Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: 5.0.x to 6.0 Upgrade with Samba/Posix Extensions

  1. #1
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default 5.0.x to 6.0 Upgrade with Samba/Posix Extensions

    Hey all,

    Has anyone successfully upgraded to 6.0 NE with Samba/Posix Extensions?
    Last weekend was hellish as I attempted to follow the various wiki pages, and ended up with a broken system that Zimbra support had no idea how to fix (they spent 12 hours logged into my server and couldn't figure out how to fix the problem). I ended up having to restore 5.0.18 from backups (my 50 users had no Email, Windows, or Linux access the entire day).

    I wish someone would create *1* wiki page for admins in my scenario. The updated wiki's (1,2,3,4) could be integrated better. I'd like to see 1 wiki page with instructions, *in order*, to successfully complete this upgrade.

    Your thoughts?

  2. #2
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    bump

  3. #3
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Which wiki pages did you use? I've talked with several people using the 6.0 Samba/Posix wiki to upgrade without issue.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    I listed them in my post above.
    Can one of the "several people" you've talked to respond to my post?

  5. #5
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    You can talk to a few on IRC, if you sign onto freenode and join the #zimbra channel.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    If it helps at all the steps that I used are basically as follows:
    1. install.sh -s
    To get the new LDAP software to work with
    2. Installing custom ldap schema 6.0 - Zimbra :: Wiki
    This wiki is pretty much a howto for NIS and Samba schema installation however the "ldap start" start ran for a few minutes and never appeared to actually complete, but it did create the config files which I modified later so it got what I needed accomplished. I only called it once at the end of doing the steps on that page
    3. Optimizing 50 to 60 LDAP upgrade - Zimbra :: Wiki
    Do what it says to add the indicies. (I ignored Adding ldap indices 6.0 - Zimbra :: Wiki as that is only applicable if the LDAP database is up, running, and the key part... updated to 6.0 schema already)
    4. /opt/zimbra/libexec/zmsetup.pl
    Run the upgrade process to update all the schema and actually make your system 6.0.0
    5. zmcontrol stop
    After it is all setup... shut all the zimbra processes down.
    6. UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki
    Finally got to things in here, I ignored all of the steps related to configuring the zmposix and zmposixroot accounts as the Samba server is separate on my setup and uses the admin user to authenticate.
    You do need to do the modificiations at the end of Part 1 related to the ACL, but I didn't bother messing around with an .ldiff file and instead directly modified /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif when the LDAP server was shut down.
    7. zmcontrol start
    8. redeploy the samba and posix admin extensions, remembering to modify the values as described at the beginning of part 2.

    I ignored most of the rest of the UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki document as it was already setup before and didn't change for me since the Samba server is separate.

    Hope this helps.

  7. #7
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    Thanks. That sort of helps. I'd still like to see more formal instructions issued by Zimbra. When you're dealing with live systems, there's just too much at stake to take chances, even with backups readily available. You want to go into the upgrade knowing that it will succeed...

  8. #8
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    Quote Originally Posted by ArcaneMagus View Post

    I ignored all of the steps related to configuring the zmposix and zmposixroot accounts as the Samba server is separate on my setup and uses the admin user to authenticate.
    You do need to do the modificiations at the end of Part 1 related to the ACL, but I didn't bother messing around with an .ldiff file and instead directly modified /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}hdb.ldif when the LDAP server was shut down.
    I'm a little unclear about this. The wiki says you need to create these 2 users, doesn't it? I have a separate Samba server too, but I don't understand what the difference is. In the 5.0.x setup, doesn't Zimbra use "cn=config" as the bind DN?
    Please explain...

  9. #9
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Quote Originally Posted by mackoftrack View Post
    I'm a little unclear about this. The wiki says you need to create these 2 users, doesn't it? I have a separate Samba server too, but I don't understand what the difference is. In the 5.0.x setup, doesn't Zimbra use "cn=config" as the bind DN?
    Please explain...
    The difference is security. The original wiki should never, ever have suggested using the cn=config user, as that user can add/modify/delete *anything* in the OpenLDAP database, including the server configuration. It is particularly bad, since it uses the cn=config as the less secure user over the zimbra admin user, even though it has more access. That is why when I wrote the 6.0 wiki, I set it up so that two brand new users are used, with very limited access to the LDAP database, and no ability to modify the server configuration.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #10
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    Quote Originally Posted by quanah View Post
    The difference is security. The original wiki should never, ever have suggested using the cn=config user, as that user can add/modify/delete *anything* in the OpenLDAP database, including the server configuration. It is particularly bad, since it uses the cn=config as the less secure user over the zimbra admin user, even though it has more access. That is why when I wrote the 6.0 wiki, I set it up so that two brand new users are used, with very limited access to the LDAP database, and no ability to modify the server configuration.
    Ok. So that being said, I *should* follow the new Wiki's instructions and create those two users?

Page 1 of 4 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade ZCS 5.0.x -> ZCS 6.0 beta
    By fisch09 in forum Installation
    Replies: 10
    Last Post: 05-08-2009, 11:28 AM
  2. Upgrade instructions in 5.0.10 too muddy to understand
    By johnshen in forum Installation
    Replies: 4
    Last Post: 12-06-2008, 06:19 AM
  3. LDAP Replicas 4.5.x > 5.0.x
    By mmorse in forum Announcements
    Replies: 0
    Last Post: 01-28-2008, 04:05 PM
  4. .53 Will Not "Launch" in FF 2.0.0.6
    By jhoelz in forum Installation Help
    Replies: 4
    Last Post: 08-04-2007, 09:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •