Results 1 to 10 of 11

Thread: Migrating from Postfix+Dovecot with LDAP to ZCS

Hybrid View

  1. #1
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default Migrating from Postfix+Dovecot with LDAP to ZCS

    Dear Zimbra Community,

    I have a production mail server running on CentOS5 using Postfix, Dovecot with OpenLDAP. I need to migrate / move everything (including LDAP) in to the new server running CentOS 5.5 with ZCS 6 (Release 6.0.8_GA_2661.RHEL5_64_20100820052503 CentOS5_64 FOSS edition).

    Please advise which is the best way for moving my LDAP database and mails (postfix) to ZCS.

    Thanks,
    Siraj Mundayott.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Take a look at some of the migration articles in the wiki (also search the forums for further details): User Migration Articles - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Take a look at some of the migration articles in the wiki (also search the forums for further details): User Migration Articles - Zimbra :: Wiki
    Thanks, I'll check once again and get back.

    Siraj.

  4. #4
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default

    Hi,

    Instead of moving LDAP to my ZCS I am planning to use external LDAP option and imapsync to copy emails from postfix.
    My test was successful using external LDAP but I cannot see all accounts in ZCS after configuring it. Please find my external LDAP settings below.

    Authentication
    --------------
    Authentication mechanism: External LDAP
    LDAP bind DN template:
    LDAP URL: ldap://server.domain.local:389
    Enable StartTLS
    LDAP filter: (&(objectClass=posixAccount)(uid=%u))
    LDAP search base: ou=Users,dc=domain,dc=local
    Use DN/Password to bind to external server: Yes
    Bind DN: cn=smbldap-tools,ou=DSA,dc=domain,dc=local

    GAL Settings
    ------------
    GAL mode:
    External
    Most results returned by GAL search: 10
    GAL sync account name:* user@domain.com
    Datasource name for external GAL: server.domain.local
    External GAL polling interval: 1 days
    Server type:LDAP
    LDAP filter:* (&(objectClass=posixAccount)(uid=%u))
    Autocomplete filter: (|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
    LDAP search base: ou=Users,dc=domain,dc=local
    LDAP URL: ldap://server.domain.local:389
    Bind DN:

    Please advise.

    Thanks,
    Siraj.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by sirajmc View Post
    Instead of moving LDAP to my ZCS I am planning to use external LDAP option....
    You can't do that, you still need to use the LDAP that's installed with Zimbra. External Authentication is just that and it's not a replacement for the LDAP in Zimbra.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default

    Sorry for the confusion, what I meant is using the Zimbra LDAP but by syncing the user accounts from my primary LDAP (Linux OpenLDAP) by configuring external authentication. If this is not possible then what exactly the purpose of External authentication option in zimbra admin console?

    Please advise.

    Thanks,
    Siraj.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by sirajmc View Post
    Sorry for the confusion, what I meant is using the Zimbra LDAP but by syncing the user accounts from my primary LDAP (Linux OpenLDAP) by configuring external authentication.
    There's no confusion at all on my part. You need to create users in the Zimbra LDAP, it's used to provision the user account.

    Quote Originally Posted by sirajmc View Post
    If this is not possible then what exactly the purpose of External authentication option in zimbra admin console?
    It means exactly what it's name implies, it's to authenticate users against an external (or centralised) LDAP server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default

    So I have to manually update zimbra LDAP every time I make changes in my master LDAP?

    Thanks,
    Siraj.

  9. #9
    Join Date
    Feb 2010
    Posts
    8
    Rep Power
    5

    Default

    Hi, got some progress I am on following error now with imapsync

    Error login: [sourceip] with user [user@domain.com*root] auth [PLAIN]: * BYE Internal login failure. Refer to server log for more information.
    Error login: [sourceip] with user [user@domain.com*root] auth [PLAIN]: * BYE Internal login failure. Refer to server log for more information.

    root has no read rights on mailboxes on old server (drwx------) is it because of that


    This is how I reached there,

    1. Imported all users using export file and bulk provision from admin console. Now trying to copy emails using imapsync by referring Migrating from Dovecot with External LDAP - Zimbra :: Wiki

    - on old server
    1. Updated dovecot.conf from old server with following

    auth_master_user_separator = *
    passdb passwd-file {
    args = /etc/dovecot.master
    master=yes
    }

    2. Ran htpasswd -c /etc/dovecot.master root and restarted dovecot

    - on zimbra with imapsync installed
    3. Created a test users.txt with user@domain.com*root - included domain name as I have multiple domain in zimbra

    4. Created password file host1pass.txt and host1pass.txt with root password

    5. Created migrate-imap.sh with the following

    #!/bin/bash

    host1=sourceIP
    #host1 is Source

    host2=destIP
    #host2 is Dest

    cat users.txt | while read
    do
    username1=`echo $REPLY` # $REPLY is a bash builtin
    username2=`echo $REPLY | cut -d\* -f 1` # Strip the star etc
    echo "Syncing User $username1 to $username2"
    imapsync --nosyncacls --syncinternaldates --authmech1 PLAIN \
    --host1 $host1 --user1 "$username1" --passfile1 host1pass.txt \
    --host2 $host2 --user2 "$username2" --passfile2 host2pass.txt
    done

    6. Ran script for one user
    [root@mail2]# . migrate-imap.sh
    Syncing User user@domain.com*root to user@domain.com
    $RCSfile: imapsync,v $ $Revision: 1.350 $ $Date: 2010/09/06 01:05:09 $
    Here is a [linux] system (Linux mail2.ffc.local 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:14 EDT 2010 x86_64)
    With perl 5.8.8 Mail::IMAPClient 3.23
    Command line used:
    /usr/bin/imapsync --nosyncacls --syncinternaldates --authmech1 PLAIN --host1 sourceip --user1 user@domain.com*root --passfile1 host1pass.txt --host2 destip --user2 user@domain.com --passfile2 host2pass.txt
    Temp directory is /tmp
    PID file is /tmp/imapsync.pid
    Modules version list:
    Mail::IMAPClient 3.23
    IO::Socket 1.29
    IO::Socket::SSL 1.01
    Digest::MD5 2.36
    Digest::HMAC_MD5 1.01
    Term::ReadKey 2.30

    Turned ON syncinternaldates, will set the internal dates (arrival dates) on host2 same as host1.
    Will try to use PLAIN authentication on host1
    Will try to use CRAM-MD5 authentication on host2
    Host1: imap server [sourceip] port [143] user [user@domain.com*root]
    Host2: imap server [destip] port [143] user [user@domain.com]
    Banner: * OK Dovecot ready.
    Host sourceip says it has CAPABILITY for AUTHENTICATE PLAIN
    Error login: [sourceip] with user [user@domain.com*root] auth [PLAIN]: * BYE Internal login failure. Refer to server log for more information.
    Error login: [sourceip] with user [user@domain.com*root] auth [PLAIN]: * BYE Internal login failure. Refer to server log for more information.

    Please advise.

    Siraj.

Similar Threads

  1. postdrop fail to create file after upgrade to 5.0.3
    By echoadisan in forum Installation
    Replies: 23
    Last Post: 07-15-2013, 03:02 PM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  3. Migrating from Postfix + LDAP to Zimbra
    By augustobsb in forum Administrators
    Replies: 2
    Last Post: 04-15-2008, 07:01 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •