Difference between revisions of "Zimbra-LDAP Multival Configuration"

(Zimbra-Openldap MultiVal and SortVal configurations.)
 
Line 14: Line 14:
 
As Zimbra user, use ldapmodify commands to add sortval configuration in config db.
 
As Zimbra user, use ldapmodify commands to add sortval configuration in config db.
 
* ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
 
* ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
* Type Control-D (^d) as EOF.
+
* Type Ctrl-D (^d) to EOF.
 
* Replace ldap_master_hostname with the ldap server hostname
 
* Replace ldap_master_hostname with the ldap server hostname
 
* As Zimbra user
 
* As Zimbra user
Line 29: Line 29:
 
  olcDbMultival: zimbraCsrfTokenData 20,3
 
  olcDbMultival: zimbraCsrfTokenData 20,3
 
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 +
 +
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  
 
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
 
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
Line 41: Line 43:
 
  olcDbMultival: zimbraCsrfTokenData 20,3
 
  olcDbMultival: zimbraCsrfTokenData 20,3
 
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 +
 +
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  
 
==== Verify the configuration. ====
 
==== Verify the configuration. ====
Line 54: Line 58:
 
   olcDbMultival: zimbraCsrfTokenData 20,3
 
   olcDbMultival: zimbraCsrfTokenData 20,3
 
   olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 
   olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 +
 +
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  
 
====  Export the primary database to LDIF. ====
 
====  Export the primary database to LDIF. ====

Latest revision as of 12:49, 6 August 2019

Zimbra-Openldap MultiVal and SortVal configurations.

Prerequisite:

Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.

NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.

Restart ldap

Restart ldap as zimbra user:

 $ su - zimbra
 $ ldap restart

Configure SortVal and MultiVal

As Zimbra user, use ldapmodify commands to add sortval configuration in config db.

  • ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
  • Type Ctrl-D (^d) to EOF.
  • Replace ldap_master_hostname with the ldap server hostname
  • As Zimbra user
  • For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={3}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

  • For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Verify the configuration.

As zimbra user:

  $ source /opt/zimbra/bin/zmshutil ; zmsetvars ; 
  $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
  olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
  olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold
  axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) )
  olcDbMultival: default 100,3
  olcDbMultival: zimbraACE 20,3
  olcDbMultival: zimbraAuthTokens 20,3
  olcDbMultival: zimbraCsrfTokenData 20,3
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Export the primary database to LDIF.

As zimbra user:

 $ su - zimbra
 $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

Export the accesslog database to LDIF (if this is a master server)

As zimbra user:

  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

Stop ldap on the server

As zimbra user:

  $ ldap stop

Reload the primary database

As the zimbra user:

  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

Reload the accesslog database (if this is a master server)

As the zimbra user:

 $ cd /opt/zimbra/data/ldap
 $ mv accesslog accesslog.old
 $ mkdir -p accesslog/db
 $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Start ldap

As the zimbra user:

 $ ldap start

Ldap Upgrade and Configuration when MultiVal and SortVal is already configured

Note: Please follow these steps when MultiVal and SortVal attributes are already configured.

1) Stop ldap on the server

  • As zimbra user:
 $ ldap stop

2) Export the primary database to LDIF.

  • As zimbra user:
$ su - zimbra
$ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

3) Export the accesslog database to LDIF (if this is a master server)

  • As zimbra user:
 $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

4) Export the configuration database to LDIF (if this is a master server)

  • As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir

5) Now update the config db with the new parameters for multival

$ cd /path/to/output/dir

Use favorite editor on ldap-config.bak

Removing old attributes:

  • Find below(old) attributes and remove them from config file:
olcSortVals: zimbraACE
olcSortVals: zimbraAuthTokens
olcSortVals: zimbraCsrfTokenData
olcSortVals: zimbraPasswordLockoutFailureTime
olcDbMultivalHi: 100
olcDbMultivalLo: 3

Adding new attributes:

  • For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
  • For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config

Add the following attribute value pairs to the entry:

olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above

7) Reload the configuration database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv config config.old
 $ mkdir config
 $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak

8) Start ldap

  • As zimbra user:
$ ldap start

9) Reload the primary database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv mdb mdb.old
 $ mkdir -p mdb/db
 $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

10) Reload the accesslog database (if this is a master server)

  • As zimbra user:
$ cd /opt/zimbra/data/ldap
$ mv accesslog accesslog.old
$ mkdir -p accesslog/db
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Restart ldap

  • Restart ldap as zimbra user:
$ su - zimbra
$ ldap restart
Jump to: navigation, search