Importing LDAP from another server

[bjquinn]

I'm trying to migrate from ZCS 6.0.5 32-bit to 7.0.0 64-bit.

I've seen methods of exporting and importing LDAP data from one Zimbra install to another, so I'm trying that as a first step. Here's the steps I've taken :

On old server:

su - zimbra
./openldap/sbin/slapcat -F /opt/zimbra/data/ldap/config -b "" -l /tmp/zimbra-ldap.ldif

Now copy off /tmp/zimbra-ldap.ldif to /tmp/zimbra-ldap.ldif on new server

On new server, with same hostname as old server :

su - zimbra
zmcontrol stop
ps aux | grep zimbra (make sure it has quit)
ps auxx | grep slapd (make sure it has quit)
rm -f data/ldap/hdb/db/__db.* data/ldap/hdb/db/*.bdb data/ldap/hdb/db/alock data/ldap/hdb/logs/*
./openldap/sbin/slapadd -F /opt/zimbra/data/ldap/config -b "" -q -l /tmp/zimbra-ldap.ldif
zmcontrol start

Here's what I get (domain names changed to protect the innocent) :

Host host.mydomain.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: unable to lookup server by name: host.mydomain.com message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
zimbra logger service is not enabled! failed.


Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

[phoenix]

Details for moving from 32bit to 64bit are in this wiki article: Network Edition: Moving from 32-bit to 64-bit Server - Zimbra :: Wiki - follow that guide and obviously leave out any specific NE steps.

When moving to a new server you always use the same version of Zimbra on the new machine as you have on the old one. Please note that you should follow the instruction in the note at the beginning of that article:

Quote:

IMPORTANT: The ZCS release you install on the 64-bit server must be the same release as installed on the 32-bit server. The server can have a different operating system.

[bjquinn]

Ok, that makes sense. Obviously if I wanted to upgrade, then I could do so AFTER converting from 32-bit to 64-bit.

However, one of the things I'm trying to do is create an environment where I could also downgrade in case of an issue with 7.0.x.

For example, let's say I'm on 6.0.5 and I upgrade to 7.0.x. At first all seems well, so we pat ourselves on the back and go home and get some sleep. A few days later we realize that there are some major issues and we can't fix them (say, we can't find a proper balance between sufficient spam protection and too many false positives). I was looking into some of the steps mentioned in this wiki article.

ZCS to ZCS With-Different-LDAP-Servers Migration Example - Zimbra :: Wiki

This looked like it would provide me the opportunity to export almost all ZCS data and settings and import them into another server. I was hoping this might allow me to export data from a flawed 7.0.x installation back into 6.0.5 if the need arose. Of course it lacks steps for exporting and importing LDAP, so I started there. I'm assuming if the LDAP backup won't import directly into a newer version of ZCS, it probably won't import into an older version either.

Do I have any options for downgrading ZCS?

[phoenix]

Quote:

Originally Posted by bjquinn

Ok, that makes sense. Obviously if I wanted to upgrade, then I could do so AFTER converting from 32-bit to 64-bit.

You could do it at either stage.

Quote:

Originally Posted by bjquinn

However, one of the things I'm trying to do is create an environment where I could also downgrade in case of an issue with 7.0.x.

For example, let's say I'm on 6.0.5 and I upgrade to 7.0.x. At first all seems well, so we pat ourselves on the back and go home and get some sleep. A few days later we realize that there are some major issues and we can't fix them (say, we can't find a proper balance between sufficient spam protection and too many false positives). I was looking into some of the steps mentioned in this wiki article.

Your choices for this are numerous and it really depends on what your exact requirements are.

ZCS to ZCS With-Different-LDAP-Servers Migration Example - Zimbra :: Wiki

This looked like it would provide me the opportunity to export almost all ZCS data and settings and import them into another server. I was hoping this might allow me to export data from a flawed 7.0.x installation back into 6.0.5 if the need arose. Of course it lacks steps for exporting and importing LDAP, so I started there. I'm assuming if the LDAP backup won't import directly into a newer version of ZCS, it probably won't import into an older version either.

Do I have any options for downgrading ZCS?

You can't downgrade any current versions of Zimbra as there are changes made to MySQL tables, LDAP etc that will break your sysetm if you try a downgrade. What you can do is take a copy of the /opt/zimbra directory structure and use that to 'disaster recovery' on (I'd suggest) another server (or VM) using the same version of Zimbra you had installed in the original set-up. I believe there's an article in the wiki on what you'd need to do for a disaster recovery and there's certainly several threads on the subject. You would need to test (and document) this scenario before you ever need it just in case you ever need it for real.

If you ever need to take down a ZImbra server for a period of time I'd also recommend you use a 'backup mx' service that will store your mail while the server is offline. I use a DNS hosting service called EasyDNS that provides a backup as part of any dns package you use, it's inexpensive. I have no association with that company other than as a satisfied customer. There are other companies that provide the same service (for a fee). Using that type of service it will store the email for up-to five days, once your server is back on-line it will forward the email to you.

You have a number of choices but it depends on what your exact requirements are.

[bjquinn]

Hmm, everything I can find on the wiki on this (a few pieces of which I wrote myself) and in the forums, including the "Disaster Recovery" article you mentioned all start with the same caveat - "Important: The ZCS release you install on the new server must be the same release as installed on the old server. The server can have a different operating system."

In fact almost everything I can find is a variation on the basic "get a copy of /opt/zimbra, and reinstall the SAME VERSION of ZCS on top of it".

That's why I was looking at options based around the zmmailbox import/export functions, since I thought I might be able to export out of the newer version (assuming the new server is at least running well enough to perform that function) and into the older version. But then I got stuck on the LDAP import/export, which requires the same-version stuff.

Am I just way out in left field here? Seems like there would be some other people out there wanting a downgrade plan in place, just in case.

[phoenix]

Quote:

Originally Posted by bjquinn

Am I just way out in left field here? Seems like there would be some other people out there wanting a downgrade plan in place, just in case.

A 'downgrade' to me always implies running the install of an older version over your current set-up - which isn't possible. Let's think of it as an export/import question. You can certainly do that by exporting data from each of the mailboxes on your current (production?) server then importing them into another working Zimbra server and again, I believe there are a couple of scripts on the forums that will do that - that might be long-winded if you have a lot of users and/or large mailboxes.

Perhaps a better scenario would be to set-up a test server with any new release of Zimbra on it and test it until you're satisfied it is stable enough to put in production?

[bjquinn]

Got it. You're right, really what I'm trying to do is an import/export. I know I can't do an outright downgrade (for good reasons as you stated above).

With respect to testing the new version well before I put it up, I have every intention of doing that, but users always seem to find a way to break things in ways I could have never imagined. I would just feel a lot better if I had this option as a fallback plan.

Now, I've seen a bunch of scripts that import and export accounts, distribution lists, mail filters, etc. It looks like kind of a pain to do, but most importantly I end up back at the LDAP step -- the only instructions I can find to import and export LDAP data suggest that it must be done on the same version of ZCS.

Thanks for your help.

[bjquinn]

How can I export to an older version if I can't import the LDAP?

[quanah]

The basic error you encountered was with passwords. My guess is you did not configure the new server with the same set of LDAP related passwords the old server had. Thus the error 49 (invalid credentials) errors you got.

[bjquinn]

I think you're right about it being the passwords. I've now followed the 32-bit to 64-bit migration article (including the part about the passwords), and it worked -- but I was making sure to stay on the SAME zimbra version. Should I be able to import LDAP from a newer version into an older version, as long as I make sure I follow all the steps outlined in the migration article related to LDAP and passwords?

Then maybe I could export the mailboxes out of the newer version and import them into the old version using zmmailbox (obviously just copying over /opt/zimbra/store, etc. won't work due to the changes in the mysql database structure as mentioned earlier in this thread).