Difference between revisions of "Promoting Replica to LDAP Master 6.0"

m (Adding category)
(Redirected page to Promoting Replica to LDAP Master)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{ZC}}
+
#REDIRECT [[Promoting Replica to LDAP Master]]
Only one master LDAP server can exist and this LDAP server is authoritative for user information, server configuration, etc. The instructions that follow explain how to promote a replica LDAP server to master and disable the previous LDAP master.
 
 
 
==Promoting a Replica Server – Demoting the Master Server==
 
 
 
Before you can promote a replica LDAP server to become the master LDAP server, your LDAP replication servers must be up and working correctly; that is the replica LDAP server(s) must be receiving LDAP updates from the master. See the Multi-Server Installation Guide, LDAP Replication Installation chapter.
 
 
 
'''To promote a replica server to be master'''
 
 
 
# Shut down all services on all ZCS servers by running '''zmcontrol stop'''.
 
# On the replica LDAP server that '''will be the new''' master LDAP server, do the following as the zimbra user:
 
:a. Start ldap: '''ldap start'''
 
:b. Note the ldap root password, as it will be used extensively: '''zmlocalconfig -s ldap_root_password'''
 
:c. Update the main ldap database to be a master:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcDatabase={2}hdb,cn=config<br />
 
changetype:modify<br />
 
delete: olcSyncrepl<br /><br />
 
ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcDatabase={2}hdb,cn=config<br />
 
changetype:modify<br />
 
delete: olcUpdateRef<br /><br />
 
ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config<br />
 
changetype:modify<br />
 
add: olcSpCheckpoint<br />
 
olcSpCheckpoint: 20 10<br /><br />
 
ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config<br />
 
changetype:modify<br />
 
add: olcSpSessionLog<br />
 
olcSpSessionlog: 500<br />
 
|}
 
:d. Prepare the accesslog database for the new master:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
ldap stop<br /><br />
 
cd /opt/zimbra/data/ldap<br />
 
mkdir -p accesslog/db<br />
 
mkdir -p accesslog/logs<br />
 
|}
 
:e. Copy in the relevant DB_CONFIG file. For a custom DB_CONFIG:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
cp /opt/zimbra/conf/custom/ldap/DB_CONFIG.accesslog /opt/zimbra/accesslog/db/DB_CONFIG
 
|}
 
:For the default DB_CONFIG:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
cp /opt/zimbra/openldap/var/openldap-data/DB_CONFIG.accesslog /opt/zimbra/accesslog/db/DB_CONFIG
 
|}
 
:Start ldap again:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
ldap start
 
|}
 
:f. Add the accesslog database:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 4.65in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="798" |
 
ldapadd -x -H ldapi:/// -D "cn=config" -w "ldap root password"
 
dn: olcDatabase={2}hdb,cn=config<br />
 
changetype: add<br />
 
objectClass: olcDatabaseConfig<br />
 
objectClass: olcHdbConfig<br />
 
olcDatabase: {2}hdb<br />
 
olcDbDirectory: /opt/zimbra/data/ldap/accesslog/db<br />
 
olcSuffix: cn=accesslog<br />
 
olcAccess: {0}to dn.subtree="cn=accesslog"  by dn.exact="uid=zimbra,cn=admins,cn=zimbra" read  by dn.exact="cn=config" read  by dn.exact="uid=zmreplica,cn=admins,cn=zimbra" read<br />
 
olcLastMod: TRUE<br />
 
olcMaxDerefDepth: 15<br />
 
olcReadOnly: FALSE<br />
 
olcRootDN: cn=config<br />
 
olcSizeLimit: unlimited<br />
 
olcTimeLimit: unlimited<br />
 
olcMonitoring: TRUE<br />
 
olcDbCacheSize: 10000<br />
 
olcDbCheckpoint: 64 5<br />
 
olcDbNoSync: FALSE<br />
 
olcDbDirtyRead: FALSE<br />
 
olcDbIDLcacheSize: 10000<br />
 
olcDbIndex: entryCSN eq<br />
 
olcDbIndex: objectClass eq<br />
 
olcDbIndex: reqEnd eq<br />
 
olcDbIndex: reqResult eq<br />
 
olcDbIndex: reqStart eq<br />
 
olcDbLinearIndex: FALSE<br />
 
olcDbMode: 0600<br />
 
olcDbSearchStack: 16<br />
 
olcDbShmKey: 0<br />
 
olcDbCacheFree: 1<br />
 
olcDbDNcacheSize: 0<br />
 
<br />
 
ldapadd -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config<br />
 
changetype: add<br />
 
objectClass: olcOverlayConfig<br />
 
objectClass: olcSyncProvConfig<br />
 
olcOverlay: syncprov<br />
 
olcSpNoPresent: TRUE<br />
 
olcSpReloadHint: TRUE<br />
 
<br />
 
ldapadd -x -H ldapi:/// -D "cn=config" -w "ldap root password"<br />
 
dn: olcOverlay=accesslog,olcDatabase={3}hdb,cn=config<br />
 
changetype: add<br />
 
objectClass: olcOverlayConfig<br />
 
objectClass: olcAccessLogConfig<br />
 
olcOverlay: accesslog<br />
 
olcAccessLogDB: cn=accesslog<br />
 
olcAccessLogOps: writes<br />
 
olcAccessLogSuccess: TRUE<br />
 
olcAccessLogPurge: 01+00:00  00+04:00<br />
 
|}
 
:g. Update the localconfig values for this server:
 
 
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-yfti-tbllook: 480; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; page-break-inside: avoid"
 
| style="width: 4.9in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="588" |
 
zmlocalconfig –e ldap_master_url= <new_master_directory_address> <br>zmlocalconfig –e ldap_url= <new_master_directory_address><br>zmlocalconfig –e ldap_is_master= true<br>
 
zmlocalconfig –e ldap_host= <newmaster_directory_host>
 
|}
 
:h. On all other servers, update the localconfig values:
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-yfti-tbllook: 480; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes; page-break-inside: avoid"
 
| style="width: 4.9in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="588" |
 
zmlocalconfig –e ldap_master_url= <new_master_directory_address> <br>
 
zmlocalconfig –e ldap_host= <newmaster_directory_host>
 
|}
 
:i. On all the other servers, update '''zmlocalconfig -e ldap_url''' to remove the old master server.  It should already include the new one.
 
 
 
3. Now you run '''zmmtainit''' to edit the '''ldap*.cf''' files in '''/opt/zimbra/conf''' to set the new master LDAP server as the authority for the MTA.These files tell Postfix how to connect to the LDAP server for various commands. If you are moving the directories, you might have Postfix pointing to a server that no longer runs LDAP, which will cause mail delivery to stop.
 
 
 
Note: '''zmmtainit''' should be run on the hosts that are running an MTA, but is not required on the other hosts.
 
 
 
As zimbra, type the following. The "XX" is a dummy value.  The zmmtainit command will use the ldap_url value from localconfig in spite of this.
 
 
 
{| class="screen" style="margin-left: .5in; border-collapse: collapse; mso-yfti-tbllook: 480; mso-padding-alt: 0in 5.4pt 0in 5.4pt"
 
|- style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"
 
| style="width: 5.1in; background: #E6E6E6; padding: 0in 5.4pt 0in 5.4pt" width="612" |
 
/opt/zimbra/libexec/zmmtainit XX
 
|}
 
 
 
4. Start the new LDAP master, type '''zmcontrol start'''. Then start up the services on all the other servers. At this point, services should be up and running on all hosts, and they should all be working off the new Master LDAP server.
 
 
 
==Shut down the previous master==
 
 
 
The old LDAP master must be disabled.
 
 
 
= Related Articles =
 
[[LDAP|LDAP]]
 
 
 
--------------------------------------------------------------------------------
 
 
 
{{Article Footer|Zimbra Collaboration Suite 6.0.2|10/1/2009}}
 
 
 
[[Category:Certified]]
 
[[Category: Installation]]
 
[[Category: LDAP]]
 
[[Category: ZCS 6.0]]
 

Latest revision as of 03:01, 8 April 2011

Jump to: navigation, search