In today’s guide, we will look at how to restore a Zimbra LDAP database from Backup. This is one of the useful methods for disaster recovery. To use this method, you need to have a previous backup of LDAP configurations when it was in a good state. Our guide should work on ZCS 8.0.2 or later:

Backing up Zimbra LDAP database

Once you’ve installed Zimbra email server, a utility used to to export the configuration and main databases ius provided. Its location is /opt/zimbra/libexec/zmslapcat. It is safe to run zmslapcat while the LDAP server is running.

Backing up main database:

/opt/zimbra/libexec/zmslapcat /backupsdir

Configuration database export can be achieved by running the command with -c option:

/opt/zimbra/libexec/zmslapcat -c /backupsdir

Exporting accesslog database export:

/opt/zimbra/libexec/zmslapcat -a /backupsdir

Restore Zimbra LDAP database from Backup

I had an error below while trying to start Zimbra services.

$ zmcontrol start
Host mail.mydomain.com
Starting ldap…Done.
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

After a lot of troubleshooting, I noted the problem was the LDAP database which couldn’t be repaired. The only solution to this was to rebuild the LDAP database.

Step 1: Stop Zimbra Services

In my server, I have a recent Zimbra LDAP backup located under /opt/zimbra/backup directory. But first you need to stop all Zimbra Services.

$ zmcontrol stop

Step 2: Backup Zimbra LDAP Data

Once the services are stopped, backup old data – You need to run this as a root user.

mv /opt/zimbra/data/ldap/config/  /opt/zimbra/data/ldap/OLDconfig/
mv /opt/zimbra/data/ldap/mdb/db  /opt/zimbra/data/ldap/mdb/OLD_db/
mv /opt/zimbra/data/ldap/accesslog /opt/zimbra/data/ldap/OLD_accesslog

Then recreate LDAP data folders and give them correct permissions.

mkdir -p /opt/zimbra/data/ldap/config
mkdir -p /opt/zimbra/data/ldap/mdb/db /opt/zimbra/data/ldap/mdb/logs
chown -R zimbra:zimbra /opt/zimbra/data/ldap
/opt/zimbra/libexec/zmfixperms -verbose

Step 3: Restore Zimbra LDAP database from backup.

Now that you have the data directories empty, navigate to the directory with your LDAP backup. If the backups are archived, you’ll need to uncompress them before restoration.

$ cd /opt/zimbra/backup/sessions/incr-20210218.230007.912/ldap
$ ls
ldap.bak.gz  ldap-config.bak.gz

Uncompress the Zimbra LDAP configurations files.

$ gunzip *.gz
$ ls
ldap.bak  ldap-config.bak

Restore ldap-config.bak using the zmslapadd command – Run as zimbra user. The last argument is the full path to the data export file:

$ /opt/zimbra/libexec/zmslapadd -c /backupsdir/ldap-config.bak
 added: "cn=config" (00000001)
 added: "cn=module{0},cn=config" (00000001)
 added: "cn=schema,cn=config" (00000001)
 added: "cn={0}core,cn=schema,cn=config" (00000001)
 added: "cn={1}cosine,cn=schema,cn=config" (00000001)
 added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001)
 added: "cn={3}dyngroup,cn=schema,cn=config" (00000001)
 added: "cn={4}zimbra,cn=schema,cn=config" (00000001)
 added: "cn={5}amavisd,cn=schema,cn=config" (00000001)
 added: "cn={6}opendkim,cn=schema,cn=config" (00000001)
 added: "olcDatabase={-1}frontend,cn=config" (00000001)
 added: "olcDatabase={0}config,cn=config" (00000001)
 added: "olcDatabase={1}monitor,cn=config" (00000001)
 added: "olcDatabase={2}mdb,cn=config" (00000001)
 added: "olcOverlay={0}dynlist,olcDatabase={2}mdb,cn=config" (00000001)
 added: "olcOverlay={1}unique,olcDatabase={2}mdb,cn=config" (00000001)
 added: "olcOverlay={2}noopsrch,olcDatabase={2}mdb,cn=config" (00000001)
 ############## 100.00% eta   none elapsed            none fast!
 Closing DB…

Import the production LDAP database:

$ /opt/zimbra/libexec/zmslapadd /backupsdir/ldap.bak

Import the accesslog LDAP database via the zmslapadd command:

/opt/zimbra/libexec/zmslapadd -a /backupsdir/accesslog.bak

Step 4: Start Zimbra Services

After the restoration, try to start all Zimbra Services. You can start with LDAP service.

ldap start
ldap status

If it was successful, the bring up all other Zimbra Services.

# su - zimbra
$ zmcontrol start
Host mail.mydomain.com
     Starting ldap…Done.
     Starting zmconfigd…Done.
     Starting logger…Done.
     Starting convertd…Done.
     Starting mailbox…Done.
     Starting memcached…Done.
     Starting proxy…Done.
     Starting amavis…Done.
     Starting antispam…Done.
     Starting antivirus…Done.
     Starting opendkim…Done.
     Starting snmp…Done.
     Starting spell…Done.
     Starting mta…Done.
     Starting stats…Done.
     Starting service webapp…Done.
     Starting zimbra webapp…Done.
     Starting zimbraAdmin webapp…Done.
     Starting zimlet webapp…Done.
     Starting imapd…Done.

A check on status should show all services running.

$ zmcontrol status
 Host mail.mydomain.com
     amavis                  Running
     antispam                Running
     antivirus               Running
     convertd                Running
     imapd                   Running
     ldap                    Running
     logger                  Running
     mailbox                 Running
     memcached               Running
     mta                     Running
     opendkim                Running
     proxy                   Running
     service webapp          Running
     snmp                    Running
     spell                   Running
     stats                   Running
     zimbra webapp           Running
     zimbraAdmin webapp      Running
     zimlet webapp           Running
     zmconfigd               Running

You should now be able to access Zimbra Admin UI and perform your normal Email administration tasks. You can also check other Zimbra guides available in our blog.

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here