[SOLVED] mail queue error in web admin ui

[ArcaneMagus]

Well the problem has to be in the zimbra user ssh'ing to the server to run the script as root then...

From the errors in the log it looks to me like it might be trying to find the zimbra user in an LDAP authentication source, is this server setup to get it's users from an LDAP server? If so do you have it configured to fallback to local files?

[NoDoze]

Hmmm...
I used this to setup the ldap:
UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

How would I fix it then...? Would I have to create a zimbra user for ldap?

[ArcaneMagus]

Hmmm.... well if you followed this section properly then that shouldn't be your issue. (I'm assuming that your samba server and Zimbra server are the same box if you did that step on the Zimbra server).

Try looking over the changes in that section again and verifying that it has the nsswitch changes?

[NoDoze]

Well...because I use centos/Redhat...I didn't have to do that section, correct?

I did this instead:

Configuring on RHEL5/CentOS5/Fedora7 using authconfig

As root run authconfig --test. It will display current settings for both nss_ldap and pam_ldap. In most cases the following command will do the job (although some manual editing will still be needed):

authconfig --enableldap --enableldapauth --disablenis --enablecache \
--ldapserver=gregzimbra1.zimbra.com --ldapbasedn=dc=gregzimbra1,dc=zimbra,dc=com \
--updateall

The last parameter will update /etc/ldap.conf, /etc/nsswitch.conf and /etc/pam.d/system-auth configuration files. The only file which requires manual editing is /etc/ldap.conf.

The base line should be already there. It is inserted by authconfig. You should also see a uri line with the address of your ldap server. The host, binddn, bindpw, rootbinddn lines should be added as explained above and /etc/ldap.secret file should exist and contain a password.

The issue with a single /etc/ldap.conf configuration file for both nss_ldap and pam_ldap is that host and uri can work together in Zimbra-specific configuration only if we also add bind_policy soft option. The modified /etc/ldap.conf should look like this:

base dc=gregzimbra1,dc=zimbra,dc=com
host gregzimbra1.zimbra.com
# binddn uid=zimbra,cn=admins,cn=zimbra (pre 5.x)
binddn cn=config
bindpw test123
rootbinddn uid=zimbra,cn=admins,cn=zimbra
uri ldap://gregzimbra1.zimbra.com
bind_policy soft

nss_base_passwd ou=people,dc=gregzimbra1,dc=zimbra,dc=com?one
nss_base_shadow ou=people,dc=gregzimbra1,dc=zimbra,dc=com?one
# Replace the lines above with
# nss_base_passwd dc=gregzimbra1,dc=zimbra,dc=com?sub
# nss_base_shadow dc=gregzimbra1,dc=zimbra,dc=com?sub
# if you want to store windows computers account in LDAP
nss_base_group ou=groups,dc=gregzimbra1,dc=zimbra,dc=com?one
nss_base_hosts ou=machines,dc=gregzimbra1,dc=zimbra,dc=com?one

[ArcaneMagus]

Well not being on one of those OS'es I completely ignored that part

That section should have caused your files to roughly match up to the changes listed above that in the manual section... what do the contents of those files look like?

[NoDoze]

Hmmm...ok...

I re-ran:

authconfig --enableldap --enableldapauth --disablenis --enablecache \
--ldapserver=gregzimbra1.zimbra.com --ldapbasedn=dc=gregzimbra1,dc=zimbra,dc=com \
--updateall

updated /etc/ldap.conf

ran: smbpasswd -w password

restarted samba

and well...IT WORKED!

Sheeesh...I dunno what changed in any of those files...but I'm just happy it works now

Thanks a bunch!

[ArcaneMagus]

I suspect that somehow it had stopped looking in the local files, no idea how that happened though.

Glad it's working again