Results 1 to 3 of 3

Thread: [SOLVED] ldap replication

  1. #1
    Join Date
    May 2008
    Posts
    4
    Rep Power
    7

    Default [SOLVED] ldap replication

    I have a new installation that we're converting from single server to multi server. This is on NE5.0.13, RHEL5. My plan is to go from our current server named 'serverA' to servers named zmldap1, zmldap2, zmmta1, zmmta2, and zmmailbox1. I setup zmldap1 as an ldap replica of serverA. Then, promoted zmldap1 and disabled ldap on serverA. All is well.

    However, I'm running into problems setting up zmldap2 as a replica of zmldap1. zmldap2 complains of Invalid Credentials and doesn't replicate.

    I ran /opt/zimbra/libexec/zmldapenablereplica on zmldap1, and installed zimbra ldap on zmldap2, changing all the ldap passwords to the same pass as zmldap1. zmldap2 settings as follows:

    ldap_amavis_password = PkbhcnnL
    ldap_host = zmldap1.example.com
    ldap_is_master = false
    ldap_master_url = ldap://zmldap1.example.com:389
    ldap_nginx_password = PkbhcnnL
    ldap_port = 389
    ldap_postfix_password = PkbhcnnL
    ldap_replication_password = PkbhcnnL
    ldap_root_password = PkbhcnnL
    ldap_url = ldap://zmldap2.example.com:389 ldap://zmldap1.example.com:389
    zimbra_ldap_password = PkbhcnnL
    zimbra_zmprov_default_to_ldap = true

    When I run zmcontrol start, I get the following errors in zimbra.log:

    Mar 18 16:25:38 zmldap2 slapd[24933]: @(#) $OpenLDAP: slapd 2.3.43 (Dec 3 2008 10:40:02) $ build@build10.lab.zimbra.com:/home/build/p4/FRANKLIN/ThirdParty/openldap/openldap-2.3.43.7z/servers/slapd
    Mar 18 16:25:39 zmldap2 slapd[24934]: slapd starting
    Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrep2: rid 100got search entry without control
    Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrepl: rid 100 retrying
    Mar 18 16:25:47 zmldap2 zimbramon[24788]: 24788:info: Rewriting configs
    Mar 18 16:25:47 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: zmmtaconfig started on zmldap2.example.com with loglevel=3 pid=24972
    Mar 18 16:25:49 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping Global system configuration update.
    Mar 18 16:25:49 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: gacf ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    Mar 18 16:25:50 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Reverse Proxy URLs update.
    Mar 18 16:25:50 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllReverseProxyURLs ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    Mar 18 16:25:51 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Reverse Proxy Backends update.
    Mar 18 16:25:51 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllReverseProxyBackends ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    Mar 18 16:25:53 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping All Memcached Servers update.
    Mar 18 16:25:53 zmldap2 zimbramon[24972]: 24972:info: zmmtaconfig: Skipping getAllMemcachedServers ERROR: service.FAILURE (system failure: unable to list all servers) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])

    It seems to be complaining about password, but everything seems set correctly as far as I can tell. I can even bind to zmldap1 as uid=zmreplica,cn=admins,cn=zimbra using that password.

    Any help is appreciated.

  2. #2
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Code:
    Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrep2: rid 100got search entry without control
    Mar 18 16:25:39 zmldap2 slapd[24934]: do_syncrepl: rid 100 retrying
    This would generally indicate that the server it is pointing at is not configured as a master, since it is not exposing the control necessary for replication.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    Join Date
    May 2008
    Posts
    4
    Rep Power
    7

    Default

    Thank you so much for your reply. This was exactly the problem.

    I had to add:
    overlay syncprov
    syncprov-checkpoint 20 10
    syncprov-sessionlog 500
    to /opt/zimbra/conf/slapd.conf.in on the master. I'm not sure why it was missing, but since I was in those files when moving ldap to a separate box, I imagine I was to blame.

    Thanks again,
    Ryan

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-11-2008, 11:52 PM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Replies: 8
    Last Post: 08-07-2008, 05:18 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. LDAP Replication
    By rsharpe in forum Installation
    Replies: 3
    Last Post: 02-28-2006, 06:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •