Hello folks, we need an opinion from some LDAP black belt.
We had and are having sporadically some problems with LDAP servers configured in MMR. We have many inherited customers which infrastructure we did not set up. In our opinion, most of these infrastructure do not need MMR, instead a well configured master-replica should be used. Their LDAP servers are too light and spend much more time mmr-replicating than serving the other servers, so when something "heavy" happens (like a mass provisioning or a mass mailing) they go off sync and everything burns.
We took in last years this document https://wiki.zimbra.com/wiki/LDAP_Multi ... eplication as a dogma, especially where it says:
"WARNING: Configuring MMR is a one-way trip! Once you have configured MMR, you must not remove all nodes from the MMR configuration! If you're removing nodes, you must retain at least one replication agreement on your MMR nodes." So we never ever tried to do that.
Is that statement still valid? The logo and warning icon are pretty old, and the "Verified against" is only 8.0.
To turn a typical master1-master2 enviromnemnt in master-replica we would:
- remove the mmr agreement from m1 to m2
- remove every occurrence of m2 from the ldap_url and ldap_master_url of every server
- do the zmprov deleteServer m2
- install a replica pointing to m1
- add replica in ldap_url of every server
What are the dangers of this? Are we forgetting something obvious?
Are there LDAP configuration that must be done (something on the accesslog or the config...) ?
Thanks in advance!!
We had and are having sporadically some problems with LDAP servers configured in MMR. We have many inherited customers which infrastructure we did not set up. In our opinion, most of these infrastructure do not need MMR, instead a well configured master-replica should be used. Their LDAP servers are too light and spend much more time mmr-replicating than serving the other servers, so when something "heavy" happens (like a mass provisioning or a mass mailing) they go off sync and everything burns.
We took in last years this document https://wiki.zimbra.com/wiki/LDAP_Multi ... eplication as a dogma, especially where it says:
"WARNING: Configuring MMR is a one-way trip! Once you have configured MMR, you must not remove all nodes from the MMR configuration! If you're removing nodes, you must retain at least one replication agreement on your MMR nodes." So we never ever tried to do that.
Is that statement still valid? The logo and warning icon are pretty old, and the "Verified against" is only 8.0.
To turn a typical master1-master2 enviromnemnt in master-replica we would:
- remove the mmr agreement from m1 to m2
- remove every occurrence of m2 from the ldap_url and ldap_master_url of every server
- do the zmprov deleteServer m2
- install a replica pointing to m1
- add replica in ldap_url of every server
What are the dangers of this? Are we forgetting something obvious?
Are there LDAP configuration that must be done (something on the accesslog or the config...) ?
Thanks in advance!!
Statistics: Posted by gabrieles — Thu Feb 08, 2024 9:40 am