Results 1 to 2 of 2

Thread: Domain Admin can't modify account

  1. #1
    rbreck is offline Active Member
    Join Date
    May 2010
    Posts
    34
    Rep Power
    5

    Default Domain Admin can't modify account

    Our domain admin used to be able to change users passwords from the admin gui, but yesterday she began receiving this error:

    Code:
    Failed to get the ACL:permission denied: cannot access attribute zimbraACE on 
    account target shirley@domain.com 
    
    Message: permission denied: cannot access attribute zimbraACE on account target 
    shirley@domain.com Error code: service.PERM_DENIED Method: GetGrantsRequest 
    Details:soap:Sender
    The admin GUI shows that she has the following rights on accounts in her domain:

    Granted Rights
    Code:
    	addAccountAlias, deleteAccount, getAccountInfo, getAccountMembership, getMailboxInfo, listAccount, removeAccountAlias, renameAccount, setAccountPassword, viewAccountAdminUI
    Readable Attributes
    Code:
    	cn, co, company, description, displayName, givenName, initials, l, postalCode, sn, st, street, telephoneNumber, uid, zimbraAccountStatus, zimbraAdminSavedSearches, zimbraDomainAdminMaxMailQuota, zimbraFeatureMailForwardingEnabled, zimbraHideInGal, zimbraIsDelegatedAdminAccount, zimbraLastLogonTimestamp, zimbraMailAlias, zimbraMailCanonicalAddress, zimbraMailForwardingAddress, zimbraMailHost, zimbraNotes, zimbraPasswordMustChange, zimbraPrefMailForwardingAddress, zimbraPrefMailLocalDeliveryDisabled
    Modifiable Attributes
    Code:
    	co, company, description, displayName, givenName, initials, l, postalCode, sn, st, street, telephoneNumber, zimbraAccountStatus, zimbraAdminSavedSearches, zimbraDomainAdminMaxMailQuota, zimbraFeatureMailForwardingEnabled, zimbraHideInGal, zimbraIsDelegatedAdminAccount, zimbraMailAlias, zimbraMailCanonicalAddress, zimbraMailForwardingAddress, zimbraNotes, zimbraPasswordMustChange, zimbraPrefMailForwardingAddress, zimbraPrefMailLocalDeliveryDisabled
    Since the last time she remembers it working, we've made a few changes to the server, not sure if any of them would cause this, I wouldn't have thought so, but...
    - upgraded from 6.0.6 to 6.0.7
    - changed zmmtaconfig_interval from 60 to 1200
    - changed zmstatuslog cron job to run every 6 mins instead of ever 2

    If anyone has any suggestions they would be much appreciated!

  2. #2
    rbreck is offline Active Member
    Join Date
    May 2010
    Posts
    34
    Rep Power
    5

    Default

    I stumbled on the cause of the problem today and got our domain admins working again.

    If anyone else has this issue, in the admin console under Configuration > Global ACL, you should see entries granting rights to your domain admins.

    After upgrading to 6.0.7, all of our domain admins were being assigned the right "domainAdminZimletRights". I manually changed that to "domainAdminRights" and our admins were able to modify account settings again!

    I've filed a bug report at https://bugzilla.zimbra.com/show_bug.cgi?id=50131.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Unable to assign Rights to Admin Account
    By sardarrashid in forum Administrators
    Replies: 1
    Last Post: 01-08-2010, 12:56 AM
  2. [SOLVED] Admin for specific Domain
    By rachid in forum Administrators
    Replies: 2
    Last Post: 04-04-2009, 04:10 AM
  3. [SOLVED] admin account email issues
    By dazza_act in forum Installation
    Replies: 2
    Last Post: 10-06-2008, 06:26 PM
  4. restore admin account
    By preem in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 07:56 AM
  5. Admin Account
    By rmvg in forum Users
    Replies: 4
    Last Post: 09-18-2005, 11:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •