Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: [SOLVED] Repair corrupted LDAP

  1. #1
    charles119 is offline Active Member
    Join Date
    Sep 2008
    Posts
    27
    Rep Power
    6

    Question [SOLVED] Repair corrupted LDAP

    Hi,

    I upgraded to 6.0.1 without any problem, except one: my LDAP account seems to be corrupted...just mine, for other users it's all good.

    I installed posix and samba zimlets. they work fine, I can manage users through zimbra UI

    When I try to access a share with my account, access is denied. In samba logs I can see
    Code:
    Primary group for user myuser is a UNKNOWN and not a domain group
    If I create another user with same permissions (through zimbra UI) everything works.

    So my question is:
    - is it possible to repair the LDAP database for my user, adding a correct primary group?
    - can I create another user with same permissions and then copy a precise folder in order to keep my emails and calendar appointments (I saw that emails are stored in the data directory) ?

    Thanks in advance for your help!
    As you can see Zimbra is not fair with me...I upgrade it on a regular basis, maintain it with love, and the only corrupted account is mine

  2. #2
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    What does the output of the following two commands ran on the samba server look like?:
    Code:
    getent passwd | grep username
    Code:
    id username

  3. #3
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Also this command run on the Zimbra server as the Zimbra user:
    Code:
    zmprov ga username | grep gidNumber

  4. #4
    charles119 is offline Active Member
    Join Date
    Sep 2008
    Posts
    27
    Rep Power
    6

    Default

    Thanks for your answer

    Here are the ouputs

    >getent passwd | grep myname
    myname:*:10001:10001:My Name:/home/myname:/bin/sh

    >id myname
    uid=10001(myname) gid=10001 groupes=10001

    >su - zimbra -c "zmprov ga myname | grep gidNumber"
    gidNumber: 10001

    Everything seems normal. I tested these commands with another username with same privileges and wio can access normally to the shares, and the outputs are the same
    Do you see something incorrect ?
    Where can I check the Primary group?

  5. #5
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    The primary group is listed under the gid= output of the id command and is also the 4th field in the getent passwd output

    Both are showing a group of 10001 for you, but the definition of the group appears to be missing. On my system it looks like:
    Code:
    uid=10003(username) gid=10001(Domain Admins) groups=10001(Domain Admins)
    Does the group 10001 show up on the samba server when you run this?:
    Code:
    getent group

  6. #6
    charles119 is offline Active Member
    Join Date
    Sep 2008
    Posts
    27
    Rep Power
    6

    Default

    Yes, getent group gives me all the groups
    Code:
    root:x:0:
    daemon:x:1:
    bin:x:2:
    sys:x:3:
    adm:x:4:zimbra
    tty:x:5:zimbra
    disk:x:6:
    lp:x:7:
    mail:x:8:
    news:x:9:
    uucp:x:10:
    man:x:12:
    proxy:x:13:
    kmem:x:15:
    dialout:x:20:
    fax:x:21:
    voice:x:22:
    cdrom:x:24:
    floppy:x:25:
    tape:x:26:
    sudo:x:27:
    audio:x:29:
    dip:x:30:
    www-data:x:33:
    backup:x:34:
    operator:x:37:
    list:x:38:
    irc:x:39:
    src:x:40:
    gnats:x:41:
    shadow:x:42:
    utmp:x:43:
    video:x:44:
    sasl:x:45:
    plugdev:x:46:
    staff:x:50:
    games:x:60:
    users:x:100:
    nogroup:x:65534:
    crontab:x:101:
    ssh:x:102:
    Debian-exim:x:103:
    bind:x:104:
    zimbra:x:105:
    postfix:x:106:zimbra
    postdrop:x:107:
    libuuid:x:108:
    sambashare:x:109:
    direction:*:10001:
    commerciaux:*:10002:
    techniciens:*:10003:
    Which version of Zimbra do you have?

    Really strange....all the more so that the only account which has a problem is mine (everything ok for the other ones...)

  7. #7
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Hmm... well if other accounts are working properly, and it is just yours that is not, try using an LDAP browser to see if you can spot anything odd about your account versus an account that is working. I use LDAP Admin myself, but anything will work. Bind to the server using the admin account
    Code:
    uid=zimbra,cn=admins,cn=zimbra
    and the LDAP root password found using
    Code:
    zmlocalconfig -s ldap_root_password
    If you can't find anything then you might try migrating your data over to a new account. You can export all data under Preferences -> Import / Export, and supposedly Import it as well, never tried this myself though so I don't know how it will handle things like different account names and the like.

  8. #8
    charles119 is offline Active Member
    Join Date
    Sep 2008
    Posts
    27
    Rep Power
    6

    Default

    Thanks for this tip! This software is really nice!

    Unfortunately, I compared my account with another account with same privileges (and that works), and it's exactly the same. I can't understand anything.....

    Why is there just a problem with my account

    Is there a function to reinitialise totally the LDAP account ? (or even delete it and recreate it)

    Maybe
    Code:
    zmprov ma myaccount-objectClass posixAccount .....
    
    zmprov ma myaccount-objectClass sambaSamAccount ......
    The only thing is that I don't want to loose my emails and calendar events...

    Or even recreate the account, and copy paste the sub-directory of store directory where my emails are stored ? And then run zmfixperms....

    What do you think ?

    Many thanks!

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by charles119 View Post
    The only thing is that I don't want to loose my emails and calendar events...

    Or even recreate the account, and copy paste the sub-directory of store directory where my emails are stored ? And then run zmfixperms....
    Please update your forum profile (do not post it in this thread) with the output of the following:

    Code:
    su - zimbra
    zmcontrol -v
    As a test, you can try exporting your account information (including emil, calendar etc.) via your user preferences then create a new account and import the information into that and see if it works.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    charles119 is offline Active Member
    Join Date
    Sep 2008
    Posts
    27
    Rep Power
    6

    Default

    Hi Phoenix,

    Thanks for your answer!
    You're right, I didn't thought of the possibility to export/import account data....it's maybe safer than playing with zimbra directories.

    I exported the account data, then renamed my account, and created another account with the initial name. Now I can access the shares normally. I try to reimport my data into the new account. It's quite a long process, I hope that it will not crash (the .tgz file is quite 300Mo). It the import is ok I will delete the old account and my problem is solved.

    I keep you updated.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  2. Replies: 8
    Last Post: 08-07-2008, 05:18 AM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. Replies: 4
    Last Post: 11-15-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •