Zimbra-LDAP Multival Configuration: Difference between revisions

Line 11: Line 11:
==== Configure SortVal ====
==== Configure SortVal ====
Use ldapmodify commands to add sortval configuration in config db.
Use ldapmodify commands to add sortval configuration in config db.
ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker.
Type Control-D (^d) as EOF.
Type Control-D (^d) as EOF.


   $ ldapmodify -c -H "ldap://master_ldap_hostname:389" -D cn=config -w $ldap_root_password  
   $ ldapmodify -c -H "ldap://master_ldap_hostname:389" -D cn=config -w $ldap_root_password  

Revision as of 07:43, 17 August 2018

Zimbra-Openldap MultiVal and SortVal configurations.

Prerequisite:

Install latest zimbra-openldap-server version 2.4.46-1zimbra8.7b2 or above.


Restart ldap

Restart ldap as zimbra user:

 $ su - zimbra
 $ ldap restart

Configure SortVal

Use ldapmodify commands to add sortval configuration in config db. ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker. Type Control-D (^d) as EOF.

 $ ldapmodify -c -H "ldap://master_ldap_hostname:389" -D cn=config -w $ldap_root_password 
 dn: olcDatabase={-1}frontend,cn=config
 changetype: modify
 add: olcSortVals
 olcSortVals: zimbraACE
 olcSortVals: zimbraAuthTokens
 olcSortVals: zimbraCsrfTokenData
 olcSortVals: zimbraPasswordLockoutFailureTime

Configure MultiVal

Note based upon MMR and standalone server, you will have to use the config db.

  • For a master in an ldap + replica or MMR setup use olcDatabase={3}mdb,cn=config
 $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 dn: olcDatabase={3}mdb,cn=config
 changetype: modify
 add: olcDbMultivalHi
 olcDbMultivalHi: 100
 
 $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 dn: olcDatabase={3}mdb,cn=config
 changetype: modify
 add: olcDbMultivalLo
 olcDbMultivalLo: 3
  • For a standalone ldap server or a replica then use olcDatabase={2}mdb,cn=config
 $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 add: olcDbMultivalHi
 olcDbMultivalHi: 100
 
 $ ldapmodify -c -H "ldap:// master_ldap_hostname:389" -D cn=config -w $ldap_root_password
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 add: olcDbMultivalLo
 olcDbMultivalLo: 3

Verify the configuration.

As zimbra user:

  $ source /opt/zimbra/bin/zmshutil ; zmsetvars ; 
  $ ldapsearch -LLL -x -H ldapi:/// -D cn=config -w $ldap_root_password -b cn=config | grep -e olcSortVals -e olcDbMultival
  olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
  olcAttributeTypes: ( OLcfgDbAt:12.6 NAME 'olcDbMultivalHi' DESC 'Threshold for
  olcAttributeTypes: ( OLcfgDbAt:12.7 NAME 'olcDbMultivalLo' DESC 'Threshold for
  axSize $ olcDbMode $ olcDbSearchStack $ olcDbRtxnSize $ olcDbMultivalHi $ olc
  olcSortVals: zimbraACE
  olcSortVals: zimbraAuthTokens
  olcSortVals: zimbraCsrfTokenData
  olcSortVals: zimbraPasswordLockoutFailureTime
  olcDbMultivalLo: 3
  olcDbMultivalHi: 100

Export the primary database to LDIF.

As zimbra user:

 $ su - zimbra
 $ /opt/zimbra/libexec/zmslapcat /path/to/output/dir

Export the accesslog database to LDIF (if this is a master server)

As zimbra user:

  $ /opt/zimbra/libexec/zmslapcat -a /path/to/output/dir

Stop ldap on the server

As zimbra user:

  $ ldap stop

Reload the primary database

As the zimbra user:

  $ cd /opt/zimbra/data/ldap
  $ mv mdb mdb.old
  $ mkdir -p mdb/db
  $ /opt/zimbra/libexec/zmslapadd /path/to/output/dir/ldap.bak

Reload the accesslog database (if this is a master server)

As the zimbra user:

 $ cd /opt/zimbra/data/ldap
 $ mv accesslog accesslog.old
 $ mkdir -p accesslog/db
 $ /opt/zimbra/libexec/zmslapadd -a /path/to/output/dir/ldap-accesslog.bak

9) start ldap As the zimbra user:

 $ ldap start
Jump to: navigation, search