Results 1 to 8 of 8

Thread: LDAP replication stop working on ldapssl

  1. #1
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default LDAP replication stop working on ldapssl

    Hi,

    I have changed ldap to ldaps ( as per How to enable ldaps - Zimbra :: Wiki ) in the master and replica ldap servers in my multiserver setup. But after this replication is not happening, and suddenly I reverted the change and working now.

    What is wrong with ldaps, is not supported in the Multi server install setup.


    Thanks,
    Premod

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Do you have a firewall in between the two servers ? Are you running IPtables at all ?

  3. #3
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Hi Uxbod,


    There is no firewall between the servers, and I am able to telnet to port 636 from replica to master and vice versa.

    Actually while trying zmcontrol status on the replica I am getting the following error.
    zimbra@email:~$ zmcontrol start
    Host xxxx.yyyy.com
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.

    #!Premod
    Last edited by premoddev; 12-09-2008 at 04:41 AM.

  4. #4
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Update...

    I have done two new installations in which I have changed the ldap to ldaps at the installation time in the Master and replica servers.

    After the installation of the master i have created some accounts and tried the replica server. Still I am not able to start the services in the replica.

    But when I list the directory in the replica using slapcat, I am able to see the accounts which I created before installing replica server. That means in the install time it got connected to the master and got the database and cached locally.

    But new entries are not coming to replica after the installation of replica.


    Help on this topic is really appreciated.

    #!Premod

  5. #5
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    If all you are doing is trying to connect securely, we default to using startTLS, the RFC defined method for doing secure communications over the LDAP protocol. LDAPS was a scheme that was done with LDAPv2 because there was no official method for doing secure connections over the LDAP protocol. There's generally never a reason to use LDAPS instead of LDAP as long as you are using startTLS. If you change your configuration to use LDAPS, you're going to have to modify everything that was set to use startTLS to stop using it, since the two are not compatible.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Thanks Quanah,

    All I want is the secure communication between the servers, if startTLS is there on the port 389, I dont require SSL over ldap.

    And one more thing, can you confirm the address book is also accessible on startTLS or it is simply ldap. If that also secure I am fine for the current setup.


    Thanks in advance

    #!Premod

  7. #7
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    It's accessible either way, in the current 5.0 series. This will be changed in the 6.0 series to allow the admin to configure whether or not to allow plain LDAP access:

    Bug 20739 – make force-TLS for LDAP configurable

    and whether or not to allow anonymous access (secure or not):

    Bug 15378 – Obviate the need for and disallow LDAP anonymous binds
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Hi quanah,

    I am using zimbra network edition 5.0.10, and you are telling currently the version 5 will work for both plain ldap and ldap+tls. But my experience for accessing address book using TLS is a flop, but plain ldap is working fine for clients like Thunderbird and Evolution.

    And also clients like Thunderbird does not support ldap+tls but ldap+ssl is supported.


    Thanks,

    #!Premod

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-12-2008, 12:52 AM
  2. Replies: 8
    Last Post: 08-07-2008, 06:18 AM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 07:45 AM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •