[SOLVED] Trying to setup ldap replica

[SOLVED] Trying to setup ldap replica

gus.hoppes » Fri Jun 03, 2016 8:22 pm

Hi all,
I'm having an issue getting an ldap replica server up to connect and sync with an existing master ldap server. I have a multi-server environment. My setup is as follows:

zproxy1 = http reverse proxy
zldap1 = This is the dedicated ldap replica server I'm having problems connecting.
z1 = mailbox server
z2 = mailbox server
z3 = ldap and mailbox server, (new ldap master)

Originally there was only the z3 server. This hosted everything. I ran into a file system corruption problem and z3 crashed. After this incident I decided to revamp the mail infrastructure and work to retire the problematic server z3. I built the proxy, ldap and mailbox servers. I recovered most of everything and moved all mailboxes off z3 to z1. That's all running great. Now I need to move ldap off z3 to zldap1. To accomplish this I decided to set zldap1 up as a replica of z3. Then eventually promote zldap1 to master and retire z3 for good. Problem here is I'm having trouble getting it to act as a replica.

I followed the the ldap setup in the multi server documentation. I could not save the config with the z3 set as master (connection issue?). So, I had to set it up standalone. Got it working and tried changing the config to connect to z3. Can't get it to work. I'm perplexed as to where the actual problem is.

I get this on zldap1 when trying to start the ldap service.
Host zldap1.domain.com
Starting ldap...Done.
Size error: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting stats...Done.

I think the problem may be on z3? I tried to run this to enable replication on the master z3 and got this error.
Bind: Invalid credentials
Enabling sync provider on master...zimbra@z3:~/conf$

Basically zldap1 breaks when I change these values to what they are supposed to be. I don't think its connecting right. I change these back to get it working locally again on an empty ldap.

<key name="ldap_master_url">

<key name="ldap_is_master">

I feel all my passwords and certs are correct. They are all the same across the board. I don't see any errors in the logs. Any help is greatly appreciated!!!

Uma Shankar
Zimbra Employee
Zimbra Employee
Re: Trying to setup ldap replica

Uma Shankar » Fri Jun 10, 2016 7:03 am

Hi Gus ,

As per the description, I feel the issue is with the password or ldap config.

You can run the following command and check if you are able to bind to the master server ldap.

ldapwhoami -x -h `zmhostname` -D "cn=config" -W

You can get the ldap passwords by running the command zmlocalconfig -s | grep -i password

Also, if you need to change the ldap password , you can follow the wiki here https://wiki.zimbra.com/wiki/ShanxT-LDAP-Auth-Failed

Also, you can enable MMR instead of replica for better reliability. Please read the wiki article here on how to do that https://wiki.zimbra.com/wiki/LDAP_Multi ... eplication

Try these steps and let me know, how it goes.

Also as you are a ZCS NE customer, please open a support ticket with Zimbra Support so that they can assist you on the same.

Uma Shankar
Re: Trying to setup ldap replica

gus.hoppes » Mon Jun 13, 2016 7:24 pm

Thanks Uma!

Yes after some further looking we discovered the ldap master password was not the same as the slapd password. Once we got the slapd and zimbra ldap passwords to match, we got it to work.

Thanks for the help, you are awesome!

