Hey all, I get this error when attempting to change the password for the admin account:
Code:
Message: invalid request: LDAP schema violation: [LDAP: error code 65 - attribute 'sambaNTPassword' not allowed] Error code: service.INVALID_REQUEST Method: SetPasswordRequest Details:soap:Sender
It's similar to
this thread but this one went unanswered for 2 years. I'm hoping that someone has stumbled on to the fix by now.
I have a few zimlets installed as you might already know:
zimbra_posixaccount.zip
zimbra_samba.zip
zimbraSambaPassword.zip
The steps:
1) loginto the Admin UI:
https://host.domain.com:7071/zimbraAdmin/
2) Click Accounts
3) Right-click admin > change password
4) Enter password twice > click OK: ERROR
Here's what mailbox.log says about it:
Code:
# tail -f /opt/zimbra/log/mailbox.log
2009-10-25 23:10:25,050 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] soap - GetAccountRequest
2009-10-25 23:10:25,068 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] soap - GetMailboxRequest
2009-10-25 23:10:25,097 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] soap - GetAccountMembershipRequest
2009-10-25 23:10:25,179 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] soap - GetAccountInfoRequest
2009-10-25 23:10:25,315 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] soap - SetPasswordRequest
2009-10-25 23:10:25,475 WARN [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] misc - checkValue: no attribute info for: sambaNTPassword
2009-10-25 23:10:25,475 WARN [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] misc - checkValue: no attribute info for: sambaLMPassword
2009-10-25 23:10:25,577 INFO [btpool0-2] [name=admin@domain.com;mid=1;ip=10.0.0.101;ua=ZimbraWebClient - FF3.0 (Win);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: invalid request: LDAP schema violation: [LDAP: error code 65 - attribute 'sambaNTPassword' not allowed]
ExceptionId:btpool0-2:1256530225576:13a653926a956e19
Code:service.INVALID_REQUEST
at com.zimbra.common.service.ServiceException.INVALID_REQUEST(ServiceException.java:260)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:306)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:272)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:253)
at com.zimbra.cs.account.Provisioning.modifyAttrs(Provisioning.java:1661)
at com.zimbra.cs.account.ldap.LdapProvisioning.setPassword(LdapProvisioning.java:3334)
at com.zimbra.cs.account.ldap.LdapProvisioning.setPassword(LdapProvisioning.java:3184)
at com.zimbra.cs.service.admin.SetPassword.handle(SetPassword.java:65)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:430)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:286)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:160)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:275)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:187)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1102)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:130)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:350)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:489)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:834)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:364)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - attribute 'sambaNTPassword' not allowed]; remaining name 'uid=admin,ou=people,dc=ptest,dc=us'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3048)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2963)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2769)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1451)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at com.zimbra.cs.account.ldap.ZimbraLdapContext.modifyAttributes(ZimbraLdapContext.java:554)
at com.zimbra.cs.account.ldap.LdapUtil.modifyAttrs(LdapUtil.java:416)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:294)
... 36 more OR
Log into admin's webmail > go to preferences > Change Password > click OK: Error: An invalid request was made.
Code:
# tail -f /opt/zimbra/log/mailbox.log
2009-10-25 23:07:52,365 INFO [btpool0-0] [ip=127.0.0.1;ua=zclient/5.0.19_GA_3083.RHEL5_64;] soap - ChangePasswordRequest
2009-10-25 23:07:52,473 WARN [btpool0-0] [ip=127.0.0.1;ua=zclient/5.0.19_GA_3083.RHEL5_64;] misc - checkValue: no attribute info for: sambaNTPassword
2009-10-25 23:07:52,473 WARN [btpool0-0] [ip=127.0.0.1;ua=zclient/5.0.19_GA_3083.RHEL5_64;] misc - checkValue: no attribute info for: sambaLMPassword
2009-10-25 23:07:52,523 INFO [btpool0-0] [ip=127.0.0.1;ua=zclient/5.0.19_GA_3083.RHEL5_64;] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: invalid request: LDAP schema violation: [LDAP: error code 65 - attribute 'sambaNTPassword' not allowed]
ExceptionId:btpool0-0:1256530072521:13a653926a956e19
Code:service.INVALID_REQUEST
at com.zimbra.common.service.ServiceException.INVALID_REQUEST(ServiceException.java:260)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:306)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:272)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:253)
at com.zimbra.cs.account.Provisioning.modifyAttrs(Provisioning.java:1661)
at com.zimbra.cs.account.ldap.LdapProvisioning.setPassword(LdapProvisioning.java:3334)
at com.zimbra.cs.account.ldap.LdapProvisioning.changePassword(LdapProvisioning.java:3109)
at com.zimbra.cs.service.account.ChangePassword.handle(ChangePassword.java:63)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:430)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:286)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:160)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:275)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:187)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1102)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:146)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:350)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:489)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:834)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:364)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - attribute 'sambaNTPassword' not allowed]; remaining name 'uid=admin,ou=people,dc=ptest,dc=us'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3048)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2963)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2769)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1451)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at com.zimbra.cs.account.ldap.ZimbraLdapContext.modifyAttributes(ZimbraLdapContext.java:554)
at com.zimbra.cs.account.ldap.LdapUtil.modifyAttrs(LdapUtil.java:416)
at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:294)
... 36 more I see that there's a problem with the sambaNTPassword zimlet loaded on the system. As you may have guessed, I haven't mastered ldap yet, so please be gentle. Here's the question:
How do I exempt the admin account from the constraints of intended samba users so that I may change the admin password periodically?
Thanks in advance,
todd_dsm
Don't forget to Vote for this bug:
RFE: A place To Display the contents of 'My Documents' Reasoning: It's new, bold, and cool.