Hi,

we've recently switched to Zimbra and are currently running the 5.0.2 Network Edition. In the admin console, I've marked three of our users as domain administrators. However, they can not log in to the admin console at all. I've tracked it down to this HTTP/SOAP request, which returns an internal server error, after which the webclient just hangs forever:

Code:
POST /service/admin/soap/GetLDAPEntriesRequest HTTP/1.1
The actual SOAP request is this:

Code:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
    <context xmlns="urn:zimbra">
        <userAgent name="ZimbraWebClient - FF2.0 (Mac)"/>
        <sessionId id="3288"/><format type="js"/>
        <authToken>0_6db43db77<SNIP></authToken>
    </context>
</soap:Header>
<soap:Body>
    <GetLDAPEntriesRequest xmlns="urn:zimbraAdmin">
        <ldapSearchBase/>
        <query>ou=groups</query>
    </GetLDAPEntriesRequest>
</soap:Body>
</soap:Envelope>
I've dug up the exception that is returned (but not displayed in the browser):

Code:
HTTP/1.1 500 Internal Server Error
Date: Thu, 14 Feb 2008 13:27:59 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2825

{"Body":{"Fault":{"Detail":{"Error":{
"Trace": "com.zimbra.common.service.ServiceException: permission denied: need admin token
Code:service.PERM_DENIED
        at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:213)
        at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:281)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:208)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:113)
        at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:272)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:174)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
        at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
        at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
        at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
        at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
        at org.mortbay.jetty.handler.RewriteHandler.handle(RewriteHandler.java:176)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
        at org.mortbay.jetty.Server.handle(Server.java:309)
        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
        at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
        at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
        at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)",
"Code":"service.PERM_DENIED","_jsns":"urn:zimbra"}},
"Code":{"Value":"soap:Sender"},
"Reason":{"Text":"permission denied: need admin token"}}},
"Header":{"context":{"sessionId":[{"id":"3288","_content":"3288","type":"admin"}],
"change":{"token":199},"_jsns":"urn:zimbra"}},
"_jsns":"urn:zimbraSoap"}
I have no idea how to solve this. All the other SOAP request work fine and look the same as this one. They all contain the same ZM_ADMIN_AUTH_TOKEN cookie and the same authToken SOAP tag, why would this one fail?