Creating posix accounts creates error

[timwiel]

ZIMBRA VERSION: 5.0.2_GA_1975.UBUNTU6.20080130235804
UNAME: Linux maungatua 2.6.15-28-server #1 SMP Wed Jul 18 23:11:55 UTC 2007 i686 GNU/Linux
OS: Ubuntu 6.06LTS

I have installed Open Source Zimbra on an ubuntu server using the guide located at: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

- I have successfully loaded the admin zimlets and created the samba configuration and upload reload of samba and zimbra the domain was loaded into the zimbra admin samba window.

However trying to add a posix account using the following information creates an error:



The error created results in the following in the /opt/zimbra/log/mailbox.log

Code:

Code:service.FAILURE
        at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:183)
        at com.zimbra.ldaputils.CreateLDAPEntry.createSubcontext(CreateLDAPEntry.java:119)
        at com.zimbra.ldaputils.CreateLDAPEntry.createLDAPEntry(CreateLDAPEntry.java:85)
        at com.zimbra.ldaputils.CreateLDAPEntry.handle(CreateLDAPEntry.java:61)
        at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:342)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:208)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:113)
        at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:272)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:174)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
        at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
        at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
        at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
        at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
        at org.mortbay.jetty.handler.RewriteHandler.handle(RewriteHandler.java:176)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
        at org.mortbay.jetty.Server.handle(Server.java:313)
        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
        at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
        at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
        at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - no write access to parent]; remaining name 'cn=Domain Users,ou=groups,dc=fmhs,dc=co,dc=nz'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3013)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
        at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
        at com.zimbra.ldaputils.CreateLDAPEntry.createSubcontext(CreateLDAPEntry.java:105)
        ... 32 more

I have searched and searched the forums, wiki, other google search relating to other applications (ie Specifying write access for more then one user?) and have found no information on how to fix this issue.

Additionally - I am un sure if it is related when I do a ldap search I get this error:

Code:

root@maungatua:~# /opt/zimbra/openldap/bin/ldapsearch -h fmhs.co.nz -b dc=fmhs,dc=co,dc=nz objectclass=posixaccount
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)

I would love some help on this issue - we have several clients wishing to impliment this solution, two who are soon to be network edition clients.

Any other information I will gladly post....

[timwiel]

I have just tried to create a ldap group with webmin as below:



However it create this error

Code:

Failed to save group : Failed to add group to LDAP database : objectclass: value #1 invalid per syntax

and this error in the /var/log/zimbra.log

Code:

Feb 21 11:45:51 fmhs e/webmin/ldap-useradmin/save_group.cgi: unable to dlopen /opt/zimbra/cyrus-sasl-2.1.22.3z/lib/sasl2/libgssapiv2.so.2: /opt/zimbra/heimdal-1.0.2/lib/libhx509.so.1: undefined symbol: EVP_CIPHER_iv_length

However if I remove the option to create a samba group from webmin then I am successful and the posix group appears in zimbraAdmin - however then trying to modify the group and adding a samba group fails in zimbra.

This is starting to get infuriating

[quanah]

Code:

Failed to save group : Failed to add group to LDAP database : objectclass: value #1 invalid per syntax

and this error in the /var/log/zimbra.log

This error indicates that you are missing a schema file necessary for the operation to succeed, as it cannot find the objectClass referenced in the server.

[quanah]

Code:

Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - no write access to parent]; remaining name 'cn=Domain Users,ou=groups,dc=fmhs,dc=co,dc=nz'

Code:

root@maungatua:~# /opt/zimbra/openldap/bin/ldapsearch -h fmhs.co.nz -b dc=fmhs,dc=co,dc=nz objectclass=posixaccount
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)

Unless you have Kerberos set up, I suggest you add a -x to your ldapsearch command. On the other error, are you sure that the ou=groups,... entry already exists prior to trying to add things to it?

--Quanah

[Greg]

Just fixed the bug (will be in 5.0.3) and fixed some errors in the HowTo for Zimbra+Samba integration.