Zimbra

primesoftnz · #1 (**permalink**) 11-05-2009, 07:38 PM

I'm installing Release 6.0.2_GA_1912.DEBIAN5 DEBIAN5 FOSS edition.

and I'm following: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki

I got to the end of Part 3 expecting to miraculously see a samba domain in the Zimbra Admin UI but login to find nothing.

I did encounter one error when submitting the following:
zimbra@gc01:/tmp$ ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
Enter LDAP Password:
modifying entry "olcDatabase={2}hdb,cn=config"
ldap_modify: No such attribute (16)
additional info: modify/delete: olcAccess: no such value

My acl.ldif looks like:

dn: olcDatabase={2}hdb,cn=config
changetype:modify
delete: olcAccess
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by * read
-
add: olcAccess
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by * read

dn: olcDatabase={2}hdb,cn=config
changetype:modify
add: olcAccess
olcAccess: {10}to dn.subtree="dc=gc01,dc=globalcredit,dc=local" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {11}to dn.subtree="ou=machines,dc=gc01,dc=globalcredit,dc=local" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {12}to dn.subtree="ou=groups,dc=gc01,dc=globalcredit,dc=local" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {13}to dn.subtree="ou=people,dc=gc01,dc=globalcredit,dc=local" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none

Have I done something wrong here? If my acl.ldif has not been modified correctly can I simply correct it and rerun the command?

testparm seems to show samba to be running ok.
with smb.conf looking like:
[global]
workgroup = GLOBALCREDIT
netbios name = gc01
os level = 33
preferred master = yes
enable privileges = yes
server string = %h server (Samba, Debian)
wins support =yes
dns proxy = no
name resolve order = wins bcast hosts
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://gc01.globalcredit.local/
ldap admin dn = "uid=zmposixroot,cn=appaccts,cn=zimbra"
ldap suffix = dc=gregzimbra1,dc=zimbra,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
obey pam restrictions = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path = \\gc01.globalcredit.local\%U\profile
logon home = \\gc01.globalcredit.local\%U
logon script = logon.cmd
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
socket options = TCP_NODELAY
domain master = yes
local master = yes
[homes]
comment = Home Directories
browseable =yes
read only = No
valid users = %S
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
[profiles]
comment = Users profiles
path = /home/samba/profiles
read only = No
[profdata]
comment = Profile Data Share
path = /home/samba/profdata
read only = No
profile acls = Yes
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

If this isn't the problem can someone point me at some diagnostic procedures to identify why the domain isn't appearing in the UI?

ArcaneMagus · #2 (**permalink**) 11-06-2009, 12:18 PM

Quote:

ldap suffix = dc=gregzimbra1,dc=zimbra,dc=com

Did you obfuscate this line or just forget to change it?

primesoftnz · #3 (**permalink**) 11-06-2009, 01:34 PM

duh!!!
Thanks
One of those cases of can't see for looking.
Second or third pair of eyes would be good
Thanks again

P.S. Any idea of what caused the error when loading the acl data and if it is to be worried about?

ArcaneMagus · #4 (**permalink**) 11-06-2009, 01:40 PM

I am by no means an LDAP expert, but I think you should be able to just modify it until it works.

I ran a diff between your posted code and the code in the wiki and the only difference is the domain name... so I really have no idea what the problem is there

primesoftnz · #5 (**permalink**) 11-06-2009, 01:48 PM

Thanks anyway - might post it as a specific question and see how I go.

Zimbra

Downloads

Product Information

Toolbox

Why Join?