[SOLVED] Unable to add user after LDAP mishap

[peter@mxtoolbox.com]

One of my admins came to me and said they couldn't add an account, but it didn't exist either. In the mailbox.log I found:

2008-07-17 11:02:37,773 INFO [btpool0-6708] [name=admin@host.domian.com;ip=xx.xx.xx.xx;] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: unable to get account after creating LDAP account entry: admin@otherdomain.com, check ldap log for possible BDB deadlock
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:183)
at com.zimbra.cs.account.ldap.LdapProvisioning.create Account(LdapProvisioning.java:763)
....
....
(cont'd)

I can't pull zimbra.logs because that partition had very recently filled up and so I have no zimbra.log from that period. I have since cleaned up the partition and restarted my zimbra.log.

From the CLI we see very unlogical behavior:

[zimbra@host ~]$ zmprov ga admin@otherdomain.com
ERROR: account.NO_SUCH_ACCOUNT (no such account: admin@otherdomain.com)
[zimbra@host ~]$ zmprov ca admin@otherdomain.com abcd1234
ERROR: account.ACCOUNT_EXISTS (email address already exists: admin@otherdomain.com)
[zimbra@host ~]$ zmprov da admin@otherdomain.com
ERROR: account.NO_SUCH_ACCOUNT (no such account: admin@otherdomain.com)


Any ideas?

[p24t]

It's possible that there is some extraneous info in your LDAP. You might want to look through the tree and see if that account/email name exists in there, and try to remove it.

I haven't tried to edit the Zimbra LDAP tree myself before, so I can't say what you'll have to do exactly. Even then, obviously I'd recommend backing things up before poking at the internals.

[peter@mxtoolbox.com]

What tools / commands do you use / recommend to look at the LDAP tree?

[p24t]

I normally use the CLI tools such as ldapsearch, ldapmodify, etc. You can have it spit out the entire tree using 'ldapsearch -x -h <host>'.

[peter@mxtoolbox.com]

Here's what support sent to me.

Quote:

$ldapsearch -x -h `zmhostname` -D cn=config -w `zmlocalconfig -s -m nokey zimbra_ldap_password` "admin@otherdomain.com"

I had to pipe this to grep to find the dn for the account.

Quote:

Once you get the dn of alias account, you can do ldapdelete:
$ ldapdelete -x -v -h `zmhostname` -D "cn=config" -w `zmlocalconfig -s -m nokey zimbra_ldap_password`<dn that you get from executing above mentioned ldapsearch>

I initially tried this with the <> characters, but then realized that they are not literal. My command looked like this

Quote:

ldapdelete -x -v -h `zmhostname` -D "cn=config" -w `zmlocalconfig -s -m nokey zimbra_ldap_password` uid=admin,ou=people,dc=otherdomain,dc=com