Have a problem about LDAP_Multi_Master_Replication

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
trungnt
Posts: 29
Joined: Sat May 07, 2016 10:22 am
Location: Viet Nam

Have a problem about LDAP_Multi_Master_Replication

Post by trungnt »

Hi all,

I have 04 Servers, i perform flow this guide: htps://files.zimbra.com/website/docs/8.6/Zimbra_OS_Multi-Server_Install_8.6.0.pdf

This multiserver installation order:

1st: ldap1.examble.com
- zimbra-core
- zimbra-ldap
2nd: mailbox1.examble.com
- zimbra-core
- zimbra-logger
- zimbra-snmp
- zimbra-store
- zimbra-apache
- zimbra-spell
- zimbra-convertd
3rd: mta1.examble.com
- zimbra-mta
- zimbra-dnscache
4th: ldap2.examble.com, (i perform flow this guide: https://wiki.zimbra.com/wiki/LDAP_Multi ... eplication)
- zimbra-core
- zimbra-ldap
After successfull install ldap2.examble.com, i added to mta1 and mailbox1 servers by this command:
zmlocalconfig -e ldap_url="ldap://ldap1.examble.com:389 ldap://ldap2.examble.com:389"
zmcontrol restart

These servers are operating correctly, but when this ldap1.examble.com server is down, client cannot authenticate to mailbox1 via https and IMAP, mta1 via smtp.
Client can authenticate only to mailbox1 and mta1 when I restart services ([zimbra@mta1 ~]$ zmcontrol restart and [zimbra@mailbox1~]$ zmcontrol restart) on both mailbox1 and mta1 servers

Could you tell me about mistake, and send me solution

Thanks in advance!
User avatar
Raun
Advanced member
Advanced member
Posts: 75
Joined: Thu Mar 24, 2016 1:22 pm

Re: Have a problem about LDAP_Multi_Master_Replication

Post by Raun »

what is the output of below command on both ldap server and are the ldap servers in sync?

$ /opt/zimbra/libexec/zmldapmmrtool -q
trungnt
Posts: 29
Joined: Sat May 07, 2016 10:22 am
Location: Viet Nam

Re: Have a problem about LDAP_Multi_Master_Replication

Post by trungnt »

Raun wrote:what is the output of below command on both ldap server and are the ldap servers in sync?

$ /opt/zimbra/libexec/zmldapmmrtool -q
Thank you Raun!

1. This first case, as root I turned off "poweroff" ldap1.example.com

The output of below command on Ldap2
[zimbra@ldap2 ~]$ /opt/zimbra/libexec/zmldapmmrtool -q
Master replication information
Master replica 1
rid: 100 URI: ldap://ldap1.examble.com:389/ TLS: critical

On mailbox1.example.com I perform (zmcontrol restart) command, client can authenticate to mta1 and mailbox1

[zimbra@mailbox1 ~]$ zmcontrol restart
Host mailbox1.example.com
Stopping vmware-ha...skipped.
/opt/zimbra/bin/zmhactl missing or not executable.
Stopping zmconfigd...Done.
Stopping zimlet webapp...Done.
Stopping zimbraAdmin webapp...Done.
Stopping zimbra webapp...Done.
Stopping service webapp...Done.
Stopping stats...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping opendkim...Done.
Stopping amavis...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping proxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping dnscache...Done.
Host mailbox1.example.com
Connect: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting snmp...Done.
Starting spell...Done.
Starting stats...Done.
Starting service webapp...Done.
Starting zimbra webapp...Done.
Starting zimbraAdmin webapp...Done.
Starting zimlet webapp...Done.

Status show on mailbox1.examble.com this flow figure, I think about misstake, mailbox1 cannot detect ldap1 server is down
Ldap1_shutdown.PNG
Ldap1_shutdown.PNG (72.29 KiB) Viewed 2920 times
2. Different of test case

When on ldap1.examble.com I perform (zmcontrol stop) command, client can authenticate to mta1 and maibox1 and Monitor server status on mailbox1
authentication_successful.PNG
authentication_successful.PNG (67.86 KiB) Viewed 2920 times
But I don`t want restart services on mailbox1.example.com and mta1.example.com, I want mta1 and mailbox1 detect it and auto connect to ldap2.example.com to client authentication
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1668
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Re: Have a problem about LDAP_Multi_Master_Replication

Post by quanah »

trungnt wrote:Hi all,
After successfull install ldap2.examble.com, i added to mta1 and mailbox1 servers by this command:
zmlocalconfig -e ldap_url="ldap://ldap1.examble.com:389 ldap://ldap2.examble.com:389"
Could you tell me about mistake, and send me solution

Thanks in advance!
Looks like you failed to set ldap_master_url config key.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
trungnt
Posts: 29
Joined: Sat May 07, 2016 10:22 am
Location: Viet Nam

Re: Have a problem about LDAP_Multi_Master_Replication

Post by trungnt »

quanah wrote:
trungnt wrote:Hi all,
After successfull install ldap2.examble.com, i added to mta1 and mailbox1 servers by this command:
zmlocalconfig -e ldap_url="ldap://ldap1.examble.com:389 ldap://ldap2.examble.com:389"
Could you tell me about mistake, and send me solution

Thanks in advance!
Looks like you failed to set ldap_master_url config key.
Thank you quanah!

Affter I set ldap_master_url config key on mta1 and mailbox1, my system is working, but When i shutdown Ldap1 (poweroff) Moitor status on mailbox1 show this folow figure

On mailbox1.example.com server
[zimbra@mailbox1 ~]$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389
[zimbra@mailbox1 ~]$ zmlocalconfig -s ldap_url
ldap_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389


On mta1.example.com server
[zimbra@mta1 ~]$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389
[zimbra@mta1 ~]$ zmlocalconfig -s ldap_url
ldap_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389

On ldap1.example.com server
[zimbra@ldap1 ~]$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389
[zimbra@ldap1 ~]$ zmlocalconfig -s ldap_url
ldap_url = ldap://ldap1.example.com:389 ldap://ldap2.example.com:389

On ldap2.example.com server
[zimbra@ldap2 ~]$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://ldap2.example.com:389 ldap://ldap1.example.com:389
[zimbra@ldap2 ~]$ zmlocalconfig -s ldap_url
ldap_url = ldap://ldap2.example.com:389 ldap://ldap1.example.com:389
Ldap1_shutdown.PNG
Ldap1_shutdown.PNG (72.29 KiB) Viewed 2906 times
Could you tell me please about solution
User avatar
vavai
Advanced member
Advanced member
Posts: 174
Joined: Thu Nov 14, 2013 2:41 pm
Location: Indonesia
ZCS/ZD Version: 0
Contact:

Re: Have a problem about LDAP_Multi_Master_Replication

Post by vavai »

Hi,

Did you mean that ldap1 status on Zimbra Admin didn't updated as "red" status? The monitor status are updated frequently after a while, CMIIW.
trungnt
Posts: 29
Joined: Sat May 07, 2016 10:22 am
Location: Viet Nam

Re: Have a problem about LDAP_Multi_Master_Replication

Post by trungnt »

vavai wrote:Hi,

Did you mean that ldap1 status on Zimbra Admin didn't updated as "red" status? The monitor status are updated frequently after a while, CMIIW.
Thank vavai!

Yes i do, ldap1 status on Zimbra Admin didn't updated as "red" status. please help me!

Tks
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1668
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Re: Have a problem about LDAP_Multi_Master_Replication

Post by quanah »

trungnt wrote:
vavai wrote:Hi,

Did you mean that ldap1 status on Zimbra Admin didn't updated as "red" status? The monitor status are updated frequently after a while, CMIIW.
Thank vavai!

Yes i do, ldap1 status on Zimbra Admin didn't updated as "red" status. please help me!

Tks
I would not rely on the admin console to provide accurate information on the up/down status of a server.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
trungnt
Posts: 29
Joined: Sat May 07, 2016 10:22 am
Location: Viet Nam

Re: Have a problem about LDAP_Multi_Master_Replication

Post by trungnt »

quanah wrote:
trungnt wrote:
vavai wrote:Hi,

Did you mean that ldap1 status on Zimbra Admin didn't updated as "red" status? The monitor status are updated frequently after a while, CMIIW.
Thank vavai!

Yes i do, ldap1 status on Zimbra Admin didn't updated as "red" status. please help me!

Tks
I would not rely on the admin console to provide accurate information on the up/down status of a server.
Thank you for your reply,

Could you tell me about, command or tools or guide to resovle it.

Tks
Post Reply