Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Problem with nis.schema and resources

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-12-2010, 09:03 AM
Intermediate Member
  
Posts: 19
Unhappy Problem with nis.schema and resources
Hi folks,

we are running Zimbra 5.0.21 on our productive environment with ~ 150 users. Right now I am preparing the upgrade to Zimbra v6.0.6 but unfortunately I ran into some issues with the nis.schema. We are using the schema for posixGroups etc.

There are some objects in my LDAP tree which brake the constraints inherited from the objectClass: posixAccount

According to the original Zimbra nis.schema for this objectClass the following attributes are mandatory:

cn
uid
uidNumber
gidNumber
homeDirectory

The according line within the nis.schema is: MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )

Unfortunately there are some objects in our LDAP tree braking this rule.
These are all resources (just two which we are using for tests) and the original Zimbra accounts ham and spam

Please see the according LDAP output for the spam account below

Code:
# spam, people, zimbra.ourdomain.com
dn: uid=spam,ou=people,dc=zimbra,dc=ourdomain,dc=com
zimbraAttachmentsIndexingEnabled: FALSE
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
objectClass: posixAccount
...
uidNumber, gidNumber and homeDirectory are missing for the spam object, which is basically not possible since these attributes are mandatory for the objectClass posixAccount.

Same problem with our Zimbra resources. I deleted the resources within the Zimbra Admin interface and tried to create them again to see, if the new resource object will be created correctly but unfortunately I can't create any new resource object, due to the mentioned objectClass restrictions for posixAccount.
I get the following error message within the Admin webinterface:

Code:
Invalid request Message: invalid request: createAccount invalid schema change: [LDAP: error code 65 - object class 'posixAccount' requires attribute 'uidNumber'] Error code: service.INVALID_REQUEST Method: CreateCalendarResourceRequest Details:soap:Sender
I am wondering why Zimbra uses the objectClass posixAccount for resources and doesn't set the right attributes as defined in the original nis.schema?

Of course I could change the lines in nis.schema from:

Code:
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
to

Code:
MUST ( cn $ uid )
MAY ( userPassword $ loginShell $ gecos $ description $ uidNumber $ gidNumber $ homeDirectory) )
but this is definitely not recommended and I really don't want to mess something up.

Hopefully someone can help me out, seems to me like the chicken or the egg dilemma.
Reply With Quote
  #2 (permalink)  
Old 05-14-2010, 01:33 AM
Intermediate Member
  
Posts: 19
Default
hmm, noone?
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.