Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    kopano issues when one dc down

    Kopano Groupware Core
    2
    4
    903
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ItzJustinN
      ItzJustinN last edited by ItzJustinN

      hello

      i have kopano setup to use ldap authentication.
      i have two domain controllers for my domain.
      when one domain controller goes down, kopano starts to have multiple issues.
      doesnt seem to matter which domain controller goes down.
      problem does not appear to be with dc as domain auth continues working
      mail server continues working, only issues i have are kopano related.
      i can telnet to mail server and send mail manually from there.
      webapp does not function at all, does not load after initial authentication, no error just keeps spinning (loading).
      zpush barely works, most the time it doesnt sync emails, sync works about once every 30 minutes,
      still cannot send emails with mobile

      i have included my kopano ldap.cfg below for reference

      ##############################################################
#  LDAP DIRECTORY USER PLUGIN SETTINGS
#

# Select implementation.
# If you have any reason to override settings from /usr/share/kopano/*.cfg,
# do so at the end of this (/etc-resident) config file.
#
#!include /usr/share/kopano/ldap.openldap.cfg
!include /usr/share/kopano/ldap.active-directory.cfg

# LDAP host name/IP address
# this record points to two domain controllers (ive also tried using both direct ip addresses)
ldap_host = ad.mydomain.local

# LDAP port
# Optional, default = 389
# Use 636 for ldaps
ldap_port = 389

# LDAP protocol
# Optional, default = ldap
# use 'ldaps' for Implicit SSL encryption. Make sure /etc/ldap/ldap.conf is
# configured correctly with TLS_CACERT
ldap_protocol = ldap

# LDAP URI
# Optional, override ldap_host, ldap_port and ldap_protocol if set
# e.g. ldaps://servername:port. You may also specify multiple space-separated
# URIs
#ldap_uri =

# The charset that strings are stored in on the LDAP server. Normally this
# is utf-8, but this can differ according to your setup. The charset specified
# here must be supported by your iconv(1) setup. See iconv -l for all charset
#ldap_server_charset = utf-8

# The DN of the user to bind as for normal operations (not used for
# authentication if ldap_authentication_method is set to "bind".
# When empty, uses anonymous binding.
# The userPassword attribute must be readable for this user if the
# ldap_authentication_method option is set to password.
ldap_bind_user = username

# LDAP bind password
ldap_bind_passwd = password

# The timeout for network operations in seconds
ldap_network_timeout = 20

# ldap_page_size limits the number of results from a query that will be downloaded at a time.
# Default ADS MaxPageSize is 1000.
#ldap_page_size = 1000

##########
# Object settings

# Top level search base, every object should be available under this tree
ldap_search_base = dc=mydomain,dc=local
ldap_user_search_filter = (KopanoAccount=1)
#this is a custom attribute i inserted into ad schema to avoid running ad lds instance

# Use custom defined LDAP property mappings
# This is not a requirement for most environments but allows custom mappings of
# special LDAP properties to custom MAPI attributes
#!propmap /etc/kopano/ldap.propmap.cfg
      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @ItzJustinN last edited by

        Hello @itzjustinn ,

        unfortunately you don’t say which version you are running.

        And most importantly the ldap configuration you have posted only makes use of a single ldap connection (just one entry in ldap_host. no entries in ldap_uri.

        Generally it should work the following way:

        • you have an amount of x threads configured in server.cfg
        • each of these threads holds a dedicated connection to you ldap
        • if the first entry in ldap_uri goes down, connections will time out and each thread will reconnect on its own to the next entry in ldap_uri.
        • this entry will be used until it fails and the process begins anew.

        since each thread has to timeout individually switching over to a fallback this process takes some time. if you want quicker failover the best way is to implement a ldap proxy infron of your ad.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • ItzJustinN
          ItzJustinN last edited by

          hi. thank you for response.
          i add entry for both dcs in ldap_uri field
          now failover is occuring within minutes and all problems i was seeing are resolved.

          please tell me what purpose do the multiple threads serve if all threads are connected to same ldap host and failover after timeout. im only curious to understand more about how it works.

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @ItzJustinN last edited by

            Hi @itzjustinn ,

            well, multiple threads = more threads to process user requests. Each has its own ldap connection to be self sufficient.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post