Results 1 to 3 of 3

Thread: [SOLVED] Help! Zimbra upgrade to 5.0.9 breaks pam_ldap authentication

Hybrid View

  1. #1
    Join Date
    Oct 2006
    Rep Power

    Default [SOLVED] Help! Zimbra upgrade to 5.0.9 breaks pam_ldap authentication


    I just upgraded to Zimbra 5.0.9 (from 5.0.4) and while the upgrade went well with regards email, we also use Zimbra as an LDAP master for the company and unfortunately the unix hosts are failing authentication through pam_ldap.

    (Interestingly everything else which authenticates against that LDAP - Samba, Radius, Apache is working fine).

    /var/log/secure reports:
    Aug 20 23:32:21 samba sshd[2254]: fatal: login_get_lastlog: Cannot find account for uid 1024

    and a sudo su - reports:
    sudo: uid 1024 does not exist in the passwd file!

    But getent passwd shows the entry for that UID:
    [user@samba ~]$ getent passwd | grep 1024
    user:*:1024:1027:User Account:/home/user:/bin/bash

    Anyone any ideas?


  2. #2
    Join Date
    Oct 2006
    Rep Power


    Ok, looking further, I can browse the LDAP tree just fine, but when I start to search it using filters, the data that is browsable is not coming back. As such, I am assuming that the LDAP is corrupt, in spite of a lack of error messages to confirm this.

    I have tested that I can restore my backup from immediately prior to the upgrade (yes jholder, I did read!) but prior to applying this process to the production server wanted to know what the implications of a restored 5.0.4 LDAP tree running on a 5.0.9 Zimbra instance.

    Will I need to reapply any changes between the two versions? And if so, how?


  3. #3
    Join Date
    Oct 2006
    Rep Power


    Zimbra support confirmed that running a 5.0.4 LDAP tree against the upgraded 5.0.9 Zimbra should not be a problem. Although they are still analysing one of my log files to ensure there are no ongoing issues as a result.

    To restore the LDAP tree I did (as Zimbra):

    $ mv openldap-data openldap-data-crash
    $ mkdir -p /opt/zimbra/openldap-data/logs /opt/zimbra/openldap-data/accesslog/db /opt/zimbra/openldap-data/accesslog/logs
    $ cp openldap-data-crash/DB_CONFIG openldap-data
    $ cp openldap-data-crash/accesslog/db/DB_CONFIG openldap-data/accesslog/db
    $ cd openldap-data
    $ /opt/zimbra/openldap/sbin/slapadd -q -b "" -f ~/conf/slapd.conf -cv -l ../backup/sessions/full-<backup tag>/ldap/ldap.bak

    Other forum entries have a similar procedure, but mine was different for some reason - by virtue of the accesslog db. The -b "" was required to ensure the correct DB dirs were used.

    There is no need to run a slapindex afterwards apparently.

    So I ran this and it all appeared to work. Thanks to Zimbra support for all their help.

Similar Threads

  1. Replies: 8
    Last Post: 01-12-2012, 01:20 AM
  2. admin consol blank after 5.0.3 upgarde
    By maumar in forum Administrators
    Replies: 6
    Last Post: 03-21-2008, 05:16 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 11:45 AM
  5. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts