Setting up an LDAP replica server using Zimbra

We run Zimbra at work, as well as an OpenLDAP server. It occurred to us that it would be great if we could standardize on a single LDAP solution and reduce our administrative overhead. Since Zimbra has such nice management tools, I want to go with Zimbra. So my plan is to build an LDAP replication server that will initially be slaved off of the main Zimbra mail server, but eventually will be the LDAP master that the mail server is slaved to. It occurs to me that one thing I'll have to do some digging into is using that LDAP server with Samba (which we use for a lot of file sharing) - I don't know if Zimbra's LDAP setup has the Samba stuff in it by default or not.

The official documentation for this process is in the Zimbra Connection Suite Multi-Server Installation Guide, specifically the Configuring LDAP Replication section. There are also instructions in the LDAP topic of the Zimbra wiki, but the instructions in the official docs are more detailed.

To begin with, I went over to the mail server and enabled replication:


ssh mail.company.com
su -
su - zimbra
/opt/zimbra/libexec/zmldapenablereplica


Output from zmldapenablereplica:


Enabling sync provider...succeeded
Stopping LDAP on mail.company.com...done
Starting LDAP on mail.company.com...done


I then built a VM using Ubuntu Server 8.04 LTS, one of the distributions supported by Zimbra. I then downloaded (download location) the proper version of the Zimbra Network Edition installer, unpacked the installation files into /tmp, and started the installer:


cd /tmp
tar xzf /home/kit/zcs-NETWORK-5.0.11_GA_2695.UBUNTU8_64.20081117023527.tgz
cd zcs-NETWORK-5.0.11_GA_2695.UBUNTU8_64.20081117023527
./install.sh


It informed me that I had to fiddle /etc/hosts (see this howto for details). I did so, and re-ran the installer. This time, I got:


Operations logged to /tmp/install.log.26576
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-cluster...NOT FOUND
zimbra-core...NOT FOUND


PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra_network_eval_license.pdf


Press Return to continue

Checking for prerequisites...
FOUND: NPTL
FOUND: sudo-1.6.9p10-1ubuntu3.3
FOUND: libidn11-1.1-1
MISSING: libpcre3
MISSING: libgmp3c2
FOUND: libexpat1-2.0.1-0ubuntu1
FOUND: libstdc++6-4.2.3-2ubuntu7
MISSING: libstdc++5
MISSING: libltdl3
Checking for suggested prerequisites...
FOUND: perl-5.8.8

###ERROR###

One or more prerequisite packages are missing.
Please install them before running this installer.

Installation cancelled.


Easy enough to fix, just install those packages. The installer is nice enough to use Ubuntu's package names, so with a simple cut-and-paste, I can do:


apt-get install libpcre3 libgmp3c2 libstdc++5 libltdl3


Now, for the third time, I run ./install.sh, and this time it starts the installation. As the documentation suggests, I install only the zimbra-core and zimbra-ldap packages, and am presented with:


Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) Enable default backup schedule: yes
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help)


As per the instructions, I go into "Common Configuration":


Common configuration

1) Hostname: hostname.company.com
2) Ldap master host: hostname.company.com
3) Ldap port: 389
4) Ldap Admin password: set
5) Require secure interprocess communications: yes
6) TimeZone: (GMT-08.00) Pacific Time (US & Canada)

Select, or 'r' for previous menu [r]


I choose option 2 here and set my LDAP master host to "mail.company.com". I then choose option 4 to set the LDAP Admin password to the Zimbra LDAP password set on mail.company.com (find this by executing "zmlocalconfig -s zimbra_ldap_password" as the Zimbra user on the master LDAP server) and then choosing "r" to return to the previous menu.

From the main menu, I choose option 2, "zimbra-ldap":


Ldap configuration

1) Status: Enabled
2) Create Domain: yes
3) Domain to create: hostname.company.com
4) Ldap Root password: set
5) Ldap Replication password: set
6) Ldap Postfix password: set
7) Ldap Amavis password: set
8) Ldap Nginx password: set

Select, or 'r' for previous menu [r]


Here, I choose option 2 to set "Create Domain" to "no", then set the LDAP replication password to the LDAP replication password on the mail server (find this by executing "zmlocalconfig -s ldap_replication_password" as the Zimbra user on the master LDAP server). I then choose "r" to return to the main menu, and "a" to apply my changes.

Now, all that remains is to test the setup. As the Zimbra user, I execute "zmprov gaa", which displays all the accounts set up on the mail server. But, just to be sure, I create a user on the mail server:


zmprov ca foo.mcbarson@company.com password


Now, when I run "zmprov gaa" on the replication server, I see "foo.mcbarson@company.com" at the bottom of the list. LDAP replication is a success. But that's only half of what needs to be done. I still need to set up the mail server to replicate from the LDAP server I've just set up. However, as it's nearly time to go home, I think I'll save that for another day.