Difference between revisions of "Zimbra-LDAP Multival Configuration"
(→Zimbra-Openldap MultiVal and SortVal configurations.) |
|||
| (15 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
= Zimbra-Openldap MultiVal and SortVal configurations. = | = Zimbra-Openldap MultiVal and SortVal configurations. = | ||
| + | |||
==== Prerequisite: ==== | ==== Prerequisite: ==== | ||
| − | Install latest zimbra-openldap-server version 2.4.46-1zimbra8. | + | Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above. |
| + | '''NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.''' | ||
==== Restart ldap ==== | ==== Restart ldap ==== | ||
| Line 9: | Line 11: | ||
$ ldap restart | $ ldap restart | ||
| − | ==== Configure SortVal ==== | + | ==== Configure SortVal and MultiVal ==== |
| − | + | As Zimbra user, use ldapmodify commands to add sortval configuration in config db. | |
| − | ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker. | + | * ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker. |
| − | Type | + | * Type Ctrl-D (^d) to EOF. |
| + | * Replace ldap_master_hostname with the ldap server hostname | ||
| + | * As Zimbra user | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
* For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config | * For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config | ||
| + | $ source /opt/zimbra/bin/zmshutil ; zmsetvars | ||
| + | $ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password | ||
| + | dn: olcDatabase={3}mdb,cn=config | ||
| + | changetype: modify | ||
| + | add: olcDbMultival | ||
| + | olcDbMultival: default 100,3 | ||
| + | olcDbMultival: zimbraACE 20,3 | ||
| + | olcDbMultival: zimbraAuthTokens 20,3 | ||
| + | olcDbMultival: zimbraCsrfTokenData 20,3 | ||
| + | olcDbMultival: zimbraPasswordLockoutFailureTime 20,3 | ||
| − | + | After the above statement, type Ctrl-D (^d) to EOF and submit the changes. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config | * For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config | ||
| − | + | $ source /opt/zimbra/bin/zmshutil ; zmsetvars | |
| − | + | $ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password | |
| − | + | dn: olcDatabase={2}mdb,cn=config | |
| − | + | changetype: modify | |
| − | + | add: olcDbMultival | |
| − | + | olcDbMultival: default 100,3 | |
| − | + | olcDbMultival: zimbraACE 20,3 | |
| − | + | olcDbMultival: zimbraAuthTokens 20,3 | |
| − | + | olcDbMultival: zimbraCsrfTokenData 20,3 | |
| − | + | olcDbMultival: zimbraPasswordLockoutFailureTime 20,3 | |
| − | + | ||
| + | After the above statement, type Ctrl-D (^d) to EOF and submit the changes. | ||
==== Verify the configuration. ==== | ==== Verify the configuration. ==== | ||
| Line 58: | Line 51: | ||
$ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival | $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival | ||
olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va | olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va | ||
| − | olcAttributeTypes: ( OLcfgDbAt:12.6 NAME ' | + | olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold |
| − | + | axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) ) | |
| − | axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ | + | olcDbMultival: default 100,3 |
| − | + | olcDbMultival: zimbraACE 20,3 | |
| − | + | olcDbMultival: zimbraAuthTokens 20,3 | |
| − | + | olcDbMultival: zimbraCsrfTokenData 20,3 | |
| − | + | olcDbMultival: zimbraPasswordLockoutFailureTime 20,3 | |
| − | + | ||
| − | + | After the above statement, type Ctrl-D (^d) to EOF and submit the changes. | |
==== Export the primary database to LDIF. ==== | ==== Export the primary database to LDIF. ==== | ||
| Line 96: | Line 89: | ||
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak | $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak | ||
| − | + | ==== Start ldap ==== | |
As the zimbra user: | As the zimbra user: | ||
$ ldap start | $ ldap start | ||
| + | |||
| + | = Ldap Upgrade and Configuration when MultiVal and SortVal is already configured= | ||
| + | |||
| + | Note: Please follow these steps when MultiVal and SortVal attributes are already configured. | ||
| + | |||
| + | 1) Stop ldap on the server | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ ldap stop | ||
| + | |||
| + | 2) Export the primary database to LDIF. | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ su - zimbra | ||
| + | $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir | ||
| + | |||
| + | 3) Export the accesslog database to LDIF (if this is a master server) | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir | ||
| + | |||
| + | 4) Export the configuration database to LDIF (if this is a master server) | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir | ||
| + | |||
| + | 5) Now update the config db with the new parameters for multival | ||
| + | |||
| + | $ cd /path/to/output/dir | ||
| + | |||
| + | Use favorite editor on ldap-config.bak | ||
| + | |||
| + | Removing old attributes: | ||
| + | * Find below(old) attributes and remove them from config file: | ||
| + | olcSortVals: zimbraACE | ||
| + | olcSortVals: zimbraAuthTokens | ||
| + | olcSortVals: zimbraCsrfTokenData | ||
| + | olcSortVals: zimbraPasswordLockoutFailureTime | ||
| + | olcDbMultivalHi: 100 | ||
| + | olcDbMultivalLo: 3 | ||
| + | |||
| + | Adding new attributes: | ||
| + | |||
| + | * For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config | ||
| + | * For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config | ||
| + | |||
| + | Add the following attribute value pairs to the entry: | ||
| + | olcDbMultival: default 100,3 | ||
| + | olcDbMultival: zimbraACE 20,3 | ||
| + | olcDbMultival: zimbraAuthTokens 20,3 | ||
| + | olcDbMultival: zimbraCsrfTokenData 20,3 | ||
| + | olcDbMultival: zimbraPasswordLockoutFailureTime 20,3 | ||
| + | |||
| + | 6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above | ||
| + | |||
| + | 7) Reload the configuration database | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ cd /opt/zimbra/data/ldap | ||
| + | $ mv config config.old | ||
| + | $ mkdir config | ||
| + | $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak | ||
| + | |||
| + | 8) Start ldap | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ ldap start | ||
| + | |||
| + | 9) Reload the primary database | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ cd /opt/zimbra/data/ldap | ||
| + | $ mv mdb mdb.old | ||
| + | $ mkdir -p mdb/db | ||
| + | $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak | ||
| + | |||
| + | 10) Reload the accesslog database (if this is a master server) | ||
| + | * As zimbra user: | ||
| + | |||
| + | $ cd /opt/zimbra/data/ldap | ||
| + | $ mv accesslog accesslog.old | ||
| + | $ mkdir -p accesslog/db | ||
| + | $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak | ||
| + | |||
| + | Restart ldap | ||
| + | * Restart ldap as zimbra user: | ||
| + | |||
| + | $ su - zimbra | ||
| + | $ ldap restart | ||
Latest revision as of 12:49, 6 August 2019
Contents
- 1 Zimbra-Openldap MultiVal and SortVal configurations.
- 1.1 Prerequisite:
- 1.2 Restart ldap
- 1.3 Configure SortVal and MultiVal
- 1.4 Verify the configuration.
- 1.5 Export the primary database to LDIF.
- 1.6 Export the accesslog database to LDIF (if this is a master server)
- 1.7 Stop ldap on the server
- 1.8 Reload the primary database
- 1.9 Reload the accesslog database (if this is a master server)
- 1.10 Start ldap
- 2 Ldap Upgrade and Configuration when MultiVal and SortVal is already configured
Zimbra-Openldap MultiVal and SortVal configurations.
Prerequisite:
Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.
NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.
Restart ldap
Restart ldap as zimbra user:
$ su - zimbra $ ldap restart
Configure SortVal and MultiVal
As Zimbra user, use ldapmodify commands to add sortval configuration in config db.
- ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
- Type Ctrl-D (^d) to EOF.
- Replace ldap_master_hostname with the ldap server hostname
- As Zimbra user
- For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password
dn: olcDatabase={3}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
- For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
Verify the configuration.
As zimbra user:
$ source /opt/zimbra/bin/zmshutil ; zmsetvars ; $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) ) olcDbMultival: default 100,3 olcDbMultival: zimbraACE 20,3 olcDbMultival: zimbraAuthTokens 20,3 olcDbMultival: zimbraCsrfTokenData 20,3 olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
Export the primary database to LDIF.
As zimbra user:
$ su - zimbra $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir
Export the accesslog database to LDIF (if this is a master server)
As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir
Stop ldap on the server
As zimbra user:
$ ldap stop
Reload the primary database
As the zimbra user:
$ cd /opt/zimbra/data/ldap $ mv mdb mdb.old $ mkdir -p mdb/db $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak
Reload the accesslog database (if this is a master server)
As the zimbra user:
$ cd /opt/zimbra/data/ldap $ mv accesslog accesslog.old $ mkdir -p accesslog/db $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
Start ldap
As the zimbra user:
$ ldap start
Ldap Upgrade and Configuration when MultiVal and SortVal is already configured
Note: Please follow these steps when MultiVal and SortVal attributes are already configured.
1) Stop ldap on the server
- As zimbra user:
$ ldap stop
2) Export the primary database to LDIF.
- As zimbra user:
$ su - zimbra $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir
3) Export the accesslog database to LDIF (if this is a master server)
- As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir
4) Export the configuration database to LDIF (if this is a master server)
- As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir
5) Now update the config db with the new parameters for multival
$ cd /path/to/output/dir
Use favorite editor on ldap-config.bak
Removing old attributes:
- Find below(old) attributes and remove them from config file:
olcSortVals: zimbraACE olcSortVals: zimbraAuthTokens olcSortVals: zimbraCsrfTokenData olcSortVals: zimbraPasswordLockoutFailureTime olcDbMultivalHi: 100 olcDbMultivalLo: 3
Adding new attributes:
- For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
- For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config
Add the following attribute value pairs to the entry:
olcDbMultival: default 100,3 olcDbMultival: zimbraACE 20,3 olcDbMultival: zimbraAuthTokens 20,3 olcDbMultival: zimbraCsrfTokenData 20,3 olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above
7) Reload the configuration database
- As zimbra user:
$ cd /opt/zimbra/data/ldap $ mv config config.old $ mkdir config $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak
8) Start ldap
- As zimbra user:
$ ldap start
9) Reload the primary database
- As zimbra user:
$ cd /opt/zimbra/data/ldap $ mv mdb mdb.old $ mkdir -p mdb/db $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak
10) Reload the accesslog database (if this is a master server)
- As zimbra user:
$ cd /opt/zimbra/data/ldap $ mv accesslog accesslog.old $ mkdir -p accesslog/db $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
Restart ldap
- Restart ldap as zimbra user:
$ su - zimbra $ ldap restart
