How to install LDAP Replication read-only?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
hieunv
Posts: 4
Joined: Tue Sep 29, 2020 3:03 am

How to install LDAP Replication read-only?

Post by hieunv »

Hello everybody,
I now have an LDAP Master server (version 8.8.15 latest). I want to install more LDAP Slave server (read-only). I followed the guide (Ldap Replication)
https://zimbra.github.io/installguides/ ... eplication
But when I finished the installation, the symptom was that this LDAP Slave server could still create, edit, and delete account (write). So how can I switch the mode of this LDAP Slave server back to read-only?
Thanks very much.
User avatar
king0770
Outstanding Member
Outstanding Member
Posts: 242
Joined: Fri Sep 12, 2014 10:44 pm
Contact:

Re: How to install LDAP Replication read-only?

Post by king0770 »

You can remove the ldap_master_url from the localconfig in the server; although, I am not 100% sure of the ramifications. I guess if the server is not doing any changes, it *might* be ok to leave ldap_master_url blank.

zmlocalconfig -e ldap_master_url=""

Remember...

zmlocalconfig ldap_url <<== Lookups / Read-Only

zmlocalconfig ldap_master_url <<== Make changes

If needed, you can also disable anonymous ldap connections as well.

/opt/zimbra/libexec/zmldapanon -d
--
Rick King
hieunv
Posts: 4
Joined: Tue Sep 29, 2020 3:03 am

Re: How to install LDAP Replication read-only?

Post by hieunv »

Hello king0770

I try and result when I "zmlocalconfig -e ldap_master_url=""":
"Host ldapslave.example.com.vn
Starting ldap...Done.
Connect: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate."

Current, my config with ldap_url:
ldap_url = ldap://ldapslave.example.com.vn:389 ldap://ldapmaster.example.com.vn:389
This is value default after I install
I sill have not resolved the problem
king0770 wrote:You can remove the ldap_master_url from the localconfig in the server; although, I am not 100% sure of the ramifications. I guess if the server is not doing any changes, it *might* be ok to leave ldap_master_url blank.

zmlocalconfig -e ldap_master_url=""

Remember...

zmlocalconfig ldap_url <<== Lookups / Read-Only

zmlocalconfig ldap_master_url <<== Make changes

If needed, you can also disable anonymous ldap connections as well.

/opt/zimbra/libexec/zmldapanon -d
hieunv
Posts: 4
Joined: Tue Sep 29, 2020 3:03 am

Re: How to install LDAP Replication read-only?

Post by hieunv »

I have solved the problem. The reason is that I use "zmprov" to create an account that "zmprov" will call the LDAP master to create. So I installed it correctly according to the instructions above
Post Reply