Zimbra Migration Document
Source Server# Zimbra colloboration Suite (ZCS) version 5.0.8 — Hostname: mail ,Domain: abc.com
Destination Server # Zimbra colloboration Suite (ZCS)version 6.0.6—-Hostname: mail ,Domain: xyz.com
In this migration i will migrate all userdata base ,password ,zimlet setting ,ldap settings
a. Dump LDAP database on the source Zimbra i.e. mail.abc.com
Go to the primary mail server and become zimbra user. Then, in the /opt/zimbra directory, run the following command:
$ ./openldap/sbin/slapcat -f /opt/zimbra/conf/slapd.conf -l /root/ldap.ldif
The first database does not allow slapcat; using the first available one (2)
After this, you’ll have a file ldap.ldif in your /home directory which contains all the information about your users.Copy this file to mail.xyz.com server before making any changes.
b. Modify domain names
You should modify domain and host names in LDIF, otherwise Zimbra won’t work.
$sed ‘s/dmz.domain.local/dr.domain.local/g’ ldap.ldif > ldap.ldif.mail
Note that it might become more complex that this because of the way Zimbra stores aliases into LDAP. For example,there is a separate tree in LDAP, dc=mail,dc=abc,dc=com which won’t be affected by the grep command and you’ll have to either write script to handle this or manually edit the ldif file.
So better if you change all entries manually.
c. Stop the target Zimbra on mail.xyz.com
$ zmcontrol stop
Just in case, check if LDAP is running. If so kill it using the kill command
d. Clean /opt/zimbra/data/ldap/hdb/db directory. DO NOT remove logs and DB_CONFIG file!
e. Import ldif database on mail.xyz.com
$ cd /opt/zimbra
$ ./openldap/sbin/slapadd -F /opt/zimbra/data/ldap/config -l /tmp/ldap.ldif.mail
The first database does not allow slapadd; using the first available one (2)
The warning you see is the only one you should see and I think you can safely ignore it.
f. Get LDAP passwords from source Zimbra(mail.abc.com) using:
$ zmlocalconfig -s ldap_amavis_password ldap_postfix_password ldap_replication_password ldap_root_password zimbra_ldap_password
ldap_amavis_password = password
ldap_postfix_password = password
ldap_replication_password = password
ldap_root_password = password
zimbra_ldap_password = password
All the passwords are same.
g. You should start Zimbra on DR mail server now because otherwise it is not possible to change password. Note that there will be errors but we ignore them:
$ zmcontrol start
Host mail.xyz.com
Starting ldap…Done.
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn’t exist.
h. Now modify all the passwords:
$ zmldappasswd
Updating local config and directory
$ zmldappasswd -l
Updating local config and directory
$ zmldappasswd -p
Updating local config and directory
$ zmldappasswd -a
Updating local config and directory
$ zmldappasswd -r
Updating local config and directory
Updating slapd.conf
i. Now stop and start Zimbra again and it should work normally. Here is how netstat -ltn output should look:
$ netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.218:389 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7307 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.218:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 :::7072 :::* LISTEN
tcp 0 0 :::7777 :::* LISTEN
tcp 0 0 :::993 :::* LISTEN
tcp 0 0 :::995 :::* LISTEN
tcp 0 0 :::7780 :::* LISTEN
tcp 0 0 :::5222 :::* LISTEN
tcp 0 0 :::5223 :::* LISTEN
tcp 0 0 :::7335 :::* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::7025 :::* LISTEN
tcp 0 0 :::5269 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::7071 :::* LISTEN
Few notes to be aware of:
1. You should be aware that by copying LDAP you also copied SSH keys and possibly other configuration data which you might prefer to be different. For SSH keys use zmsshkeygen.
2. During migration process you probably removed default domain, so you have to log in to administration console using admin@xyz.com username and set default domain to either mail.xyz.com or xyz.com.
After user migration, in order for the mail routing to work properly, you should add to each user an alias of the form username@xyz.com. You can use the following simple script to do that for each user:
#!/bin/bash
USERS=`zmprov -l gaa olddomain`
# First, add new domain
zmprov cd xyz.com
# Then, for each user add new alias
for i in $USERS
do
echo “Processing user $i”
zmprov aaa $i ${i/olddomain/xyz.com}
done
In order to set up routing I suggest you first modify only several users to test the installation, and when it’s proven to work correctly then modify all the users using a simple shell script.
Thanks
Manoj