Results 1 to 10 of 10

Thread: Zimbra 7.1 to 7.2.6 Posix problem

  1. #1
    wedeo is offline Starter Member
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1
    Rep Power
    1

    Default Zimbra 7.1 to 7.2.6 Posix problem

    Hi All,

    We upgraded Zimbra from 7.1 to 7.2.6 and now Posix is not working anymore, we are running on Ubuntu 10.04. I know from some earlier Threads on the forum that its never officially supported and that it wont be. Fine by us, however our current install is using Posix groups and if i disable the Posix zimlet i'm not able to create new accounts.

    When i try i'll get this error:

    Invalid request: CreateAccount invalid schema change: [LDAP: error code 65 - object class 'posixAccount' requires attribute 'uidNumber']
    Errorcode: service.INVALID_REQUEST Method: [unknown]
    Details:soap:Sender

    Is there any working Posix zimlet for Zimbra 7.2.6, already tried the one in the gallery but that one doesn't work either.
    Or does anybody have a other solution on this one ?

    Kind regards,

    Wesley

  2. #2
    jdp459 is offline Active Member
    Join Date
    Sep 2008
    Location
    Georgia, USA
    Posts
    28
    Rep Power
    6

    Default

    We are having the same issue. Since we are tiny, adding users doesn't happen often - it has been a few years, actually. In the last week, we are doubling in size and this is kinda embarrassing the the company cannot create a new email account in 5 minutes.

    I don't need the posix or samba stuff anymore (haven't used it in years), so I attempted to remove it from LDAP. I don't know the nitty details of openldap. Seems that Zimbra migrated from a config file to a config directory setup since we started using Zimbra in 2008. Not certain when that happened (or even if this is true). Now I just need to find where the posix and samba LDAP entries are stored inside the LDAP config - removing them form the normal LDAP config files and running slapindex hasn't solve the issue.

    If I can't figure out how to remove those 5+ entries soon, appears that doing a fresh install and migrating everything over (mail, calendar, addresses, tasks, notes, wiki, .... ) to the new install is the only method.

  3. #3
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    The bits to add posix/samba are the zimbra extra objectClasses bits you defined when initially setting up. You can remove those two bits from your globalconfig, and it will stop attempting to add them.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    jdp459 is offline Active Member
    Join Date
    Sep 2008
    Location
    Georgia, USA
    Posts
    28
    Rep Power
    6

    Default

    Thanks for the reply.

    Quote Originally Posted by quanah View Post
    The bits to add posix/samba are the zimbra extra objectClasses bits you defined when initially setting up. You can remove those two bits from your globalconfig, and it will stop attempting to add them.
    I must be stupid. I'm in the Zimbra admin interface - where I've already removed the samba and posix extensions. I don't see any objectClasses anything on any of the tabs.
    I've already removed the posix and samba settings using zmprov.
    Code:
    zmprov mcf -zimbraAcccountExtraObjectClass posixAccount
    zmprov mcf -zimbraAccountExtraObjectClass sambaSamAccount
    The way that I added these facilities was through LDAP config files - which don't seem to be used anymore - that is - I've commented the entries from the slapd.conf - lines removed:
    Code:
    #include         "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
    #include         "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"
    # index uidNumber             eq
    # index gidNumber             eq
    # index memberUID             eq
    #
    # index sambaSID              eq
    # index sambaPrimaryGroupSID  eq
    # index sambaDomainName       eq
    To me, it appears that openldap is completely ignoring this file now and using a cn=config/ directory. Is it safe to simply remove the samba and nis schema files from here?
    zimbra@mail:~/data/ldap/config/cn=config/cn=schema/

    Sorry for being so dense. What command should I be running, please. I was following these instructions. Uninstall Instructions for Unix and Windows Account Management in Admin UI - Zimbra :: Wiki

    Thanks again for your help.

  5. #5
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    If you remove the schema, and you still have accounts you previously created using those objectclasses, you will corrupt your database.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    jdp459 is offline Active Member
    Join Date
    Sep 2008
    Location
    Georgia, USA
    Posts
    28
    Rep Power
    6

    Default

    Exactly my fear. Is there a command to remove just those OCs? I don't know ldap. None of those settings are used for any of the userids.
    I'm still confused why adding a new account that doesn't use samba or posix extensions is failing.


    Ran these:

    Code:
    zimbra@mail:/tmp$ zmprov mcf -zimbraAcccountExtraObjectClass posixAccount      
    zimbra@mail:/tmp$ zmprov gcf zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: amavisAccount
    zimbraAccountExtraObjectClass: posixAccount
    The issue could be that posixAccount can't be removed. How can that be removed?
    Last edited by jdp459; 04-08-2014 at 02:43 PM.

  7. #7
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    Well, that's definitely an issue.... You can try running ldapdelete instead of zmprov and see if you can get an error out.

    You cannot remove the schema until that is done AND you go through and fix up all your users to no longer use those objectClasses and their related attributes (that'll be a manual process)
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    jdp459 is offline Active Member
    Join Date
    Sep 2008
    Location
    Georgia, USA
    Posts
    28
    Rep Power
    6

    Default

    Thanks - I believe all the users have empty settings for all those settings. I'll check again - used a slightly modified script from the
    Uninstall Instructions linked above. The options for zmprov gaa have changed since that wiki article was created.

    zmprov is awefully slow - went to check it for the ldapdelete command - java. That explains much. Expected to see a perl-wrapper. OTOH, knowing that the CLI version and server GUI version use exactly the same code is good.
    Any chance for an ldapdelete command to remove zimbraAcccountExtraObjectClass posixAccount? Every time I see an example ldap-anything command there are 5 new/different options than another version. Please.
    Last edited by jdp459; 04-08-2014 at 03:12 PM.

  9. #9
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    as far as I know, ldapdelete and ldapmodify haven't really changed much in the last decade or so.

    Generally (this is off the top of my head), on your ldap master, as the zimbra user:

    Code:
    ldapmodify -x -H ldapi:/// -D cn=config -w `zmlocalconfig -s -m nokey ldap_root_password`
    dn: cn=config,cn=zimbra
    changetype: modify
    delete: zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: posixAccount
    You then need to hit enter twice for it to execute.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #10
    jdp459 is offline Active Member
    Join Date
    Sep 2008
    Location
    Georgia, USA
    Posts
    28
    Rep Power
    6

    Default

    Thanks - I've avoided knowing **anything** about LDAP commands. Zimbra hides that 99.9999% of the time.
    This gives me something to start.

    Found 1 userid with samba settings still. It was a "locked' account. Sorta neat that it can't be modified when locked. And that removing an attribute isn't allowed if any user makes use of it. Switched it into maintenance mode and working on the zmprov command to clear those settings now.

    That account doesn't have any posix settings, but it did have latent samba settings that couldn't be removed. Deleted the account - it was dormant. Tried again to remove the
    $ zmprov mcf -zimbraAcccountExtraObjectClass posixAccount
    again - didn't work, but I had to try.

    I'll try the ldapmodify command and expect an error.

    Code:
    $ ldapmodify -x -H ldapi:/// -D cn=config -w `zmlocalconfig -s -m nokey ldap_root_password`
    
    dn: cn=config,cn=zimbra
    changetype: modify
    delete: zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: posixAccount
    
    modifying entry "cn=config,cn=zimbra"
    Waiting about a minute, then used cntl-d to exit.
    Code:
    $ zmprov gcf zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: amavisAccount
    zimbraAccountExtraObjectClass: posixAccount
    No joy. At this point, would an slapcat to dump the DB, remove all samba/posix parts of the ldif file, then slapadd be easier?


    UPDATE -
    Code:
    zimbra@mail:~/conf$ zmprov gcf zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: amavisAccount
    zimbraAccountExtraObjectClass: posixAccount
    zimbra@mail:~/conf$ zmprov mcf -zimbraAcccountExtraObjectClass posixAccount   
    zimbra@mail:~/conf$ zmprov gcf zimbraAccountExtraObjectClass
    zimbraAccountExtraObjectClass: amavisAccount
    So it is gone! Don't know what is different this time from the other 20 attempts. Now to see if adding accounts is allowed. Yep - that works now.

    Thanks Quanah for all your help. I'll try to mark this and the other thread as solved.
    Last edited by jdp459; 04-08-2014 at 03:57 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra 7.2 posix groups
    By w.de.veer in forum Installation
    Replies: 0
    Last Post: 06-25-2012, 07:02 AM
  2. Zimbra + Posix+Samba integration Admin problem
    By acrowe in forum Administrators
    Replies: 2
    Last Post: 05-05-2011, 02:18 PM
  3. Samba and POSIX undeploy problem
    By catnipper in forum Zimlets
    Replies: 0
    Last Post: 09-02-2009, 10:51 AM
  4. Samba Posix account configuration problem
    By audi in forum Administrators
    Replies: 4
    Last Post: 08-16-2007, 12:22 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •