Zimbra-LDAP Multival Configuration: Difference between revisions

No edit summary
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Prerequisite:
= Zimbra-Openldap MultiVal and SortVal configurations. =
Install latest zimbra-openldap0-server version 2.4.46-1zimbra8.7b2 or above.  


==== Prerequisite: ====
Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.
'''NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.'''


==== Restart ldap ====
==== Restart ldap ====
Line 8: Line 11:
   $ ldap restart
   $ ldap restart


==== Configure SortVal ====
==== Configure SortVal and MultiVal ====
Use ldapmodify commands to add sortval configuration in config db.
As Zimbra user, use ldapmodify commands to add sortval configuration in config db.
ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
* ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
Type Control-D (^d) as EOF.
* Type Ctrl-D (^d) to EOF.
 
* Replace ldap_master_hostname with the ldap server hostname
  $ ldapmodify -c -H "ldap://master_ldap_hostname:389" -D cn=config -w $ldap_root_password
* As Zimbra user
  dn: olcDatabase={-1}frontend,cn=config
  changetype: modify
  add: olcSortVals
  olcSortVals: zimbraACE
  olcSortVals: zimbraAuthTokens
  olcSortVals: zimbraCsrfTokenData
  olcSortVals: zimbraPasswordLockoutFailureTime
 
 
==== Configure MultiVal ====
Note based upon MMR and standalone server, you will have to use the config db.


* For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
* For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password
dn: olcDatabase={3}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3


  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.
  dn: olcDatabase={3}mdb,cn=config
  changetype: modify
  add: olcDbMultivalHi
  olcDbMultivalHi: 100
 
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
  dn: olcDatabase={3}mdb,cn=config
  changetype: modify
  add: olcDbMultivalLo
  olcDbMultivalLo: 3


* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
* For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
$ source /opt/zimbra/bin/zmshutil ; zmsetvars
  dn: olcDatabase={2}mdb,cn=config
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password  
  changetype: modify
dn: olcDatabase={2}mdb,cn=config
  add: olcDbMultivalHi
changetype: modify
  olcDbMultivalHi: 100
add: olcDbMultival
 
olcDbMultival: default 100,3
  $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
olcDbMultival: zimbraACE 20,3
  dn: olcDatabase={2}mdb,cn=config
olcDbMultival: zimbraAuthTokens 20,3
  changetype: modify
olcDbMultival: zimbraCsrfTokenData 20,3
  add: olcDbMultivalLo
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
  olcDbMultivalLo: 3
 
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.


==== Verify the configuration. ====
==== Verify the configuration. ====
 
As zimbra user:
   $ source /opt/zimbra/bin/zmshutil ; zmsetvars ;  
   $ source /opt/zimbra/bin/zmshutil ; zmsetvars ;  
   $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
   $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
   olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
   olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
   olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultivalHi' DESC 'Threshold for
   olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold
  olcAttributeTypes: ( OLcfgDbAt:12.7 NAME 'olcDbMultivalLo' DESC 'Threshold for
   axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) )
   axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultivalHi $ olc
  olcDbMultival: default 100,3
   olcSortVals: zimbraACE
   olcDbMultival: zimbraACE 20,3
   olcSortVals: zimbraAuthTokens
   olcDbMultival: zimbraAuthTokens 20,3
   olcSortVals: zimbraCsrfTokenData
   olcDbMultival: zimbraCsrfTokenData 20,3
   olcSortVals: zimbraPasswordLockoutFailureTime
   olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
  olcDbMultivalLo: 3
 
  olcDbMultivalHi: 100
After the above statement, type Ctrl-D (^d) to EOF and submit the changes.


====  Export the primary database to LDIF. ====
====  Export the primary database to LDIF. ====
Line 73: Line 66:
   $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir
   $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir


5) Export the accesslog database to LDIF (if this is a master server)
====  Export the accesslog database to LDIF (if this is a master server) ==== 
As zimbra user:
As zimbra user:
/opt/zimbra/libexec/zmslapcat -a /path/to/output/dir
  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir


6) Stop ldap on the server
====  Stop ldap on the server ==== 
As zimbra user:
As zimbra user:
ldap stop
  $ ldap stop


7) Reload the primary database
==== Reload the primary database ====
As the zimbra user:
As the zimbra user:
  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak


cd /opt/zimbra/data/ldap
==== Reload the accesslog database (if this is a master server) ====
mv mdb mdb.old
mkdir -p mdb/db
/opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak


8)Reload the accesslog database (if this is a master server)
As the zimbra user:
  $ cd /opt/zimbra/data/ldap
  $ mv accesslog accesslog.old
  $ mkdir -p accesslog/db
  $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak


====  Start ldap ====
As the zimbra user:
As the zimbra user:
  $ ldap start
= Ldap Upgrade and Configuration when MultiVal and SortVal is already configured=
Note: Please follow these steps when MultiVal and SortVal attributes are already configured.
1) Stop ldap on the server
* As zimbra user:
  $ ldap stop
2) Export the primary database to LDIF.
* As zimbra user:
$ su - zimbra
$ /opt/zimbra/libexec/zmslapcat /path/to/output/dir
3) Export the accesslog database to LDIF (if this is a master server)
* As zimbra user:
  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir
4) Export the configuration database to LDIF (if this is a master server)
* As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir
5) Now update the config db with the new parameters for multival


cd /opt/zimbra/data/ldap
$ cd /path/to/output/dir
mv accesslog accesslog.old
mkdir -p accesslog/db
/opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak


9)  start ldap
Use favorite editor on ldap-config.bak
As the zimbra user:
 
ldap start
Removing old attributes:
* Find below(old) attributes and remove them from config file:
olcSortVals: zimbraACE
olcSortVals: zimbraAuthTokens
olcSortVals: zimbraCsrfTokenData
olcSortVals: zimbraPasswordLockoutFailureTime
olcDbMultivalHi: 100
olcDbMultivalLo: 3
 
Adding new attributes:
 
* For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
* For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config
 
Add the following attribute value pairs to the entry:
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3
 
6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above
 
7) Reload the configuration database
* As zimbra user:
 
  $ cd /opt/zimbra/data/ldap
  $ mv config config.old
  $ mkdir config
  $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak
 
8) Start ldap
* As zimbra user:
 
  $ ldap start
 
9) Reload the primary database
* As zimbra user:
 
  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak
 
10) Reload the accesslog database (if this is a master server)
* As zimbra user:
 
$ cd /opt/zimbra/data/ldap
$ mv accesslog accesslog.old
$ mkdir -p accesslog/db
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak
 
Restart ldap
* Restart ldap as zimbra user:
 
$ su - zimbra
$ ldap restart

Latest revision as of 12:49, 6 August 2019

Zimbra-Openldap MultiVal and SortVal configurations.

Prerequisite:

Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above.

NOTE - These steps are required only for very large ZCS deployments having millions of entries in ldap.

Restart ldap

Restart ldap as zimbra user:

 $ su - zimbra
 $ ldap restart

Configure SortVal and MultiVal

As Zimbra user, use ldapmodify commands to add sortval configuration in config db.

  • ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
  • Type Ctrl-D (^d) to EOF.
  • Replace ldap_master_hostname with the ldap server hostname
  • As Zimbra user
  • For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={3}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

  • For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
$ source /opt/zimbra/bin/zmshutil ; zmsetvars 
$ ldapmodify -c -H "ldap://ldap_master_hostname:389" -D cn=config -w $ldap_root_password 
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcDbMultival
olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Verify the configuration.

As zimbra user:

  $ source /opt/zimbra/bin/zmshutil ; zmsetvars ; 
  $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
  olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
  olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultival' DESC 'Hi/Lo threshold
  axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultival ) )
  olcDbMultival: default 100,3
  olcDbMultival: zimbraACE 20,3
  olcDbMultival: zimbraAuthTokens 20,3
  olcDbMultival: zimbraCsrfTokenData 20,3
  olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

After the above statement, type Ctrl-D (^d) to EOF and submit the changes.

Export the primary database to LDIF.

As zimbra user:

 $ su - zimbra
 $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

Export the accesslog database to LDIF (if this is a master server)

As zimbra user:

  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

Stop ldap on the server

As zimbra user:

  $ ldap stop

Reload the primary database

As the zimbra user:

  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

Reload the accesslog database (if this is a master server)

As the zimbra user:

 $ cd /opt/zimbra/data/ldap
 $ mv accesslog accesslog.old
 $ mkdir -p accesslog/db
 $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Start ldap

As the zimbra user:

 $ ldap start

Ldap Upgrade and Configuration when MultiVal and SortVal is already configured

Note: Please follow these steps when MultiVal and SortVal attributes are already configured.

1) Stop ldap on the server

  • As zimbra user:
 $ ldap stop

2) Export the primary database to LDIF.

  • As zimbra user:
$ su - zimbra
$ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

3) Export the accesslog database to LDIF (if this is a master server)

  • As zimbra user:
 $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

4) Export the configuration database to LDIF (if this is a master server)

  • As zimbra user:
$ /opt/zimbra/libexec/zmslapcat -c /path/to/output/dir

5) Now update the config db with the new parameters for multival

$ cd /path/to/output/dir

Use favorite editor on ldap-config.bak

Removing old attributes:

  • Find below(old) attributes and remove them from config file:
olcSortVals: zimbraACE
olcSortVals: zimbraAuthTokens
olcSortVals: zimbraCsrfTokenData
olcSortVals: zimbraPasswordLockoutFailureTime
olcDbMultivalHi: 100
olcDbMultivalLo: 3

Adding new attributes:

  • For a master in an ldap + replica or MMR setup find olcDatabase={3}mdb,cn=config
  • For a standalone ldap server or a replica then find olcDatabase={2}mdb,cn=config

Add the following attribute value pairs to the entry:

olcDbMultival: default 100,3
olcDbMultival: zimbraACE 20,3
olcDbMultival: zimbraAuthTokens 20,3
olcDbMultival: zimbraCsrfTokenData 20,3
olcDbMultival: zimbraPasswordLockoutFailureTime 20,3

6) Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b3 or above

7) Reload the configuration database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv config config.old
 $ mkdir config
 $ /opt/zimbra/libexec/zmslapadd -c /path/to/output/dir/ldap-config.bak

8) Start ldap

  • As zimbra user:
$ ldap start

9) Reload the primary database

  • As zimbra user:
 $ cd /opt/zimbra/data/ldap
 $ mv mdb mdb.old
 $ mkdir -p mdb/db
 $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

10) Reload the accesslog database (if this is a master server)

  • As zimbra user:
$ cd /opt/zimbra/data/ldap
$ mv accesslog accesslog.old
$ mkdir -p accesslog/db
$ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

Restart ldap

  • Restart ldap as zimbra user:
$ su - zimbra
$ ldap restart
Jump to: navigation, search