Difference between revisions of "Turning off starttls for replication"

(Issue)
Line 1: Line 1:
'''This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication. Please note that you should be very careful in this process or you may break your ldap server.'''
+
'''This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication AND the Zimbra release version is up to version 7.1.3.  Starting with version 7.1.4, we ship a tool which allows such operation, [http://bugzilla.zimbra.com/show_bug.cgi?id=62787 Bug 62787: Create script to allow easy modification of syncrepl information for replicas]. Please note that you should be very careful in this process or you may break your ldap server.'''
  
 
==Issue==
 
==Issue==
If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication.
+
If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication. The resolution here won't survive upgrades, and has to be reapplied.
 
 
==Steps==
 
Modifying olcDatabase={2}hdb.ldif.
 
 
 
1. Open /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif
 
  
 +
==Steps (ZCS 7.1.4+)==
 +
1. On every replica server, become the user ''zimbra'':
 +
su - zimbra
 +
2. Run the following command:
 +
/opt/zimbra/libexec/zmldapreplicatool -t off
 +
3. Restart the ldap service:
 +
ldap stop
 +
ldap start
 +
==Steps (older version than 7.1.4)==
 +
1. Edit the following file:
 +
vi /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif
 
2. Search for "starttls=critical" in the file and remove it.
 
2. Search for "starttls=critical" in the file and remove it.
 
 
4. Save the file and restart ldap on both master and replica.
 
4. Save the file and restart ldap on both master and replica.
  ldap stop; ldap start
+
ldap stop
 
+
ldap start
5. Verify replication
+
5. Verify replication by checking messages in zimbra.log

Revision as of 12:06, 11 January 2013

This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication AND the Zimbra release version is up to version 7.1.3. Starting with version 7.1.4, we ship a tool which allows such operation, Bug 62787: Create script to allow easy modification of syncrepl information for replicas. Please note that you should be very careful in this process or you may break your ldap server.

Issue

If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication. The resolution here won't survive upgrades, and has to be reapplied.

Steps (ZCS 7.1.4+)

1. On every replica server, become the user zimbra:

su - zimbra

2. Run the following command:

/opt/zimbra/libexec/zmldapreplicatool -t off

3. Restart the ldap service:

ldap stop
ldap start

Steps (older version than 7.1.4)

1. Edit the following file:

vi /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif

2. Search for "starttls=critical" in the file and remove it. 4. Save the file and restart ldap on both master and replica.

ldap stop
ldap start

5. Verify replication by checking messages in zimbra.log

Jump to: navigation, search