Difference between revisions of "Zimbra-LDAP Multival Configuration"

(Configure SortVal)
 
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
= Zimbra-Openldap MultiVal and SortVal configurations. =
 
= Zimbra-Openldap MultiVal and SortVal configurations. =
 +
 
==== Prerequisite: ====  
 
==== Prerequisite: ====  
Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b2 or above.  
+
Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.
  
 +
'''NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.'''
  
 
==== Restart ldap ====
 
==== Restart ldap ====
Line 9: Line 11:
 
   $ ldap restart
 
   $ ldap restart
  
==== Configure SortVal ====
+
==== Configure SortVal and MultiVal ====
Use ldapmodify commands to add sortval configuration in config db.
+
As Zimbra user, use ldapmodify commands to add sortval configuration in config db.
ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
+
* ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
Type Control-D (^d) as EOF.
+
* Type Ctrl-D (^d) to EOF.
 +
* Replace ldap_master_hostname with the ldap server hostname
 +
* As Zimbra user
  
  $ ldapmodify -c -H "ldap://master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 
  dn: olcDatabase={-1}frontend,cn=config
 
  changetype: modify
 
  add: olcSortVals
 
  olcSortVals: zimbraACE
 
  olcSortVals: zimbraAuthTokens
 
  olcSortVals: zimbraCsrfTokenData
 
  olcSortVals: zimbraPasswordLockoutFailureTime
 
 
==== Configure MultiVal ====
 
Note based upon MMR and standalone server, you will have to use the config db.
 
 
* For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
 
* For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
 +
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
 +
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password
 +
dn: olcDatabase={3}mdb,cn=config
 +
changetype: modify
 +
add: olcDbMultival
 +
olcDbMultival: default 100,3
 +
olcDbMultival: zimbraACE 20,3
 +
olcDbMultival: zimbraAuthTokens 20,3
 +
olcDbMultival: zimbraCsrfTokenData 20,3
 +
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
  
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
+
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  dn: olcDatabase={3}mdb,cn=config
 
  changetype: modify
 
  add: olcDbMultivalHi
 
  olcDbMultivalHi: 100
 
 
 
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 
  dn: olcDatabase={3}mdb,cn=config
 
  changetype: modify
 
  add: olcDbMultivalLo
 
  olcDbMultivalLo: 3
 
  
 
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
 
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
+
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
  dn: olcDatabase={2}mdb,cn=config
+
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password  
  changetype: modify
+
dn: olcDatabase={2}mdb,cn=config
  add: olcDbMultivalHi
+
changetype: modify
  olcDbMultivalHi: 100
+
add: olcDbMultival
 
+
olcDbMultival: default 100,3
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
+
olcDbMultival: zimbraACE 20,3
  dn: olcDatabase={2}mdb,cn=config
+
olcDbMultival: zimbraAuthTokens 20,3
  changetype: modify
+
olcDbMultival: zimbraCsrfTokenData 20,3
  add: olcDbMultivalLo
+
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
  olcDbMultivalLo: 3
+
 
 +
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  
 
==== Verify the configuration. ====
 
==== Verify the configuration. ====
Line 57: Line 51:
 
   $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
 
   $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
 
   olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
 
   olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
   olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultivalHi' DESC 'Threshold for
+
   olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold
  olcAttributeTypes: ( OLcfgDbAt:12.7 NAME 'olcDbMultivalLo' DESC 'Threshold for
+
   axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) )
   axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultivalHi $ olc
+
  olcDbMultival: default 100,3
   olcSortVals: zimbraACE
+
   olcDbMultival: zimbraACE 20,3
   olcSortVals: zimbraAuthTokens
+
   olcDbMultival: zimbraAuthTokens 20,3
   olcSortVals: zimbraCsrfTokenData
+
   olcDbMultival: zimbraCsrfTokenData 20,3
   olcSortVals: zimbraPasswordLockoutFailureTime
+
   olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
  olcDbMultivalLo: 3
+
 
  olcDbMultivalHi: 100
+
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  
 
====  Export the primary database to LDIF. ====
 
====  Export the primary database to LDIF. ====
Line 95: Line 89:
 
   $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
 
   $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
  
9) start ldap
+
==== Start ldap ====
 
As the zimbra user:
 
As the zimbra user:
 
   $ ldap start
 
   $ ldap start
 +
 +
= Ldap Upgrade and Configuration when MultiVal and SortVal is already configured=
 +
 +
Note: Please follow these steps when MultiVal and SortVal attributes are already configured.
 +
 +
1) Stop ldap on the server
 +
* As zimbra user:
 +
 +
  $ ldap stop
 +
 +
2) Export the primary database to LDIF.
 +
* As zimbra user:
 +
 +
$ su - zimbra
 +
$ /opt/zimbra/libexec/zmslapcat /path/to/output/dir
 +
 +
3) Export the accesslog database to LDIF (if this is a master server)
 +
* As zimbra user:
 +
 +
  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir
 +
 +
4) Export the configuration database to LDIF (if this is a master server)
 +
* As zimbra user:
 +
 +
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir
 +
 +
5) Now update the config db with the new parameters for multival
 +
 +
$ cd /path/to/output/dir
 +
 +
Use favorite editor on ldap-config.bak
 +
 +
Removing old attributes:
 +
* Find below(old) attributes and remove them from config file:
 +
olcSortVals: zimbraACE
 +
olcSortVals: zimbraAuthTokens
 +
olcSortVals: zimbraCsrfTokenData
 +
olcSortVals: zimbraPasswordLockoutFailureTime
 +
olcDbMultivalHi: 100
 +
olcDbMultivalLo: 3
 +
 +
Adding new attributes:
 +
 +
* For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
 +
* For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config
 +
 +
Add the following attribute value pairs to the entry:
 +
olcDbMultival: default 100,3
 +
olcDbMultival: zimbraACE 20,3
 +
olcDbMultival: zimbraAuthTokens 20,3
 +
olcDbMultival: zimbraCsrfTokenData 20,3
 +
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 +
 +
6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above
 +
 +
7) Reload the configuration database
 +
* As zimbra user:
 +
 +
  $ cd /opt/zimbra/data/ldap
 +
  $ mv config config.old
 +
  $ mkdir config
 +
  $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak
 +
 +
8) Start ldap
 +
* As zimbra user:
 +
 +
$ ldap start
 +
 +
9) Reload the primary database
 +
* As zimbra user:
 +
 +
  $ cd /opt/zimbra/data/ldap
 +
  $ mv mdb mdb.old
 +
  $ mkdir -p mdb/db
 +
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak
 +
 +
10) Reload the accesslog database (if this is a master server)
 +
* As zimbra user:
 +
 +
$ cd /opt/zimbra/data/ldap
 +
$ mv accesslog accesslog.old
 +
$ mkdir -p accesslog/db
 +
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
 +
 +
Restart ldap
 +
* Restart ldap as zimbra user:
 +
 +
$ su - zimbra
 +
$ ldap restart

Latest revision as of 12:49, 6 August 2019

Zimbra-Openldap MultiVal and SortVal configurations.

Prerequisite:

Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.

NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.

Restart ldap

Restart ldap as zimbra user:

 $ su - zimbra
 $ ldap restart

Configure SortVal and MultiVal

As Zimbra user, use ldapmodify commands to add sortval configuration in config db.

  • ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
  • Type Ctrl-D (^d) to EOF.
  • Replace ldap_master_hostname with the ldap server hostname
  • As Zimbra user
  • For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={3}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

  • For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Verify the configuration.

As zimbra user:

  $ source /opt/zimbra/bin/zmshutil ; zmsetvars ; 
  $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
  olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
  olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold
  axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) )
  olcDbMultival: default 100,3
  olcDbMultival: zimbraACE 20,3
  olcDbMultival: zimbraAuthTokens 20,3
  olcDbMultival: zimbraCsrfTokenData 20,3
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Export the primary database to LDIF.

As zimbra user:

 $ su - zimbra
 $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

Export the accesslog database to LDIF (if this is a master server)

As zimbra user:

  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

Stop ldap on the server

As zimbra user:

  $ ldap stop

Reload the primary database

As the zimbra user:

  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

Reload the accesslog database (if this is a master server)

As the zimbra user:

 $ cd /opt/zimbra/data/ldap
 $ mv accesslog accesslog.old
 $ mkdir -p accesslog/db
 $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Start ldap

As the zimbra user:

 $ ldap start

Ldap Upgrade and Configuration when MultiVal and SortVal is already configured

Note: Please follow these steps when MultiVal and SortVal attributes are already configured.

1) Stop ldap on the server

  • As zimbra user:
 $ ldap stop

2) Export the primary database to LDIF.

  • As zimbra user:
$ su - zimbra
$ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

3) Export the accesslog database to LDIF (if this is a master server)

  • As zimbra user:
 $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

4) Export the configuration database to LDIF (if this is a master server)

  • As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir

5) Now update the config db with the new parameters for multival

$ cd /path/to/output/dir

Use favorite editor on ldap-config.bak

Removing old attributes:

  • Find below(old) attributes and remove them from config file:
olcSortVals: zimbraACE
olcSortVals: zimbraAuthTokens
olcSortVals: zimbraCsrfTokenData
olcSortVals: zimbraPasswordLockoutFailureTime
olcDbMultivalHi: 100
olcDbMultivalLo: 3

Adding new attributes:

  • For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
  • For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config

Add the following attribute value pairs to the entry:

olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above

7) Reload the configuration database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv config config.old
 $ mkdir config
 $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak

8) Start ldap

  • As zimbra user:
$ ldap start

9) Reload the primary database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv mdb mdb.old
 $ mkdir -p mdb/db
 $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

10) Reload the accesslog database (if this is a master server)

  • As zimbra user:
$ cd /opt/zimbra/data/ldap
$ mv accesslog accesslog.old
$ mkdir -p accesslog/db
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Restart ldap

  • Restart ldap as zimbra user:
$ su - zimbra
$ ldap restart
Jump to: navigation, search