Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] Help! Zimbra upgrade to 5.0.9 breaks pam_ldap authentication

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-20-2008, 07:53 AM
Active Member
  
Posts: 45
Default [SOLVED] Help! Zimbra upgrade to 5.0.9 breaks pam_ldap authentication
Hello,

I just upgraded to Zimbra 5.0.9 (from 5.0.4) and while the upgrade went well with regards email, we also use Zimbra as an LDAP master for the company and unfortunately the unix hosts are failing authentication through pam_ldap.

(Interestingly everything else which authenticates against that LDAP - Samba, Radius, Apache is working fine).

/var/log/secure reports:
Aug 20 23:32:21 samba sshd[2254]: fatal: login_get_lastlog: Cannot find account for uid 1024

and a sudo su - reports:
sudo: uid 1024 does not exist in the passwd file!

But getent passwd shows the entry for that UID:
[user@samba ~]$ getent passwd | grep 1024
user:*:1024:1027:User Account:/home/user:/bin/bash

Anyone any ideas?

Cheers,
David
Reply With Quote
  #2 (permalink)  
Old 08-21-2008, 02:31 AM
Active Member
  
Posts: 45
Default
Ok, looking further, I can browse the LDAP tree just fine, but when I start to search it using filters, the data that is browsable is not coming back. As such, I am assuming that the LDAP is corrupt, in spite of a lack of error messages to confirm this.

I have tested that I can restore my backup from immediately prior to the upgrade (yes jholder, I did read!) but prior to applying this process to the production server wanted to know what the implications of a restored 5.0.4 LDAP tree running on a 5.0.9 Zimbra instance.

Will I need to reapply any changes between the two versions? And if so, how?

Cheers,
David
Reply With Quote
  #3 (permalink)  
Old 08-24-2008, 04:51 PM
Active Member
  
Posts: 45
Default
Zimbra support confirmed that running a 5.0.4 LDAP tree against the upgraded 5.0.9 Zimbra should not be a problem. Although they are still analysing one of my log files to ensure there are no ongoing issues as a result.

To restore the LDAP tree I did (as Zimbra):

$ mv openldap-data openldap-data-crash
$ mkdir -p /opt/zimbra/openldap-data/logs /opt/zimbra/openldap-data/accesslog/db /opt/zimbra/openldap-data/accesslog/logs
$ cp openldap-data-crash/DB_CONFIG openldap-data
$ cp openldap-data-crash/accesslog/db/DB_CONFIG openldap-data/accesslog/db
$ cd openldap-data
$ /opt/zimbra/openldap/sbin/slapadd -q -b "" -f ~/conf/slapd.conf -cv -l ../backup/sessions/full-<backup tag>/ldap/ldap.bak

Other forum entries have a similar procedure, but mine was different for some reason - by virtue of the accesslog db. The -b "" was required to ensure the correct DB dirs were used.

There is no need to run a slapindex afterwards apparently.

So I ran this and it all appeared to work. Thanks to Zimbra support for all their help.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.