I have a new installation that we're converting from single server to multi server. This is on NE5.0.13, RHEL5. My plan is to go from our current server named 'serverA' to servers named zmldap1, zmldap2, zmmta1, zmmta2, and zmmailbox1. I setup zmldap1 as an ldap replica of serverA. Then, promoted zmldap1 and disabled ldap on serverA. All is well.
However, I'm running into problems setting up zmldap2 as a replica of zmldap1. zmldap2 complains of Invalid Credentials and doesn't replicate.
I ran /opt/zimbra/libexec/zmldapenablereplica on zmldap1, and installed zimbra ldap on zmldap2, changing all the ldap passwords to the same pass as zmldap1. zmldap2 settings as follows:
ldap_amavis_password = PkbhcnnL
ldap_host = zmldap1.example.com
ldap_is_master = false
ldap_master_url = ldap://zmldap1.example.com:389
ldap_nginx_password = PkbhcnnL
ldap_port = 389
ldap_postfix_password = PkbhcnnL
ldap_replication_password = PkbhcnnL
ldap_root_password = PkbhcnnL
ldap_url = ldap://zmldap2.example.com:389 ldap://zmldap1.example.com:389
zimbra_ldap_password = PkbhcnnL
zimbra_zmprov_default_to_ldap = true
When I run zmcontrol start, I get the following errors in zimbra.log:
Mar 18 16:25:38 zmldap2 slapd[24933]: @(#) $OpenLDAP: slapd 2.3.43 (Dec 3 2008 10:40:02) $
build@build10.lab.zimbra.com:/home/build/p4/FRANKLIN/ThirdParty/openldap/openldap-2.3.43.7z/servers/slapd
Mar 18 16:25:39 zmldap2 slapd[24934]: slapd starting
Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrep2: rid 100got search entry without control
Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrepl: rid 100 retrying
Mar 18 16:25:47 zmldap2 zimbramon[24788]: 24788:info: Rewriting configs
Mar 18 16:25:47 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: zmmtaconfig started on zmldap2.example.com with loglevel=3 pid=24972
Mar 18 16:25:49 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping Global system configuration update.
Mar 18 16:25:49 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: gacf ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
Mar 18 16:25:50 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Reverse Proxy URLs update.
Mar 18 16:25:50 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllReverseProxyURLs ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
Mar 18 16:25:51 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Reverse Proxy Backends update.
Mar 18 16:25:51 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllReverseProxyBackends ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
Mar 18 16:25:53 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Memcached Servers update.
Mar 18 16:25:53 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllMemcachedServers ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
It seems to be complaining about password, but everything seems set correctly as far as I can tell. I can even bind to zmldap1 as uid=zmreplica,cn=admins,cn=zimbra using that password.
Any help is appreciated.
Bugzilla
Wiki
Source
[SOLVED] ldap replication 
Linear Mode
