Zimbra

trakkert · #21 (**permalink**) 10-15-2008, 06:51 AM

all users have the same schemas.

The only difference between root and the rest, is that it got added through the smbpasswd command and not from the admin GUI.

After I checked the LDAP-tree with a browser I found a entry for root, but with minimum of objects:

uid root
displayName root
objectClass sambaSamAccount
objectClass account

Tried a smbpasswd -x root without luck.. Apparantly i need to remove this entry from my ldap, but how?

lithorus · #22 (**permalink**) 10-15-2008, 06:58 AM

Quote:

Originally Posted by trakkert

all users have the same schemas.

The only difference between root and the rest, is that it got added through the smbpasswd command and not from the admin GUI.

After I checked the LDAP-tree with a browser I found a entry for root, but with minimum of objects:

uid root
displayName root
objectClass sambaSamAccount
objectClass account

Tried a smbpasswd -x root without luck.. Apparantly i need to remove this entry from my ldap, but how?

I can recommend using Apache Directory Studio

trakkert · #23 (**permalink**) 10-16-2008, 01:41 AM

Error while deleting entry
[LDAP: error code 50 - no write access to parent]
[LDAP: error code 50 - no write access to parent]

This is with my admin user.

lithorus · #24 (**permalink**) 10-16-2008, 02:05 AM

Quote:

Originally Posted by trakkert

Error while deleting entry
[LDAP: error code 50 - no write access to parent]
[LDAP: error code 50 - no write access to parent]

This is with my admin user.

The ldap root user (zimbra) and not just the "admin" account?

trakkert · #25 (**permalink**) 10-16-2008, 06:07 AM

admin is the name of my ldap administrator, so i believe yes to your question.

Also in the admin GUI, when i go to edit account -> General Information -> Account Setup: he is set as administrator.

But is there another user, that is associated to the LDAP password? Atleast I cant see anyone in my ldap tree.

lithorus · #26 (**permalink**) 10-16-2008, 06:13 AM

Quote:

Originally Posted by trakkert

admin is the name of my ldap administrator, so i believe yes to your question.

Also in the admin GUI, when i go to edit account -> General Information -> Account Setup: he is set as administrator.

But is there another user, that is associated to the LDAP password? Atleast I cant see anyone in my ldap tree.

You cannot control the ldap admin account in zimbra account manager. The ldap admin/root account is specifically called 'zimbra'.
The bind string is like this :
"uid=zimbra,cn=admins,cn=zimbra"
you can get the ldap root account password with the following commands :

Quote:

su zimbra
zmlocalconfig -s ldap_root_password

trakkert · #27 (**permalink**) 10-16-2008, 06:35 AM

Quote:

Originally Posted by lithorus

You cannot control the ldap admin account in zimbra account manager. The ldap admin/root account is specifically called 'zimbra'.
The bind string is like this :
"uid=zimbra,cn=admins,cn=zimbra"
you can get the ldap root account password with the following commands :

Aha, there I got it. root is gone and readded as an alias.
And now i finally understand why there were so few objects on my users in ldap

You have been great assistance, thank you for your help!

devnul · #28 (**permalink**) 01-20-2009, 01:12 PM

i administer a zimbra server for both my company, and our parent company. All of the user accounts are in two different domains, and I was wondering if anyone had any input on making a single samba instance authenticate against both domains.

If this is not possible, would it be possible at this point to setup an external ldap server, and have both domains authenticate against this ldap server with minimum reconfiguration on the zimbra side of things? I realize this may not be the appropiate place to ask the second question, but these things go hand in hand for me. Thanks in advance for any help.

stegbth · #29 (**permalink**) 01-21-2009, 07:22 AM

hi devnul,

how do you currently authenticate the two samba-server's.

what we have done in a similar situation (two samba-server on two location's)

i am running on both side's a ldap-server (on ubuntu 8.04.1) replicate this two and authenticate samba against this openldap.

the user's get managed by gosa (http://www.gosa-project.org), when a user get created in gosa with mail-attribute's gosa execute's a script (running with ssh on the zimbra-server, which is only on one location) and create's with zmprov the account with the attribute's out the ldap-server.

authentication within Zimbra is done against the openldap-Server, so zimbra, samba and unix-logon's are in one database.
it is necesarry the account-name's are the same in both part's (ldap, samba and zimbra, the domain-part cat get cuted off, when auth to ldap from zimbra)

this would be some work on the system, but pretty less on zimbra's side.

disadvantage: password modify cant be done in zimbra.

greetings
thomas

jram · #30 (**permalink**) 01-28-2009, 02:29 AM

Quote:

Originally Posted by msghaleb

for me it seams to be domain issue, in the Howto, zimbra is the server name and tm.local is the domain name.

FQDN = zimbra.tm.local

make sure to follow in the same way in regards with your setup, its kinda commen problem by the way.

If you are sure let us know

Thank you.

M. Ghaleb

Hi Everybody,

I'm new to Zimbra and Ubuntu and i installed with the tutorial given in this forum. I got the same issue that i do not get samba group tap while creating Posix Group. Please can i get detailed information to understand this and help me in resolving this issue.

Thanks
Jram

Zimbra

Downloads

Product Information

Toolbox

Why Join?