Zimbra

fruitlounge · #1 (**permalink**) 10-16-2007, 08:14 AM

Using the wiki guide from Greg I'm trying to get this all setup on a 4.5.7 NE box, but I cannot get it to fully work

First problem I had was after adding
index memberUID eq
I got the following error while starting LDAP:
/opt/zimbra/conf/slapd.conf: line 189: index attribute "memberUID" undefined
(repeated about 8 times, and stalling the startup script)

All the other indexes (uidNumber/gidNumber/sambaSID/sambaPrimaryGroupSID and sambaDomainName) work without any problems.

I simply commented out the line and all the services started (hurray!)

Then I configured my Samba server, all went well, and I ended up with the domain "FRUITLOUNGE" in the Zimbra Admin, so far everything is looking great.

However when I now try to create a new posix group I get the following error (when I hit the "save" button):

Code:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
<context xmlns="urn:zimbra">
<userAgent name="ZimbraWebClient - FF2.0 (Win)" version="undefined"/>
<sessionId id="319"/>
<authToken>
0_746aca4048a8d47654b91a8cd2717cbf10f9d3a8_69643d33363a63626639666364662d393739302d346166342d623061362d3630393837373437356138353b6578703d31333a313139323537383631333136373b61646d696e3d313a313b
</authToken>
<format type="js"/>
</context>
</soap:Header>
<soap:Body>
<CreateLDAPEntryRequest xmlns="urn:zimbraAdmin">
<dn>
cn=domainadmins,ou=groups,dc=fruitlounge,dc=com
</dn>
<a n="objectClass">
posixGroup
</a>
<a n="objectClass">
sambaGroupMapping
</a>
<a n="gidNumber">
10001
</a>
<a n="cn">
domainadmins
</a>
<a n="sambaSID">
S-1-5-21-585104946-545877157-2381664453-512
</a>
</CreateLDAPEntryRequest>
</soap:Body>
</soap:Envelope>

Code:

Body: {
  Fault: {
    Code: {
      Value: "soap:Sender"
     },
    Detail: {
      Error: {
        Code: "account.INVALID_ATTR_VALUE",
        Trace: "com.zimbra.cs.account.AccountServiceException: createLDAPEntry invalid attr value: [LDAP: error code 21 - objectClass: value #0 invalid per syntax]
	at com.zimbra.cs.account.AccountServiceException.INVALID_ATTR_VALUE(AccountServiceException.java:119)
	at com.zimbra.ldaputils.CreateLDAPEntry.createSubcontext(CreateLDAPEntry.java:95)
	at com.zimbra.ldaputils.CreateLDAPEntry.createLDAPEntry(CreateLDAPEntry.java:69)
	at com.zimbra.ldaputils.CreateLDAPEntry.handle(CreateLDAPEntry.java:45)
	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:276)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:173)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:95)
	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:221)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClass: value #0 invalid per syntax]; remaining name 'cn=domainadmins,ou=groups,dc=fruitlounge,dc=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3018)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
	at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
	at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
	at com.zimbra.ldaputils.CreateLDAPEntry.createSubcontext(CreateLDAPEntry.java:89)
	... 24 more
",
        _jsns: "urn:zimbra"
       }
     },
    Reason: {
      Text: "createLDAPEntry invalid attr value: [LDAP: error code 21 - objectClass: value #0 invalid per syntax]"
     }
   }
 },
Header: {
  context: {
    _jsns: "urn:zimbra",
    change: {
      token: 1300
     },
    sessionId: [
      0: {
        _content: "319",
        id: "319",
        type: "admin"
       }
     ]
   }
 },
_jsns: "urn:zimbraSoap"

After much thinking what might went wrong I even tried to build my own LDIF file:

Code:

dn:cn=domainadmins,ou=groups,dc=fruitlounge,dc=com
objectClass:posixGroup
gidNumber:10001
cn:domainadmins

(a simplistic version of the request made from the Zimlet (without the Samba parts)) but it didn't work, gave me the same: [LDAP: error code 21 - objectClass: value #0 invalid per syntax];
[/code]

To me it looks like the NIS schema doesn't load properly but I have the lines in the slapd.conf.in file so it should load properly...

fruitlounge · #2 (**permalink**) 10-21-2007, 11:50 PM

Anybody with tips on what I can try to get this working?

Thanks!

ppearl · #3 (**permalink**) 10-28-2007, 12:20 PM

Quote:

Originally Posted by fruitlounge

Using the wiki guide from Greg I'm trying to get this all setup on a 4.5.7 NE box, but I cannot get it to fully work

First problem I had was after adding
index memberUID eq
I got the following error while starting LDAP:
/opt/zimbra/conf/slapd.conf: line 189: index attribute "memberUID" undefined
(repeated about 8 times, and stalling the startup script)

All the other indexes (uidNumber/gidNumber/sambaSID/sambaPrimaryGroupSID and sambaDomainName) work without any problems.
...

I believe you are dealing with two issues...

#1 Slow startup due to slapd not running (chicken/egg problem).
#2 Potentially invalid config/extra white space tripping up slapd conf parser.

ISSUE #1 Slow startup due to slapd not running (chicken/egg problem).
Do you see messages like these in /var/log/messages when trying to start "slapd"?

Code:

Oct 28 13:39:01 myhost slapd[28571]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Oct 28 13:39:05 myhost slapd[28571]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...

If so, consider changing /etc/nsswitch.conf so that group lookups do not hit LDAP (annoying but perhaps better than the alternative behavior). The following is an example of the change along with some comments so you'll remember why you did it:

Code:

#NOTE: group lookups when slapd isn't running are TOO SLOW!
#OFF group:      files ldap
group:      files

ISSUE #2 Potentially invalid config/extra white space tripping up slapd conf parser.

Check your slapd.conf.in, does your include for "nis.schema" come after an include statement that is on a line with leading whitespace? If so, remove the leading whitespace:

Change this:

Code:

               include "/opt/zimbra/lib/conf/zimbra-ext.schema"

To this (leading whitespace removed):

Code:

include               "/opt/zimbra/lib/conf/zimbra-ext.schema"

Then you can put your index directive back in:

Code:

index memberUid                 eq

Hope this helps!

fruitlounge · #4 (**permalink**) 11-08-2007, 04:32 AM

Sorry for the late reply but I've been traveling for about two weeks.

I've just tried your hints, I'm not sure why you though I had a slow start issue so I didn't do anything about it, but the second hint about removing the whitespace before the include line did the trick. I can now create groups using Zimbra.

Thank you very much.

olgo · #5 (**permalink**) 11-11-2007, 11:06 PM

hi... to all.. first post... i wish luck....

with many dificuls ... I have sucsesfull install on vmware vm with ubuntu 6.06 server a zcs open source 4.5.9_GA_1454... and work ok

I also the zimlet to admin posix & samba... and updated the samba schema for ldap and all etc....

BUT... the diference of my case and the video posted... is that I have not created any group of user on posix...

AND ... if i try to create one ... via Zimbra Admin... I get this error...

on screen:
Message: system failure: createLDAPEntry
Error code: service.FAILURE
Method: ZmCsfeCommand.prototype.invoke
Details:soap:Receiver

on log:
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=AD admin,ou=groups,dc=zimbra,dc=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.jav a:3030)
etc...
... 24 more

help....I pay the beer...
thz... pd: what is trackback??