[SOLVED] Repair corrupted LDAP

[charles119]

Hi,

I upgraded to 6.0.1 without any problem, except one: my LDAP account seems to be corrupted...just mine, for other users it's all good.

I installed posix and samba zimlets. they work fine, I can manage users through zimbra UI

When I try to access a share with my account, access is denied. In samba logs I can see

Code:

Primary group for user myuser is a UNKNOWN and not a domain group

If I create another user with same permissions (through zimbra UI) everything works.

So my question is:
- is it possible to repair the LDAP database for my user, adding a correct primary group?
- can I create another user with same permissions and then copy a precise folder in order to keep my emails and calendar appointments (I saw that emails are stored in the data directory) ?

Thanks in advance for your help!
As you can see Zimbra is not fair with me...I upgrade it on a regular basis, maintain it with love, and the only corrupted account is mine

[ArcaneMagus]

What does the output of the following two commands ran on the samba server look like?:

Code:

getent passwd | grep username

Code:

id username

[ArcaneMagus]

Also this command run on the Zimbra server as the Zimbra user:

Code:

zmprov ga username | grep gidNumber

[charles119]

Thanks for your answer

Here are the ouputs

>getent passwd | grep myname
myname:*:10001:10001:My Name:/home/myname:/bin/sh

>id myname
uid=10001(myname) gid=10001 groupes=10001

>su - zimbra -c "zmprov ga myname | grep gidNumber"
gidNumber: 10001

Everything seems normal. I tested these commands with another username with same privileges and wio can access normally to the shares, and the outputs are the same
Do you see something incorrect ?
Where can I check the Primary group?

[ArcaneMagus]

The primary group is listed under the gid= output of the id command and is also the 4th field in the getent passwd output

Both are showing a group of 10001 for you, but the definition of the group appears to be missing. On my system it looks like:

Code:

uid=10003(username) gid=10001(Domain Admins) groups=10001(Domain Admins)

Does the group 10001 show up on the samba server when you run this?:

Code:

getent group

[charles119]

Yes, getent group gives me all the groups

Code:

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:zimbra
tty:x:5:zimbra
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
ssh:x:102:
Debian-exim:x:103:
bind:x:104:
zimbra:x:105:
postfix:x:106:zimbra
postdrop:x:107:
libuuid:x:108:
sambashare:x:109:
direction:*:10001:
commerciaux:*:10002:
techniciens:*:10003:

Which version of Zimbra do you have?

Really strange....all the more so that the only account which has a problem is mine (everything ok for the other ones...)

[ArcaneMagus]

Hmm... well if other accounts are working properly, and it is just yours that is not, try using an LDAP browser to see if you can spot anything odd about your account versus an account that is working. I use LDAP Admin myself, but anything will work. Bind to the server using the admin account

Code:

uid=zimbra,cn=admins,cn=zimbra

and the LDAP root password found using

Code:

zmlocalconfig -s ldap_root_password

If you can't find anything then you might try migrating your data over to a new account. You can export all data under Preferences -> Import / Export, and supposedly Import it as well, never tried this myself though so I don't know how it will handle things like different account names and the like.

[charles119]

Thanks for this tip! This software is really nice!

Unfortunately, I compared my account with another account with same privileges (and that works), and it's exactly the same. I can't understand anything.....

Why is there just a problem with my account

Is there a function to reinitialise totally the LDAP account ? (or even delete it and recreate it)

Maybe

Code:

zmprov ma myaccount-objectClass posixAccount .....

zmprov ma myaccount-objectClass sambaSamAccount ......

The only thing is that I don't want to loose my emails and calendar events...

Or even recreate the account, and copy paste the sub-directory of store directory where my emails are stored ? And then run zmfixperms....

What do you think ?

Many thanks!

[phoenix]

Quote:

Originally Posted by charles119

The only thing is that I don't want to loose my emails and calendar events...

Or even recreate the account, and copy paste the sub-directory of store directory where my emails are stored ? And then run zmfixperms....

Please update your forum profile (do not post it in this thread) with the output of the following:

Code:

su - zimbra
zmcontrol -v

As a test, you can try exporting your account information (including emil, calendar etc.) via your user preferences then create a new account and import the information into that and see if it works.

[charles119]

Hi Phoenix,

Thanks for your answer!
You're right, I didn't thought of the possibility to export/import account data....it's maybe safer than playing with zimbra directories.

I exported the account data, then renamed my account, and created another account with the initial name. Now I can access the shares normally. I try to reimport my data into the new account. It's quite a long process, I hope that it will not crash (the .tgz file is quite 300Mo). It the import is ok I will delete the old account and my problem is solved.

I keep you updated.