluto.com mx
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14310
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      MX
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    
    ;; AUTHORITY SECTION:
    pluto.com.              172800  IN      NS      ns1.pluto.com.
    
    ;; ADDITIONAL SECTION:
    mail.pluto.com.         172800  IN      A       192.168.0.199
    ns1.pluto.com.          172800  IN      A       192.168.0.199
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.199#53(192.168.0.199)
    ;; WHEN: Fri Jul 27 22:11:24 2007
    ;; MSG SIZE  rcvd: 124
    Code:
    [root@centosbdc ~]# dig pluto.com any
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32338
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      ANY
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      SOA     ns1.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
    pluto.com.              172800  IN      NS      ns1.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    
    ;; ADDITIONAL SECTION:
    ns1.pluto.com.          172800  IN      A       192.168.0.199
    mail.pluto.com.         172800  IN      A       192.168.0.199
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.199#53(192.168.0.199)
    ;; WHEN: Fri Jul 27 22:11:47 2007
    ;; MSG SIZE  rcvd: 166
    Looks OK? Should I install a slave dns server in the slave server? Can't I use /etc/resolv.conf to point to the dns server in the master ldap server?

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by fajarpri View Post
    Looks OK? Should I install a slave dns server in the slave server? Can't I use /etc/resolv.conf to point to the dns server in the master ldap server?
    I'm a bit confused as to how this can look good? Your first post has this:

    Code:
    Main menu
    
       1) Hostname:                                centosbdc.pluto.com           
       2) Ldap master host:                        centos5.pluto.com             
       3) Ldap port:                               389                           
       4) Ldap password:                           set                           
       5) zimbra-ldap:                             Enabled                       
       r) Start servers after configuration        yes                           
       s) Save config to file                                                    
       x) Expand menu                                                            
       q) Quit                                    
    
    Address unconfigured (**) items or correct ldap configuration  (? - help)
    You have your ldap master host set to:
    Code:
    centos5.pluto.com
    and you seem to have no DNS records pointing to that server - that's why you don't get the 'a for apply' in the menu. You need to correct your DNS records.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Hello Bill,
    What I mean looks good, is that if I do
    Code:
    dig centos5.pluto.com
    It will show.

    However, I think I now why
    Code:
    dig pluto.com any
    will not show centos5.pluto.com

    It's because in the zone file I don't use centos5.pluto.com as the SOA, instead I use ns1.pluto.com.

    Ok, be right back. I'm correcting it now. Will report ASAP.

  8. #8
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    OK, I'm stumped.
    I think I've corrected my zone file to look like this:
    Code:
    $ORIGIN .
    $TTL 172800     ; 2 days
    pluto.com               IN SOA  centos5.pluto.com. admin.pluto.com. (
                                    2007070008 ; serial
                                    10800      ; refresh (3 hours)
                                    3600       ; retry (1 hour)
                                    604800     ; expire (1 week)
                                    86400      ; minimum (1 day)
                                    )
                            NS      centos5.pluto.com.
                            MX      10 mail.pluto.com.
                            MX      20 ubuntubdc.pluto.com.
    $ORIGIN pluto.com.
    mail                    CNAME   centos5
    centos5                 A       192.168.0.199
    centosbdc               A       192.168.0.198
    $TTL 21600      ; 6 hours
    voyager2                A       192.168.0.60
                            TXT     "007531355f86a33b0786403d71005ae290"
    $TTL 172800     ; 2 days
    www                     CNAME   centos5

    And when I dig pluto.com any:
    Code:
    [root@centos5 ~]# dig pluto.com any
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35401
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      ANY
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      SOA     centos5.pluto.com. admin.pluto.com. 2007070008 10800 3600 604800 86400
    pluto.com.              172800  IN      NS      centos5.pluto.com.
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    
    ;; ADDITIONAL SECTION:
    centos5.pluto.com.      172800  IN      A       192.168.0.199
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 27 22:42:15 2007
    ;; MSG SIZE  rcvd: 154
    digging pluto.com mx:
    Code:
    [root@centos5 ~]# dig pluto.com mx
    
    ; <<>> DiG 9.3.3rc2 <<>> pluto.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60971
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;pluto.com.                     IN      MX
    
    ;; ANSWER SECTION:
    pluto.com.              172800  IN      MX      20 ubuntubdc.pluto.com.
    pluto.com.              172800  IN      MX      10 mail.pluto.com.
    
    ;; AUTHORITY SECTION:
    pluto.com.              172800  IN      NS      centos5.pluto.com.
    
    ;; ADDITIONAL SECTION:
    centos5.pluto.com.      172800  IN      A       192.168.0.199
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 27 22:42:18 2007
    ;; MSG SIZE  rcvd: 112
    But still when creating the slave ldap server, the 'a' menu isn't shown when I change the master server to centos5.pluto.com

    I'm stumped.

  9. #9
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    I'm really2 stumpped

  10. #10
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    From the slave, can you telnet to port 389 on the master?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-12-2008, 12:52 AM
  2. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. Replies: 4
    Last Post: 11-15-2006, 12:16 PM
  5. LDAP Replication
    By rsharpe in forum Installation
    Replies: 3
    Last Post: 02-28-2006, 07:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •