Results 1 to 2 of 2

Thread: Problem with nis.schema and resources

Hybrid View

  1. #1
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Unhappy Problem with nis.schema and resources

    Hi folks,

    we are running Zimbra 5.0.21 on our productive environment with ~ 150 users. Right now I am preparing the upgrade to Zimbra v6.0.6 but unfortunately I ran into some issues with the nis.schema. We are using the schema for posixGroups etc.

    There are some objects in my LDAP tree which brake the constraints inherited from the objectClass: posixAccount

    According to the original Zimbra nis.schema for this objectClass the following attributes are mandatory:

    cn
    uid
    uidNumber
    gidNumber
    homeDirectory

    The according line within the nis.schema is: MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )

    Unfortunately there are some objects in our LDAP tree braking this rule.
    These are all resources (just two which we are using for tests) and the original Zimbra accounts ham and spam

    Please see the according LDAP output for the spam account below

    Code:
    # spam, people, zimbra.ourdomain.com
    dn: uid=spam,ou=people,dc=zimbra,dc=ourdomain,dc=com
    zimbraAttachmentsIndexingEnabled: FALSE
    objectClass: organizationalPerson
    objectClass: zimbraAccount
    objectClass: amavisAccount
    objectClass: posixAccount
    ...
    uidNumber, gidNumber and homeDirectory are missing for the spam object, which is basically not possible since these attributes are mandatory for the objectClass posixAccount.

    Same problem with our Zimbra resources. I deleted the resources within the Zimbra Admin interface and tried to create them again to see, if the new resource object will be created correctly but unfortunately I can't create any new resource object, due to the mentioned objectClass restrictions for posixAccount.
    I get the following error message within the Admin webinterface:

    Code:
    Invalid request Message: invalid request: createAccount invalid schema change: [LDAP: error code 65 - object class 'posixAccount' requires attribute 'uidNumber'] Error code: service.INVALID_REQUEST Method: CreateCalendarResourceRequest Details:soap:Sender
    I am wondering why Zimbra uses the objectClass posixAccount for resources and doesn't set the right attributes as defined in the original nis.schema?

    Of course I could change the lines in nis.schema from:

    Code:
    MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
    MAY ( userPassword $ loginShell $ gecos $ description ) )
    to

    Code:
    MUST ( cn $ uid )
    MAY ( userPassword $ loginShell $ gecos $ description $ uidNumber $ gidNumber $ homeDirectory) )
    but this is definitely not recommended and I really don't want to mess something up.

    Hopefully someone can help me out, seems to me like the chicken or the egg dilemma.

  2. #2
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    hmm, noone?

Similar Threads

  1. Replies: 10
    Last Post: 11-05-2012, 03:25 AM
  2. Problem with finding resources
    By rlaneice in forum Administrators
    Replies: 4
    Last Post: 08-22-2012, 01:27 AM
  3. Deleting declined appointments for resources
    By Zoltan67 in forum Administrators
    Replies: 3
    Last Post: 05-18-2010, 10:12 AM
  4. Managed resources don't show as declined?
    By andrew_l in forum Administrators
    Replies: 0
    Last Post: 07-30-2008, 09:03 AM
  5. Resources Management
    By ahidalgo in forum Developers
    Replies: 2
    Last Post: 06-24-2007, 05:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •