Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: LDAP schema error

  1. #1
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default LDAP schema error

    Two months ago, I took over systems administration at a small company that uses Zimbra. I had never seen it prior to this, however, I am some familiar with postfix and the normal fleet of Linux mail related software.

    When I took it over, I was unable to add new accounts. When I would try to add a new account from the admin page, it would give an LDAP schema error. I lived with that for a while but now it needs to be fixed.

    ... so I updated LDAP using yum. That didn't help but I didn't expect it to help.

    I also upgraded Zimbra from 5.0.16 to 5.0.22.

    Now, I can't get into the admin page at all. It just shows as loading forever. Also, I can't create folders from the user page anymore.

    "There was a problem parsing your filter rules: invalid request: LDAP schema violation: [LDAP: error code 65 - unrecognized objectClass 'posixAccount']"

    I assume I need to update the LDAP scheme but how? I've browsed the docs but there are a ton of them. If someone would point me in the right direction with the documentation, or help me understand what script I need to run to correct this LDAP schema issue, I would really appreciate it.


    Thank you.

  2. #2
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    6

    Default

    It appears as if your predecessor has installed the posixAccount and samba admin zimlets. Summary: that's a way to make your zimbra server a samba domain controller as well. Check the zimbra wiki if you're interested.

    I'm quite sure this is what is causing the error. Big question is: is your zimbra server really the primary domain controller?


    • If yes: you will probably want to fix this. I would start by checking the version of the Samba and NIS schemas installed in your /opt/zimbra/openldap/etc/openldap/schema . However, since you did a zimbra upgrade, chances are the schema's are not present at all. Anyway, when you update samba (e.g. via yum) you also need to manually copy the (possibly) updated schema here.
      Also check if these lines are present in your /opt/zimbra/conf/slapd.conf.in
      Code:
      include "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
      include "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"
    • If no: disable or undeploy the "zimbra_posixAccount" and "zimbra_samba" zimlets via the cli using zmzimletctl .

  3. #3
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default

    I really appreciate the help so far.

    SAMBA is installed but not configured and not running.

    Code:
    # /opt/zimbra/bin/zmzimletctl disable zimbra_posixAccount
    [] INFO: Disabling Zimlet zimbra_posixAccount
    [] INFO: Zimlet not found: /opt/zimbra/mailboxd/webapps/service/zimlet/zimbra_posixAccount
    Code:
    # /opt/zimbra/bin/zmzimletctl disable zimbra_samba
    [] INFO: Disabling Zimlet zimbra_samba
    [] ERROR: Error
    com.zimbra.cs.zimlet.ZimletException: Cannot disable Zimlet zimbra_samba
            at com.zimbra.cs.zimlet.ZimletException.CANNOT_DISABLE(ZimletException.java:70)
            at com.zimbra.cs.zimlet.ZimletUtil.setZimletEnable(ZimletUtil.java:746)
            at com.zimbra.cs.zimlet.ZimletUtil.disableZimlet(ZimletUtil.java:771)
            at com.zimbra.cs.zimlet.ZimletUtil.dispatch(ZimletUtil.java:1588)
            at com.zimbra.cs.zimlet.ZimletUtil.main(ZimletUtil.java:1639)
    Caused by: com.zimbra.cs.account.AccountServiceException: no such zimlet: zimbra_samba
    ExceptionId:main:1268256841638:b510b5d41a464685
    Code:account.NO_SUCH_ZIMLET
            at com.zimbra.cs.account.AccountServiceException.NO_SUCH_ZIMLET(AccountServiceException.java:213)
            at com.zimbra.cs.zimlet.ZimletUtil.setZimletEnable(ZimletUtil.java:738)
            ... 3 more

  4. #4
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    6

    Default

    A long shot: but perhaps you can deploy the zimlets first, and then try again to undeploy?

    How many users is your install? If it's a small install then a server-move might be less trouble than troubleshooting this server.

  5. #5
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default

    There are 7 users on the system with about a dozen mailboxes in total.

    I'm ready to reinstall this thing. It's frustrating. I need to sit down and read the docs, figure out how to do it, and then reinstall. It will help me understand the system too.

    I'm decent with most of the components Zimbra uses but Zimbra is so much more than the components plus some glue logic. It's an extremely sophisticated environment.

    Thank you for the help.

  6. #6
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    6

    Default

    Quote Originally Posted by TomB17 View Post
    ... It will help me understand the system too.

    I'm decent with most of the components Zimbra uses but Zimbra is so much more than the components plus some glue logic. It's an extremely sophisticated environment.
    That's about the same as I felt a year and a half ago, but once you get to work with it a bit, you'll find it's actually much, much more transparent than you would think at first sight. You just had a bad position to start from

    Anyway, for migrating, try the zmztozmig script in /opt/zimbra/libexec/ . Documentation is in the release notes. Good luck!

  7. #7
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default

    I really appreciate the help, Hivos. Thank you.

  8. #8
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Sorry that another mod didn't see this before now, your post was being flagged for moderation. I approved your original post and also moved the thread to the correct forum as the "Error Reports" sub-forum is for the Zimbra Desktop application.

    If you are still interested in fixing the system, the problem isn't that the zimlets are installed, but rather that they are NOT installed. It looks like somebody got the schema installed in the LDAP database, but then didn't install the admin extensions that know that user accounts need the extra attributes.

    You might be able to reverse the steps in this section and get the admin interface able to manage users again (if you can access it).

    If you are still locked out of the admin interface, do you see any errors in the logs when you try to access it? Some places to check would be:
    Code:
    /var/log/zimbra.log
    /opt/zimbra/mailbox.log
    /opt/zimbra/audit.log

  9. #9
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default

    Thank you very much for the help and ideas. I would like to sort this out, if possible.

    If I can stabilize this environment, I will be able to take my time with regard to a migration plan (Zimbra v6, or whatever). Otherwise, I will have a gun to my head to make a change without a lot of leg work and study.

    I've tried to install the two zimlets.

    Code:
    ## /opt/zimbra/bin/zmzimletctl install /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip
    [] INFO: Installing Zimlet zimbra_posixaccount on this host.
    
    # /opt/zimbra/bin/zmzimletctl install /opt/zimbra/zimlets-admin-extra/zimbra_samba.zip
    [] INFO: Installing Zimlet zimbra_samba on this host.
    I still get an error when I try to create a filter in the web client.

    Code:
    There was a problem parsing your filter rules: invalid request: LDAP schema violation: [LDAP: error code 65 - unrecognized objectClass 'posixAccount']

    I'll look at figuring out the admin interface ....

  10. #10
    Join Date
    Mar 2010
    Posts
    13
    Rep Power
    5

    Default

    After trying to log into the admin panel, I found something that seems relevant in /opt/zimbra/log/mailbox.log


    Code:
    2010-03-11 15:53:43,443 INFO  [btpool0-226] [name=tom@liveglobalbid.com;mid=26;ip=192.168.253.84;ua=ZimbraWebClient - [unknown] (Linux);] SoapEngine - handler exception                                                                                                  
    com.zimbra.common.service.ServiceException: invalid request: LDAP schema violation: [LDAP: error code 65 - unrecognized objectClass 'posixAccount']                                                                                                                       
    ExceptionId:btpool0-226:1268344423442:081ce69aff93bdfb                                                                               
    Code:service.INVALID_REQUEST                                                                                                         
            at com.zimbra.common.service.ServiceException.INVALID_REQUEST(ServiceException.java:258)                                     
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:304)                                
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:270)                                        
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:251)                                        
            at com.zimbra.cs.account.Provisioning.modifyAttrs(Provisioning.java:1662)                                                    
            at com.zimbra.cs.service.admin.ModifyAdminSavedSearches.handle(ModifyAdminSavedSearches.java:98)                             
            at com.zimbra.cs.service.admin.ModifyAdminSavedSearches.handle(ModifyAdminSavedSearches.java:58)                             
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:428)                                                           
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:284)                                                                  
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)                                                                  
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:273)                                                                  
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)                                                              
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:185)                                                       
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)                                                              
            at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1117)
            at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
            at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1108)
            at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:370)
            at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
            at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
            at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
            at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
            at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
            at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
            at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:350)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
            at org.mortbay.jetty.Server.handle(Server.java:326)
            at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
            at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:939)
            at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
            at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
            at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
            at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
            at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
    Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - unrecognized objectClass 'posixAccount']; remaining name 'uid=tom,ou=people,dc=liveglobalbid,dc=com'
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3048)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2963)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2769)
            at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1451)
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
            at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
            at com.zimbra.cs.account.ldap.ZimbraLdapContext.modifyAttributes(ZimbraLdapContext.java:568)
            at com.zimbra.cs.account.ldap.LdapUtil.modifyAttrs(LdapUtil.java:414)
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:292)
            ... 35 more
    2010-03-11 15:53:54,383 INFO  [btpool0-231] [name=fergus@liveglobalbid.com;mid=4;ip=192.168.253.2;ua=Yahoo! Zimbra Desktop/1.0.2_1652_Linux;] soap - SyncRequest
    Last edited by TomB17; 03-11-2010 at 02:00 PM.

Similar Threads

  1. Installation problems from 5.0.11 to 6.0.4
    By dcampbell in forum Installation
    Replies: 0
    Last Post: 12-30-2009, 01:37 PM
  2. Installation zimbra Initializing ldap...failed. (28416)
    By farrukh.nadeem in forum Installation
    Replies: 10
    Last Post: 08-14-2009, 06:52 AM
  3. [SOLVED] Error running mailboxd after script backup
    By ttortosa in forum Administrators
    Replies: 5
    Last Post: 10-22-2008, 01:33 AM
  4. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  5. LDAP error code 49 - invalid credentials
    By fieze in forum Installation
    Replies: 8
    Last Post: 05-09-2008, 05:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •