Zimbra

Install and Configure SSDB for Zimbra Large Deployments

Posted by

My company where I work has several clients with Zimbra large deployments. From 10k users until 500k users. Overall Zimbra running well until now. And I hope running well forever 🙂

Referring to Zimbra guidance, Zimbra should use external servers for storing ephemeral data. There are 3 main types of ephemeral data stored in LDAP during normal operation of Zimbra Collaboration.

1. Last Logon Time Stamps (zimbraLastLogonTimestamp)
2. Auth Tokens (zimbraAuthTokens)
3. CSRF Tokens (zimbraCsrfTokenData)

On small systems, storage of these types of ephemeral data may be done in the LDAP Server. However, mail systems with large numbers of active users have been found to overload LDAP for short-lived data storage. Therefore, the preferred option is to store this ephemeral data using an external server.

You can find information about ephemeral data here: https://zimbra.github.io/zimbra-9/adminguide.html#ephemeral_data

Besides that, ephemeral data (SSDB) can be used for integrating Zimbra with Zoom. I will write an article about it in the next article 🙂

So, below is how to install and configure SSDB

# Install and Configure SSDB

Install dependencies on CentOS

yum groupinstall "Development Tools"

Install dependencies on Ubuntu

apt install build-essential

Download SSDB

cd /srv/
wget --no-check-certificate https://github.com/ideawu/ssdb/archive/stable-1.9.5.zip
unzip stable-1.9.5.zip

Compile and install

cd ssdb-stable-1.9.5/
make
make install

Open ssdb.conf

vi /usr/local/ssdb/ssdb.conf

Adjust the lines below

work_dir = /usr/local/ssdb/var
pidfile = /usr/local/ssdb/var/ssdb.pid
ip: 0.0.0.0

SSDB Init Scripts

1. On CentOS

cp /srv/ssdb-stable-1.9.5/tools/ssdb.sh /etc/init.d/ssdb

Change config SSDB

vi /etc/init.d/ssdb

Adjust configs

configs="/usr/local/ssdb/ssdb.conf"

Enable on boot and start SSDB

chkconfig --add ssdb
chkconfig ssdb on
service ssdb start

SSDB running on port 8888. You can check using “ps” or “netstat” commands

[root@mail ssdb-stable-1.9.5]# netstat -atpn | grep -i 8888
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      10558/ssdb-server

2. On Ubuntu

cp /srv/ssdb-stable-1.9.5/tools/ssdb.sh /etc/init.d/ssdb.sh

Change config SSDB

vi /etc/init.d/ssdb.sh

Adjust configs

configs="/usr/local/ssdb/ssdb.conf"

Enable on boot and start SSDB

chmod a+x /etc/init.d/ssdb.sh
update-rc.d ssdb.sh defaults
/etc/init.d/ssdb.sh start

SSDB running on port 8888. You can check using “ps” or “netstat” commands

[root@mail ssdb-stable-1.9.5]# netstat -atpn | grep -i 8888
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      10558/ssdb-server

Now SSDB is ready. It’s time to configure in Zimbra

# Configure Zimbra Collaboration to use SSDB

Migrate existing ephemeral data to the SSDB backend using the zmmigrateattrs utility

su - zimbra
/opt/zimbra/bin/zmmigrateattrs ssdb:192.168.2.15:8888

Note: 192.168.2.15 is IP address of SSDB server

If the migration is completed, you can change the value of zimbraEphemeralBackendURL

zmprov mcf zimbraEphemeralBackendUrl ssdb:192.168.2.15:8888

Now, your server already uses SSDB for ephemeral data. You can view the SSDB logs in the /usr/local/ssdb/log.txt file.

When using SSDB, the last login status is not updated. I have already informed Zimbra Support about this issue. Hopefully in the future, Zimbra has a solution.

Good luck 🙂

13 comments

  1. Pingback: Tips Integrasi Zimbra dengan Zoom - Ahmad Imanudin

  2. Halo Mas imanudin,
    mungkin melenceng dari topik ini.
    mau menanyakan. jika kita menggunakan zimbra community, apakah memungkinkan, email yang dikirim sender email mengirim email juga ke beberapa email secara otomatis tanpa sepengetahuan oleh pengirimnya.

    Reply

  3. Hi Mas Imanudin,
    do you have any example case in High availability wity zimbra, for example multiple ISP, is it possible to use 2 ISP , in case main Provider is down, it switch ‘automatically’ into backup provider.
    is there any consideration of propagation Time in MX record or PTR Record.

    thank you before..

    Reply

    1. Hi mas Kahar,
      You can configure at the router level. Zimbra server uses local IP then DNAT/PAT from router to access from internet

      Reply

  4. Hello Iman, nice to meet you. I see your zimbra tutorials are very helpful. I wanted to consult you, you do not have sqlite blocking problems with those volumes of clients, I manage a zimbra server with about 1000 accounts and each time it throws the error warning: problem talking to server localhost: 10031:
    Looking for info I saw that they advise to use mysql instead of sqlite, but I have failed in integration tests. Greetings

    Reply

  5. Hello Iman, great work!

    Any news on the use of SSDB for integrating with Zoom?

    And, did Zimbra developers ever respond to you with a solution regarding last login status not updated when using SSDB?

    A separate question — we have been researching resource guidelines for Zimbra multi-server as far as how much resources (roughly) to provide each node based on total # of mailboxes. So cpu & ram suggested for proxy vs LDAP vs mailbox servers, etc. Since you seem to work on many sized systems perhaps you have a general idea.

    Many Thanks!

    Reply

  6. Hai Mas Ahmad,

    pada step ini, jika saya memiliki multi server, lalu pada server manakah command ini di jalankan ?

    # Configure Zimbra Collaboration to use SSDB

    Migrate existing ephemeral data to the SSDB backend using the zmmigrateattrs utility

    su – zimbra
    /opt/zimbra/bin/zmmigrateattrs ssdb:192.168.2.15:8888

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.