Turning off starttls for replication: Difference between revisions

No edit summary
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication AND the Zimbra release version is up to version 7.1.3.  Starting with version 7.1.4, we ship a tool which allows such operation, [http://bugzilla.zimbra.com/show_bug.cgi?id=62787 Bug 62787: Create script to allow easy modification of syncrepl information for replicas]. Please note that you should be very careful in this process or you may break your ldap server.'''
{{BC|Certified}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=Turning off starttls for replication=
{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}}}
{{WIP}}
==Purpose==
'''Note:''' ''This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication AND the Zimbra release version is up to version 7.1.3.  Starting with version 7.1.4, we ship a tool which allows such operation, [http://bugzilla.zimbra.com/show_bug.cgi?id=62787 Bug 62787: Create script to allow easy modification of syncrepl information for replicas]. Please note that you should be very careful in this process or you may break your ldap server.''


==Issue==
If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication. The resolution here won't survive upgrades, and has to be reapplied.
If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication. The resolution here won't survive upgrades, and has to be reapplied.


==Steps (ZCS 7.1.4+)==
==Resolution==
1. On every replica server, become the user ''zimbra'':
1. On every replica server, become the user ''zimbra'':
  su - zimbra
  su - zimbra
Line 12: Line 18:
  ldap stop
  ldap stop
  ldap start
  ldap start
==Steps (older version than 7.1.4)==
===Steps (older version than 7.1.4)===
1. Edit the following file:
1. Edit the following file:
  vi /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif
  vi /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif
2. Search for "starttls=critical" in the file and remove it.
2. Search for "starttls=critical" in the file and remove it.
4. Save the file and restart ldap on both master and replica.
 
3. Save the file and restart ldap on both master and replica.
  ldap stop
  ldap stop
  ldap start
  ldap start
5. Verify replication by checking messages in zimbra.log
4. Verify replication by checking messages in zimbra.log
 
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0, 7.0|03/18/2015}}
{{NeedSME|SME 1|SME 2|Copyeditor}}

Latest revision as of 10:58, 13 July 2015

Turning off starttls for replication

   KB 15335        Last updated on 2015-07-13  




0.00
(0 votes)

Purpose

Note: This document gather steps to update "olcSyncrepl" details in ldap config database ONLY in case of someone needs to disable starttls communication for replication AND the Zimbra release version is up to version 7.1.3. Starting with version 7.1.4, we ship a tool which allows such operation, Bug 62787: Create script to allow easy modification of syncrepl information for replicas. Please note that you should be very careful in this process or you may break your ldap server.

If the replication is not working, even with correct starttls setup. Or there is a need to disable TLS communication for replication. The resolution here won't survive upgrades, and has to be reapplied.

Resolution

1. On every replica server, become the user zimbra:

su - zimbra

2. Run the following command:

/opt/zimbra/libexec/zmldapreplicatool -t off

3. Restart the ldap service:

ldap stop
ldap start

Steps (older version than 7.1.4)

1. Edit the following file:

vi /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif

2. Search for "starttls=critical" in the file and remove it.

3. Save the file and restart ldap on both master and replica.

ldap stop
ldap start

4. Verify replication by checking messages in zimbra.log

Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0, 7.0 Date Created: 03/18/2015
Article ID: https://wiki.zimbra.com/index.php?title=Turning_off_starttls_for_replication Date Modified: 2015-07-13



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME 1 SME 2 Copyeditor Last edit by Jorge de la Cruz
Jump to: navigation, search