Import ldap from 8.0.9 to 9.0.0

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Import ldap from 8.0.9 to 9.0.0

Post by rosch »

Dear all,

I followed the wiki to import the LDAP data to my new server ZCS 9.0.0.
https://wiki.zimbra.com/wiki/LDAP_data_import_export

When running

Code: Select all

libexec/zmslapadd ldap.bak
I get the following error:
slapadd: slap_init no backend for ""

It's been many years that I had to mess around with LDAP on the old 8.0.9 server, so I am not sure where to go from here.
Does anyone have a recipe for this?

I tested the mailbox import, that part worked as expected.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Import ldap from 8.0.9 to 9.0.0

Post by phoenix »

That doesn't really tell us exactly what steps you did. If you followed those instructions you should have imported the config first, did you do that??
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Re: Import ldap from 8.0.9 to 9.0.0

Post by rosch »

Sorry about that, for the config import, I get:

Code: Select all

libexec/zmslapadd -c ldap-config.bak
slapadd: could not add entry dn="cn=config" (line=1):
_                       0.25% eta   none elapsed            none spd   4.7 M/s
Closing DB...
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Re: Import ldap from 8.0.9 to 9.0.0

Post by rosch »

The other option is of course to recreate the LDAP stuff from scratch, which I am willing to do.
If somebody has a recipe for that, I'd be happy to follow it.
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Import ldap from 8.0.9 to 9.0.0

Post by Klug »

This won't work.

You cannot export the content of LDAP server from 8.0.9 and import it in a 9.0 server.
The procedure from the wiki page is meant to be used for the same version of ZCS on both sides (import and export).

You have to go through the upgrades steps from 8.0.9 to 9.0.
If you cannot upgrade on your current server (because the OS that runs 8.0.9 won't run 9.0), it's a bit more complicated.
You'll have to upgrade source ZCS to the highest version available for this OS, then upgrade the OS (if you can) and reinstall ZCS for this OS, then upgrade again and so on.
If you can't upgrade the OS, you'll have to move the data to another server with a a newer OS able to run the same ZCS version, the upgrade ZCS version.
And so on, until you reach 9.0.
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Re: Import ldap from 8.0.9 to 9.0.0

Post by rosch »

Thanks for your answer.
Upgrading OS and ZCS is something I cannot do any more because the OS running 8.0.9 is too old :oops: .
Yes, I know, I should have done so, but I did not, that's why I have to find an alternative.

Mailbox import is tested and will work.
The remaining part is client authentication with LDAP. This is where, I think, I need to import stuff from the old server, but I might be wrong.
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Import ldap from 8.0.9 to 9.0.0

Post by Klug »

IIRC you can read the crypted password in an LDAP dump from your 8.0.9 version (in the LDIF file).
Then you can define a crypted password using CLI (on the 9.0 server)
You need to use zmprov and prepend the crypted password with {crypt}, have a look here: https://wiki.zimbra.com/wiki/Password_Migration

You could also try to import all mailboxes (as you did).
Then LDAP export (in 9.0).
Then change the passwords in the LDIF file to the old (8.0.9) ones.
Then LDAP import.
This would need some scripting (or quite a lot of cut/paste) but it should work.
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Import ldap from 8.0.9 to 9.0.0

Post by L. Mark Stone »

rosch wrote:Thanks for your answer.
Upgrading OS and ZCS is something I cannot do any more because the OS running 8.0.9 is too old :oops: .
Yes, I know, I should have done so, but I did not, that's why I have to find an alternative.

Mailbox import is tested and will work.
The remaining part is client authentication with LDAP. This is where, I think, I need to import stuff from the old server, but I might be wrong.
Klug is of course correct, and his multi-step upgrade method is the right way to proceed.

Later versions of Zimbra introduced changes to Zimbra's LDAP custom schema, including new attributes. Each Zimbra version expects those version-specific (and all previously updated) attributes to be in place already. The upgrade installer makes those changes for you.

A few years ago, a customer approached me having done what you are doing. Zimbra would start, most times, but it didn't function 100% correctly, and it couldn't be upgraded further (the upgrade installer failed).

Truly, I would accept Klug's good advice and proceed accordingly.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Re: Import ldap from 8.0.9 to 9.0.0

Post by rosch »

Thanks for the precious ideas.

Importing a mailbox seems to require the account existence.
Therefore I am currently exporting the user accounts using

Code: Select all

zmprov -l gaa mydomain > users.list
Then importing the accounts on the new machine with a python script. I'll post it later.

I do have another question though. Is there any good howto about Linux client LDAP configuration with a recent Zimbra installation?
In my example it would be Ubuntu clients. I got it running back then, after a lot off messing around with ldap.conf, nsswitch.conf, but my recipe seems outdated, since I have tls issues at the moment. I did check the existing Zimbra wikis, but they are either outdated or incomplete.
Post Reply