Ajcody-Zimlet-Notes: Difference between revisions
Line 91: | Line 91: | ||
* Other Issues | * Other Issues | ||
** "Have the Unix Windows LDAP Samba extensions installed and configured by default" | |||
*** Basically a request to have Samba/Posix items to more integrated into product and include more admin console UI controls. | |||
*** http://bugzilla.zimbra.com/show_bug.cgi?id=22509 | |||
** "Suggestions to improve Posix and Samba Zimlets" | |||
*** Items requested: | |||
**** a) Add an option to expire the Samba password to force them change the password. | |||
**** b) In the memberuid option under Posix Groups: Could you add an option to allow the users to select a single or multiple zimbra users to fill them up quickly? | |||
**** c) Add an additional button to display all users that belongs to this particular Posix Group. | |||
**** d) Add an additional button in the user profile screen that displays all the groups that he/she belongs to. | |||
*** http://bugzilla.zimbra.com/show_bug.cgi?id=18141 | |||
====Can't Manage Users After Removing Samba & Posix Zimlet==== | ====Can't Manage Users After Removing Samba & Posix Zimlet==== |
Revision as of 16:41, 19 December 2008
- This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. |
Zimlets
Actual Zimlet Notes Homepage
Please see Ajcody-Zimlet-Notes
Location Of Zimlets
Zimlets should be already located on the zimbra server in one of these directories:
/opt/zimbra/zimlets/ /opt/zimbra/zimlets-admin-extra/ /opt/zimbra/zimlets-extra/ /opt/zimbra/zimlets-experimental/ /opt/zimbra/zimlets-network/
How To List Currently Installed Zimlets
Do the following:
zmzimletctl listZimlets
You can also see them in the admin console.
Configuration > Zimlets
Configuration > Admin Extensions
How To Deploy Zimlets
To deploy a zimlet, simply cd to the directory where the zimlet is located and issue this command:
/opt/zimbra/bin/zmzimletctl deploy <zimlet_name>
Something like:
zmzimletctl deploy /opt/zimbra/zimlets-extra/com_zimbra_ycurrency.zip
You can also deploy them via the admin console.
Configuration > Zimlets
Configuration > Admin Extensions
How To Undeploy / Uninstall Zimlets
See how the zimlet is named:
zmzimletctl listZimlets
Now run the following with the naming convention used from the above output:
zmzimletctl undeploy com_zimbra_ycurrency
You can also undeploy them via the admin console.
Configuration > Zimlets
Configuration > Admin Extensions
Samba & Posix Zimlet
Main Samba & Posix How-To Reference
Please see:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Account_management_in_Admin_UI
Important Bugs-RFE's Related To Samba Posix Issues
Please see:
- Post Upgrade Issues
- "Accounts disappear in Admin-Console after Update"
- Note with bug from devs
- "This is because slapd.conf.in is always reset on upgrade. This has been the case for all releases. With the move to cn=config in GnR, it will be possible for people to keep additional schema loaded across upgrades after their first initial move to GnR and adding them back in."
- http://bugzilla.zimbra.com/show_bug.cgi?id=33628
- The below bug will probably be marked a dup of 33628
- "Upgrade for zimbra_posixaccount and zimbra_samba"
- Note with bug from devs
- "BNR fails to restore accounts that were created and backed up prior to Zimbra-Samba integration"
- "zmrestore fails when posix & samba zimlets are active."
- "posix extension requires memberUid to contain a uidNumber"
- This is related to the restore issues as well.
- http://bugzilla.zimbra.com/show_bug.cgi?id=26423
- "Accounts disappear in Admin-Console after Update"
- Other Issues
- "Have the Unix Windows LDAP Samba extensions installed and configured by default"
- Basically a request to have Samba/Posix items to more integrated into product and include more admin console UI controls.
- http://bugzilla.zimbra.com/show_bug.cgi?id=22509
- "Suggestions to improve Posix and Samba Zimlets"
- Items requested:
- a) Add an option to expire the Samba password to force them change the password.
- b) In the memberuid option under Posix Groups: Could you add an option to allow the users to select a single or multiple zimbra users to fill them up quickly?
- c) Add an additional button to display all users that belongs to this particular Posix Group.
- d) Add an additional button in the user profile screen that displays all the groups that he/she belongs to.
- http://bugzilla.zimbra.com/show_bug.cgi?id=18141
- Items requested:
- "Have the Unix Windows LDAP Samba extensions installed and configured by default"
Can't Manage Users After Removing Samba & Posix Zimlet
This is after you have removed the samba & posix zimlets and now can't see or manage old accounts in the admin ui. You might need to remove the samba/posix references in each user account. You'll need the nis.schema and samba.schema configured for ldap for this to work.
Untested comment, 3 things needed for this.
1. deployed samba/posix zimlet
2. add/have the samba/nis schema
3. add/have the extra oc's
zmprov mcf +zimbraAccountExtraObjectClass posixAccount zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount
If you do this on one of the old accounts:
zmprov ga user@domain.com
And you see:
objectClass: posixAccount objectClass: sambaSamAccount
These steps might need to be done.
Create a file called mod.ldif . Modify the dn line - dn: uid=posix1,ou=people,dc=testdomain,dc=com - for your server and user.
# posix1, people, testdomain.com dn: uid=posix1,ou=people,dc=testdomain,dc=com changetype: modify delete: objectClass objectClass: posixAccount - delete: objectClass objectClass: sambaSamAccount - delete: uidNumber - delete: gidNumber - delete: loginShell - delete: sambaAcctFlags - delete: sambaSID - delete: homeDirectory - delete: sambaNTPassword # posix2, people, testdomain.com dn: uid=posix2,ou=people,dc=testdomain,dc=com changetype: modify delete: objectClass objectClass: posixAccount - delete: objectClass objectClass: sambaSamAccount - delete: uidNumber - delete: gidNumber - delete: loginShell - delete: sambaSID - delete: homeDirectory - delete: sambaNTPassword
Then run a command similar to this, modify it for your environment:
ldapmodify -D uid=zimbra,cn=admins,cn=zimbra -w PassWord -H ldap://ldapmaster.hostname.com:389 -x -f /tmp/mod.ldif
Problems With The Above Steps?
Please see :
http://wiki.zimbra.com/index.php?title=King0770-Notes#LDAP_-_Export_.26_Reimport
It should be possible to modify the dump and the re-import. This has not been tested yet, though.
Steps done in one test. Please note, you'll still need to visually review the ldap file to see what lines need to be remove, this can't be scripted out.
-as zimbra- zimbra$ libexec/zmslapcat /tmp/ldap zimbra$ egrep -iv 'sambaSamAccount|posixAccount|uidNumber|gidNumber|loginShell|sambaAcctFlags|sambaSID|homeDirectory|sambaNTPassword' ldap.bak > ldap.bak2 zimbra$ egrep -i 'samba|posix' ldap.bak2 zimbra$ vi ldap.bak2 zimbra$ egrep -i 'loginshell|HOMEDIRECTORY|MEMBERUID' ldap.bak2 zimbra$ vi ldap.bak2 zimbra$ zmcontrol stop zimbra$ ps -aux | grep slapd 6) su - root 7) mv /opt/zimbra/openldap-data /opt/zimbra/openldap-data.OLD 8) mkdir -p /opt/zimbra/openldap-data/logs 9) chown -R zimbra:zimbra /opt/zimbra/openldap-data/ 10) su - zimbra zimbra$ cd /opt/zimbra/openldap-data.OLD zimbra$ cp DB_CONFIG ../openldap-data/ zimbra$ cd zimbra$ /opt/zimbra/openldap/sbin/slapadd -f /opt/zimbra/conf/slapd.conf -l /tmp/ldap/ldap.bak2 The first database does not allow slapadd; using the first available one (2) is_entry_objectclass("cn=IT,ou=groups,dc=XXXXX,dc=com", "2.16.840.1.113730.3.2.6") no objectClass attribute slapadd: dn="cn=IT,ou=groups,dc=XXXXX,dc=com" (line=11179): no objectClass attribute zimbra$ zmcontrol start ### Output ### assigned-72-29-183-240:~ zimbra$ libexec/zmslapcat /tmp/ldap2/ UNKNOWN attributeDescription "LOGINSHELL" inserted. UNKNOWN attributeDescription "HOMEDIRECTORY" inserted. UNKNOWN attributeDescription "SAMBAACCTFLAGS" inserted. UNKNOWN attributeDescription "SAMBASID" inserted. UNKNOWN attributeDescription "SAMBADOMAINNAME" inserted. UNKNOWN attributeDescription "SAMBANTPASSWORD" inserted. UNKNOWN attributeDescription "SAMBAALGORITHMICRIDBASE" inserted. UNKNOWN attributeDescription "SAMBANEXTUSERRID" inserted. UNKNOWN attributeDescription "SAMBAMINPWDLENGTH" inserted. UNKNOWN attributeDescription "SAMBALOGONTOCHGPWD" inserted. UNKNOWN attributeDescription "SAMBAMAXPWDAGE" inserted. UNKNOWN attributeDescription "SAMBAMINPWDAGE" inserted. UNKNOWN attributeDescription "SAMBALOCKOUTDURATION" inserted. UNKNOWN attributeDescription "SAMBALOCKOUTOBSERVATIONWINDOW" inserted. UNKNOWN attributeDescription "SAMBALOCKOUTTHRESHOLD" inserted. UNKNOWN attributeDescription "SAMBAFORCELOGOFF" inserted. UNKNOWN attributeDescription "SAMBAREFUSEMACHINEPWDCHANGE" inserted. UNKNOWN attributeDescription "SAMBAPWDHISTORYLENGTH" inserted. UNKNOWN attributeDescription "SAMBAGROUPTYPE" inserted. UNKNOWN attributeDescription "MEMBERUID" inserted. UNKNOWN attributeDescription "SAMBAPASSWORDHISTORY" inserted. UNKNOWN attributeDescription "SAMBAPWDLASTSET" inserted.
I Lost My Users After An Upgrade - Samba Posix Zimlet
This is from a case I saw and how a customer fixed it.
- In order to fix this we did.
- 1. Replace slapd.conf.in
- 2. restarted zimbra (not sure if this is necessary, but its what we did.)
- 3. zmprov mcf +zimbraAccountExtraObjectClass posixAccount
- 4. zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount
- 5. ldap stop && ldap start && ldap stop && ldap start
- The odd thing is, I looked in the zmprov gcf originally and posixAccount and sambaSamAccount had already been added?