Can not access admin console after 5.0.2 upgrade

[quanah]

Quote:

Originally Posted by iggy

Thank you for the files. Give us a moment to analyze and we'll get right back to you.

The supplied slapd.conf.in clearly illustrates why this error is occuring:

Code:

# only allow access to these attrs basically GAL/Postfix related attrs

access to dn.subtree="ou=people,dc=XXXXX,dc=com"
        by * read

access to dn.subtree="ou=groups,dc=XXXXX,dc=com"
        by * read

Since you've locked down all access to those subtrees to READ only, nothing can write to it. You need to fix your ACLS to be like:

Code:

# only allow access to these attrs basically GAL/Postfix related attrs

access to dn.subtree="ou=people,dc=XXXXXXX,dc=com"
        by dn.children="cn=admins,cn=zimbra" write
        by * read

access to dn.subtree="ou=groups,dc=XXXXXXX,dc=com"
        by dn.children="cn=admins,cn=zimbra" write
        by * read

Also, I'd advise you to move all the index statements that got added up with the other index statements, and move the added access lines to before the

Code:

#overlay syncprov

line, as overlays are the last things that should be listed in a given database configuration. If you later enable replication, you may hit problems with your current configs.

--Quanah

[wolrah]

That has fixed it, though I should note that the entries I had came straight from the wiki page on LDAP/Samba integration and were the same ones that worked fine on 4.5.x.

[quanah]

Quote:

Originally Posted by wolrah

That has fixed it, though I should note that the entries I had came straight from the wiki page on LDAP/Samba integration and were the same ones that worked fine on 4.5.x.

Yes, things changed a bit between 4.5.x and 5.0.x as we are tightening up various things. I'll make sure the wiki page gets updated appropriately.

Regards,
Quanah