How To Restore Zimbra LDAP database from Backups

Leave a comment

June 14, 2020 by aubreykloppers

This is one of the useful methods for disaster recovery. To use this method, you need to have a previous backup of LDAP configurations when it was in a good state.

I had an error below while trying to start Zimbra services.

$ zmcontrol start
Host mail.example.com
Starting ldap…Done.
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

After a lot of troubleshooting, I noted the problem was the LDAP database which couldn’t be repaired. The only solution to this was to rebuild the LDAP database.

Step 1: Stop Zimbra Services

On my server, I have a recent Zimbra LDAP backup located at /opt/zimbra/backup. First you need to stop all Zimbra Services.

$ zmcontrol stop

Step 2: Backup Zimbra LDAP Data

Once the services are stopped, backup old data – run this as a root user.

mv /opt/zimbra/data/ldap/config/  /opt/zimbra/data/ldap/OLDconfig/
mv /opt/zimbra/data/ldap/mdb/db /opt/zimbra/data/ldap/mdb/OLD_db/

Then recreate LDAP data folders and give them correct permissions.

mkdir -p /opt/zimbra/data/ldap/mdb/db /opt/zimbra/data/ldap/mdb/logs /opt/zimbra/data/ldap/config
chown -R zimbra:zimbra /opt/zimbra/data/ldap
/opt/zimbra/libexec/zmfixperms -verbose

Step 3: Restore Zimbra LDAP database from backup.

Now that you have the data directories empty, navigate to the directory with your LDAP backup. If the backups are archived, you’ll need to uncompress them before restoration.

$ cd /opt/zimbra/backup/sessions/incr-<NUMBER>/ldap
$ ls
ldap.bak.gz  ldap-config.bak.gz

Uncompress the Zimbra LDAP configurations files.

$ gunzip *.gz
$ ls
ldap.bak ldap-config.bak

Restore ldap-config.bak using the slapadd command – Run as zimbra user.

$ slapadd -q -n 0 -F /opt/zimbra/data/ldap/config -cv -l ldap-config.bak
added: "cn=config" (00000001)
added: "cn=module{0},cn=config" (00000001)
added: "cn=schema,cn=config" (00000001)
added: "cn={0}core,cn=schema,cn=config" (00000001)
added: "cn={1}cosine,cn=schema,cn=config" (00000001)
added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001)
added: "cn={3}dyngroup,cn=schema,cn=config" (00000001)
added: "cn={4}zimbra,cn=schema,cn=config" (00000001)
added: "cn={5}amavisd,cn=schema,cn=config" (00000001)
added: "cn={6}opendkim,cn=schema,cn=config" (00000001)
added: "olcDatabase={-1}frontend,cn=config" (00000001)
added: "olcDatabase={0}config,cn=config" (00000001)
added: "olcDatabase={1}monitor,cn=config" (00000001)
added: "olcDatabase={2}mdb,cn=config" (00000001)
added: "olcOverlay={0}dynlist,olcDatabase={2}mdb,cn=config" (00000001)
added: "olcOverlay={1}unique,olcDatabase={2}mdb,cn=config" (00000001)
added: "olcOverlay={2}noopsrch,olcDatabase={2}mdb,cn=config" (00000001)
############## 100.00% eta none elapsed none fast!
Closing DB…

Do the same for ldap.bak.

$ slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l ldap.bak

Step 4: Start Zimbra Services

After the restoration, try to start all Zimbra Services. You can start with LDAP service.

ldap start
ldap status

If it was successful, the bring up all other Zimbra Services.

# su - zimbra
$ zmcontrol start
Host mail.example.com
     Starting ldap…Done.
     Starting zmconfigd…Done.
     Starting logger…Done.
     Starting convertd…Done.
     Starting mailbox…Done.
     Starting memcached…Done.
     Starting proxy…Done.
     Starting amavis…Done.
     Starting antispam…Done.
     Starting antivirus…Done.
     Starting opendkim…Done.
     Starting snmp…Done.
     Starting spell…Done.
     Starting mta…Done.
     Starting stats…Done.
     Starting service webapp…Done.
     Starting zimbra webapp…Done.
     Starting zimbraAdmin webapp…Done.
     Starting zimlet webapp…Done.
     Starting imapd…Done.

A check on status should show all services running.

$ zmcontrol status
 Host mail.example.com
     amavis                  Running
     antispam                Running
     antivirus               Running
     convertd                Running
     imapd                   Running
     ldap                    Running
     logger                  Running
     mailbox                 Running
     memcached               Running
     mta                     Running
     opendkim                Running
     proxy                   Running
     service webapp          Running
     snmp                    Running
     spell                   Running
     stats                   Running
     zimbra webapp           Running
     zimbraAdmin webapp      Running
     zimlet webapp           Running
     zmconfigd               Running

You should now be able to access Zimbra Admin UI and perform your normal Email administration tasks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: