Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Domain administrators can not log in to admin console

  1. #1
    Join Date
    Jan 2008
    Posts
    3
    Rep Power
    7

    Default Domain administrators can not log in to admin console

    Hi,

    we've recently switched to Zimbra and are currently running the 5.0.2 Network Edition. In the admin console, I've marked three of our users as domain administrators. However, they can not log in to the admin console at all. I've tracked it down to this HTTP/SOAP request, which returns an internal server error, after which the webclient just hangs forever:

    Code:
    POST /service/admin/soap/GetLDAPEntriesRequest HTTP/1.1
    The actual SOAP request is this:

    Code:
    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
    <soap:Header>
        <context xmlns="urn:zimbra">
            <userAgent name="ZimbraWebClient - FF2.0 (Mac)"/>
            <sessionId id="3288"/><format type="js"/>
            <authToken>0_6db43db77<SNIP></authToken>
        </context>
    </soap:Header>
    <soap:Body>
        <GetLDAPEntriesRequest xmlns="urn:zimbraAdmin">
            <ldapSearchBase/>
            <query>ou=groups</query>
        </GetLDAPEntriesRequest>
    </soap:Body>
    </soap:Envelope>
    I've dug up the exception that is returned (but not displayed in the browser):

    Code:
    HTTP/1.1 500 Internal Server Error
    Date: Thu, 14 Feb 2008 13:27:59 GMT
    Content-Type: text/javascript; charset=utf-8
    Content-Length: 2825
    
    {"Body":{"Fault":{"Detail":{"Error":{
    "Trace": "com.zimbra.common.service.ServiceException: permission denied: need admin token
    Code:service.PERM_DENIED
            at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:213)
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:281)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:208)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:113)
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:272)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:174)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
            at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
            at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
            at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
            at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
            at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
            at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
            at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
            at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
            at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
            at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
            at org.mortbay.jetty.handler.RewriteHandler.handle(RewriteHandler.java:176)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
            at org.mortbay.jetty.Server.handle(Server.java:309)
            at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
            at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
            at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
            at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
            at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
            at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
            at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)",
    "Code":"service.PERM_DENIED","_jsns":"urn:zimbra"}},
    "Code":{"Value":"soap:Sender"},
    "Reason":{"Text":"permission denied: need admin token"}}},
    "Header":{"context":{"sessionId":[{"id":"3288","_content":"3288","type":"admin"}],
    "change":{"token":199},"_jsns":"urn:zimbra"}},
    "_jsns":"urn:zimbraSoap"}
    I have no idea how to solve this. All the other SOAP request work fine and look the same as this one. They all contain the same ZM_ADMIN_AUTH_TOKEN cookie and the same authToken SOAP tag, why would this one fail?

  2. #2
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    Try removing their admin status, restart Zimbra and then add their admin status again.

  3. #3
    Join Date
    Jan 2008
    Posts
    3
    Rep Power
    7

    Default

    Hi Bill,

    thanks for the tip. Unfortunately it didn't work

  4. #4
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    It looks like you have Zimbra+Samba integration installed? The quick work-around is to undeploy zimbra_posixaccount and zimbra_samba admin UI extensions (you can do it from the admin UI).
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  5. #5
    Join Date
    Jan 2008
    Posts
    3
    Rep Power
    7

    Default

    Greg, you are right.

    I'm already working with Adam from Zimbra support on this.
    Undeploying the Posix and Samba extensions does indeed fix the problem. However, we actually need this integration, so I'm hoping/waiting for a more suitable solution...

    Thanks,
    Leander

  6. #6
    Join Date
    Feb 2008
    Posts
    1
    Rep Power
    7

    Default

    Hi all,

    any news (or workaroud) about?

    Thanks.

  7. #7
    Join Date
    Jul 2006
    Posts
    34
    Rep Power
    9

    Default Re; Zimbra/Samba users

    Are we to take it that Samba users are now stuffed when it comes to version 5 and this feature / option is no longer being supported?

    [It does appear that the LDAP extension either doesn't work with v5, or it doesn't work with the Samba/Posix modules, or there's an undocumented trick to making it work]

  8. #8
    Join Date
    Jul 2006
    Posts
    34
    Rep Power
    9

    Default System stuffed after trying to upgrade to 5.0.4

    Seemed easy;

    a. Upgrade
    b. zmzimctl undeploy zimbra_posixaccount
    c. zmzimctl undeploy zimbra_samba
    d. Install new LDAP jar
    e. Unpack zimbra_posix and zimbra_samba
    f. Edit the domainsuffixes and repack
    g. Install both .zip's via the deploy button the admin interface
    h. Click refresh and I get a login please wait box and the following error ...

    com.zimbra.common.service.ServiceException: unknown document: GetLDAPEntriesRequest
    ExceptionId:btpool0-6:1206976382849:c78e8467ed368c70
    Code:service.UNKNOWN_DOCUMENT
    at com.zimbra.common.service.ServiceException.UNKNOWN _DOCUMENT(ServiceException.java:267)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:306)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:250)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:156)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:266)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:177)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:716)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:406)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.handler.RewriteHandler.handle(Re writeHandler.java:176)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:313)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:844)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:644)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:211)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)

    (!)

  9. #9
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by gareth View Post
    Are we to take it that Samba users are now stuffed when it comes to version 5 and this feature / option is no longer being supported?

    [It does appear that the LDAP extension either doesn't work with v5, or it doesn't work with the Samba/Posix modules, or there's an undocumented trick to making it work]
    The LDAP extension is now shipped with ZCS, so the one on the gallery should not be used (I'll remove it). The fix for this problem is in the UI extensions (zimbra_posixaccount.zip and zimbra_samba.zip). This is the bug: Bug 24861 - DomainAdmin login fails with posixaccount/samba zimlets enabled
    I fixed it on Feb 27, so any release that is after Feb 27 will have the fixed ZIP files. The files in the gallery are older and do not have the fix.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  10. #10
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by gareth View Post
    Seemed easy;

    a. Upgrade
    b. zmzimctl undeploy zimbra_posixaccount
    c. zmzimctl undeploy zimbra_samba
    d. Install new LDAP jar
    (!)
    If you downloaded these ZIP files and LDAP jar from the gallery and you upgraded to 5.0.4, please remove the files that you downloaded and reinstall the files from 5.0.4, because the files in the gallery were outdated, but the files in 5.0.4 have the fix.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

Similar Threads

  1. Errors installing Outlook Connector
    By Tim G in forum Zimbra Connector for Outlook
    Replies: 57
    Last Post: 05-05-2011, 03:27 PM
  2. Connector Fails
    By ILLCOMM in forum Zimbra Connector for Outlook
    Replies: 4
    Last Post: 09-28-2007, 01:08 PM
  3. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 10:35 AM
  4. Silly mistake -- now cant log into admin console
    By animasana in forum Administrators
    Replies: 10
    Last Post: 07-05-2007, 05:00 AM
  5. Why cant i log in the Admin console?
    By aldreenR in forum Administrators
    Replies: 1
    Last Post: 02-20-2007, 12:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •