Results 1 to 3 of 3

Thread: ZCS 6 + Samba - password change issues

  1. #1
    Join Date
    Nov 2008
    Posts
    18
    Rep Power
    6

    Default ZCS 6 + Samba - password change issues

    I have followed UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki somewhat (some changes needed because Samba in my case is running under OpenSolaris, so LDAP client configuration is handled differently from the way it's handled under Linux) and have the following situation:

    From the Zimbra Admin interface (off port 7071), if an admin changes a user's password, it correctly applies to both ZWC and Samba logins.

    When a user is logged into ZWC and changes their password, it only changes for ZWC but not for Samba. I'm not sure where to look for debugging information on this. Since the admin interface works correctly to change the Windows password, I'd really like the ZWC to work correctly as well.

    When a user initiates password change from a Windows workstation attached to the Samba PDC, it correctly changes the Samba/Windows password, but fails to change the LDAP password and gives a misleading error to the user, making them think the password change failed when it didn't. Capturing the LDAP traffic between the Samba server and the Zimbra LDAP server and looking at it with Wireshark, when Samba (bound as 'uid=zmposixroot,cn=appaccts,cn=zimbra') attempts to do the passwdModifyOID against the correct userIdentity (in this case, uid=test_ts,ou=people,dc=ledgertranscript,dc=com), it gets back the ldap error 'insufficientAccessRights'.

    Does anyone know which step in the wiki entry for integrating Samba and ZCS6 is supposed to grant zmposixroot the right to change ldap user's password?

  2. #2
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    The issue of ZWC not changing the Samba password is addressed in this bug: Bug 17321 - Support change password listeners in provisioning and support Samba change password in the samba admin extension

    As for the ACL rights, it should be handled in the last section of part 1.

  3. #3
    Join Date
    Nov 2008
    Posts
    18
    Rep Power
    6

    Default

    Quote Originally Posted by ArcaneMagus View Post
    The zimlet referenced at the end of this bug says it is for 5.x - should it (in theory) also work for 6?

    Quote Originally Posted by ArcaneMagus View Post
    As for the ACL rights, it should be handled in the last section of part 1.
    This is what ldapsearch tells me:

    ldapsearch -x -H ldapi:/// -D cn=config -W -b cn=config olcDatabase={2}hdb

    Code:
    olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by d
     n.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    olcAccess: {10}to dn.subtree="dc=ledgertranscript,dc=com" by dn.children="cn=a
     dmins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" wr
     ite by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=ledgertranscript,dc=com" by dn.ch
     ildren="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,c
     n=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * non
     e
    olcAccess: {12}to dn.subtree="ou=groups,dc=ledgertranscript,dc=com" by dn.chil
     dren="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=
     zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=ledgertranscript,dc=com" by dn.chil
     dren="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=
     zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    So I've applied something, but I'm not entirely comfortable with LDAP syntax, so I could easily have messed up the syntax.

Similar Threads

  1. external LDAP, password change
    By zaf in forum Administrators
    Replies: 7
    Last Post: 04-30-2010, 04:29 AM
  2. Password Change and SSO
    By papango in forum Administrators
    Replies: 2
    Last Post: 04-22-2008, 03:40 AM
  3. I can't change my password on Zimbra 5
    By danny.sierra@omtech.net in forum Users
    Replies: 4
    Last Post: 01-24-2008, 02:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •