LDAP: Difference between revisions

Line 62: Line 62:


==== Correcting startup failure ====
==== Correcting startup failure ====
If the [[LDAP#Detecting startup failure|previous section]] indicates that ldap is not starting at all,
If the [[LDAP#Detecting startup failure|previous section]] indicates that ldap is not starting at all, attempt ldap startup manually (as the [[zimbra user]]);
  ldap start


=== [[LDAP]] and [[DNS]] ===
=== [[LDAP]] and [[DNS]] ===

Revision as of 20:14, 5 March 2006

LDAP Overview

LDAP uses in ZCS

LDAP is used in ZCS to store data for

Additionally, information relating to:

Most of this data can be viewed and configured via the Admin Console or with zmprov.

LDAP in the system architecture

In every ZCS installation, there will be one and only one Master LDAP server. This server is authoritative for user information, server configuration, etc.

Additionally, one or more Replicas may be defined, to improve performance and reduce the load on the Master.

During installation in a multi-server environment, the LDAP server must be the first installed and configured, and must be running during any subsequent installations. The LDAP server must also be the first started in a multi-server environment.

LDAP troubleshooting

Installation Problems

LDAP initialization generally fails due to the following

  • Failure to start the LDAP server
  • Failure to resolve the LDAP server
  • Failure to connect to the LDAP server

Startup failures

The startup of the LDAP server during installation happens when the initialization script calls the ldap start script.

If this startup fails, all further initialization fails.

Detecting startup failure

After the initialization script exits (successfully or otherwise) slapd should be running. To verify that the slapd process is running:

 ps auxww | grep zimbra | grep slapd
 Should return a line containing:
 /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldaps:// ldap://:389/ -f /opt/zimbra/conf/slapd.conf

If there is no output, LDAP is not starting. See the next section

If this line is present, verify that the zimbra system is detecting it (run as the zimbra user):

 ldap status

A return of:

 slapd running pid: 7568  (your PID will vary)

is successful.

If you get no such response from the ldap status command, it's likely that the running slapd process is hanging around from a previous installation. To kill it manually:

 killall -TERM slapd
 ps auxww | grep zimbra | grep slapd

If the process is still there, determine it's PID (second column in the ps output) and

 kill -9 PID

After cleaning up old LDAP processes, you should re-attempt the initialization by re-running zmsetup.pl

Correcting startup failure

If the previous section indicates that ldap is not starting at all, attempt ldap startup manually (as the zimbra user);

 ldap start

LDAP and DNS

LDAP uses DNS to resolve the ldap host, even if it's localhost

To verify that you're able to resolve the ldap host:

host ldap-hostname

Make sure you understand DNS.

Failure to Connect

If resolution succeeds, the initialization may fail because the LDAP server failed to start

Integration with external LDAP servers

External Authentication

External GAL

Connecting to an external LDAP server with SSL

Provisioning users in LDAP

LDAP replication

Jump to: navigation, search