Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: ZCS 6.0 rc1 samba integration problem

  1. #1
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    6

    Default ZCS 6.0 rc1 samba integration problem

    Hi,

    I am trying to integrate zcs 6.0 rc1 with a samba server conform the instructions on UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki and all is going well until the adjustment of the ldap acls at the end of part 1. There I get the next error:

    zimbra@mail:~/log$ ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
    Enter LDAP Password:
    modifying entry "olcDatabase={2}hdb,cn=config"
    ldap_modify: No such attribute (16)
    additional info: modify/delete: olcAccess: no such value

    Any ideas? If I continue I see that the deployment of the samba admin extension zimlet isn't working; the org.role "machines" isn't created in the ldap db for instance.

    Am I to early to try this?

    Regards

    Ferry

    Zimbra version: Release 6.0.0_RC1_1684.UBUNTU8 UBUNTU8 NETWORK edition.
    Last edited by Hivos; 08-27-2009 at 02:23 PM. Reason: additional info

  2. #2
    peracchi is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Exclamation

    Hi,

    Same thing here but using Zimbra 6.0.1 on a Ubuntu 8.04.3 Server (64-bit).

    Everything went fine until:

    Now, you need to adjust the LDAP acls so that these new users can read the data necessary from the LDAP server. This will need to be done on each LDAP server that exists. Create a file called /tmp/acl.ldif and add the following to it. If this is a master with replicas, you need to change the olcDatabase line to be olcDatabase={3}hdb,cn=config in both sections.
    Content of /tmp/acl.ldif

    Code:
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    delete: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    -
    add: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    add: olcAccess
    olcAccess: {10}to dn.subtree="dc=zimbra,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=zimbra,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {12}to dn.subtree="ou=groups,dc=zimbra,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=zimbra,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    After issue:

    Code:
    ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
    I get:

    Code:
    zimbra@zimbra:~$ ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
    Enter LDAP Password:
    modifying entry "olcDatabase={2}hdb,cn=config"
    ldap_modify: No such attribute (16)
    	additional info: modify/delete: olcAccess: no such value
    Another question, in the article it says:

    In this example I will use the domain gregzimbra1.zimbra.com, which is the name of my Ubuntu Linux machine running inside a VMWare instance...
    and

    Be sure to replace dc=gregzimbra1,dc=zimbra,dc=com with your actual domain
    We must use the FQDN of the zimbra host (in my case zimbra.example.com) or only the domain (again in my case example.com)?


    Any ideas?

  3. #3
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,281
    Rep Power
    10

    Default

    The domain.

    Was your ubuntu server an upgrade or a fresh install of 6.0.1?
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    peracchi is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Hi quanah!

    Itīs a fresh install.

    Do you know what may be the cause of the problem indicated by:

    Code:
    zimbra@zimbra:~$ ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
    Enter LDAP Password:
    modifying entry "olcDatabase={2}hdb,cn=config"
    ldap_modify: No such attribute (16)
    	additional info: modify/delete: olcAccess: no such value

  5. #5
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,281
    Rep Power
    10

    Default

    Well, I'd ask why you are using RC1, since samba/posix wasn't supported until 6.0.0 GA, and you should really be using 6.0.1 at this point.

    The error means that it finds no such matching olcAccess value in the configuration database. Is this a master LDAP server with replication enabled?
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    peracchi is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Hi quanah!

    I am using 6.0.1 GA Release (zcs-6.0.1_GA_1816.UBUNTU8_64.20090911235613.tgz)

    Zimbra standalone server.


  7. #7
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,281
    Rep Power
    10

    Default

    Quote Originally Posted by peracchi View Post
    Hi quanah!
    I am using 6.0.1 GA Release (zcs-6.0.1_GA_1816.UBUNTU8_64.20090911235613.tgz)
    Zimbra standalone server.
    Ok, then you need to examine your olcAccess values.

    Code:
    ldapsearch -x -H ldapi:/// -D cn=config -W -b olcDatabase={2}hdb,cn=config olcAccess
    In particular, value {9} of the result.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    peracchi is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Hi quanah!

    Output of ldapsearch -x -H ldapi:/// -D cn=config -W -b olcDatabase={2}hdb,cn=config olcAccess before:

    Code:
    # extended LDIF
    #
    # LDAPv3
    # base <olcDatabase={2}hdb,cn=config> with scope subtree
    # filter: (objectclass=*)
    # requesting: olcAccess
    #
    
    # {2}hdb, config
    dn: olcDatabase={2}hdb,cn=config
    olcAccess: {0}to attrs=userPassword  by anonymous auth  by dn.children="cn=adm
     ins,cn=zimbra" write
    olcAccess: {1}to dn.subtree="cn=zimbra"  by dn.children="cn=admins,cn=zimbra"
     write
    olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi
     mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z
     imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword  by dn.children="cn=admi
     ns,cn=zimbra" write  by * none
    olcAccess: {3}to attrs=objectclass  by dn.children="cn=admins,cn=zimbra" write
       by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read  by dn.base="uid=zmam
     avis,cn=appaccts,cn=zimbra" read  by users read  by * none
    olcAccess: {4}to attrs=@amavisAccount  by dn.children="cn=admins,cn=zimbra" wr
     ite  by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read  by * +0 break
    olcAccess: {5}to attrs=mail  by dn.children="cn=admins,cn=zimbra" write  by dn
     .base="uid=zmamavis,cn=appaccts,cn=zimbra" read  by * +0 break
    olcAccess: {6}to attrs=zimbraAllowFromAddress  by dn.children="cn=admins,cn=zi
     mbra" write  by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read  by * none
    olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))"  attrs=cn,co,company,dc,di
     splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal
     Code,sn,st,street,streetAddress,telephoneNumber,title,uid  by dn.children="cn
     =admins,cn=zimbra" write  by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" re
     ad  by users read  by * none
    olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa
     nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z
     imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar
     dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z
     imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv
     eryDisabled  by dn.children="cn=admins,cn=zimbra" write  by dn.base="uid=zmpo
     stfix,cn=appaccts,cn=zimbra" read  by * none
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by *
      read
    Then I issue a ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W comand on the following content of acl.ldif:

    Code:
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    delete: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    -
    add: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    add: olcAccess
    olcAccess: {10}to dn.subtree="dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {12}to dn.subtree="ou=groups,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    Which gives me the

    Code:
    modifying entry "olcDatabase={2}hdb,cn=config"
    ldap_modify: No such attribute (16)
            additional info: modify/delete: olcAccess: no such value


    Thanks for your help and your time!

  9. #9
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,281
    Rep Power
    10

    Default

    Quote Originally Posted by peracchi View Post
    Hi quanah!

    Output of ldapsearch -x -H ldapi:/// -D cn=config -W -b olcDatabase={2}hdb,cn=config olcAccess before:
    There's something off in your ldif file, as best I can tell, but I can't see what via the cut/paste through the forum. :/

    The replace op for {9} appears to match up to me:
    Code:
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    but there must be something different (a space at the end of your line? a tab instead of a space somewhere?) that isn't apparent to me. :/
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #10
    peracchi is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Hi quanah!

    I have made copy/paste from UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 ( UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki )

    From that page:

    Code:
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    delete: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    -
    add: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    add: olcAccess
    olcAccess: {10}to dn.subtree="dc=gregzimbra1,dc=zimbra,dc=com"  by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=gregzimbra1,dc=zimbra,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    olcAccess: {12}to dn.subtree="ou=groups,dc=gregzimbra1,dc=zimbra,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=gregzimbra1,dc=zimbra,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    Then I done at zimbra:

    Code:
    echo "
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    delete: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    -
    add: olcAccess
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    add: olcAccess
    olcAccess: {10}to dn.subtree="dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {12}to dn.subtree="ou=groups,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=example,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    " | tee /tmp/acl.ldif
    
    ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Yahoo! Zimbra Desktop for ZCS 6.0 Guns and Roses
    By aldennis in forum General Questions
    Replies: 8
    Last Post: 09-11-2009, 06:02 PM
  2. Problem with iPhone 3.01 and RC1
    By folioguru in forum Zimbra Mobile
    Replies: 2
    Last Post: 08-26-2009, 12:57 PM
  3. ZCS 6.0 NE Private Beta!
    By jholder in forum Announcements
    Replies: 0
    Last Post: 05-22-2009, 10:20 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •