Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Domain Admin can't modify account

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-24-2010, 11:07 AM
Active Member
  
Posts: 31
Default Domain Admin can't modify account
Our domain admin used to be able to change users passwords from the admin gui, but yesterday she began receiving this error:

Code:
Failed to get the ACL:permission denied: cannot access attribute zimbraACE on 
account target shirley@domain.com 

Message: permission denied: cannot access attribute zimbraACE on account target 
shirley@domain.com Error code: service.PERM_DENIED Method: GetGrantsRequest 
Details:soap:Sender
The admin GUI shows that she has the following rights on accounts in her domain:

Granted Rights
Code:
	addAccountAlias, deleteAccount, getAccountInfo, getAccountMembership, getMailboxInfo, listAccount, removeAccountAlias, renameAccount, setAccountPassword, viewAccountAdminUI
Readable Attributes
Code:
	cn, co, company, description, displayName, givenName, initials, l, postalCode, sn, st, street, telephoneNumber, uid, zimbraAccountStatus, zimbraAdminSavedSearches, zimbraDomainAdminMaxMailQuota, zimbraFeatureMailForwardingEnabled, zimbraHideInGal, zimbraIsDelegatedAdminAccount, zimbraLastLogonTimestamp, zimbraMailAlias, zimbraMailCanonicalAddress, zimbraMailForwardingAddress, zimbraMailHost, zimbraNotes, zimbraPasswordMustChange, zimbraPrefMailForwardingAddress, zimbraPrefMailLocalDeliveryDisabled
Modifiable Attributes
Code:
	co, company, description, displayName, givenName, initials, l, postalCode, sn, st, street, telephoneNumber, zimbraAccountStatus, zimbraAdminSavedSearches, zimbraDomainAdminMaxMailQuota, zimbraFeatureMailForwardingEnabled, zimbraHideInGal, zimbraIsDelegatedAdminAccount, zimbraMailAlias, zimbraMailCanonicalAddress, zimbraMailForwardingAddress, zimbraNotes, zimbraPasswordMustChange, zimbraPrefMailForwardingAddress, zimbraPrefMailLocalDeliveryDisabled
Since the last time she remembers it working, we've made a few changes to the server, not sure if any of them would cause this, I wouldn't have thought so, but...
- upgraded from 6.0.6 to 6.0.7
- changed zmmtaconfig_interval from 60 to 1200
- changed zmstatuslog cron job to run every 6 mins instead of ever 2

If anyone has any suggestions they would be much appreciated!
Reply With Quote
  #2 (permalink)  
Old 08-25-2010, 04:13 PM
Active Member
  
Posts: 31
Default
I stumbled on the cause of the problem today and got our domain admins working again.

If anyone else has this issue, in the admin console under Configuration > Global ACL, you should see entries granting rights to your domain admins.

After upgrading to 6.0.7, all of our domain admins were being assigned the right "domainAdminZimletRights". I manually changed that to "domainAdminRights" and our admins were able to modify account settings again!

I've filed a bug report at https://bugzilla.zimbra.com/show_bug.cgi?id=50131.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.