Uninstall Instructions for Unix and Windows Account Management in Admin UI: Difference between revisions

Statement of Intent

I wrote these instructions up as a guideline for two reasons:

• This procedure was carried out for the ronment I have set up, and I thought it might be useful to others.
• There was a comment on Greg's original setup page asking for uninstall instructions.

Please note that this is a first draft, and thus, a work in progress.

Tested Platform

This is a partial disclaimer section. These steps have been tested on Ubuntu 8.04 LTS 64-bit edition running Zimbra 5.0.18 Network Edition.

Uninstall Steps

• Like any good Systems Administrator, you should do a full backup of your Zimbra server before doing anything else.
• Undeploy the Samba and Posix Admin Zimlets from the Zimbra Admin GUI.
• Stop the Samba services on your Samba server, and remove any references to the Zimbra server from the smb.conf file.
• Remove the libnss-ldap and libpam-ldap packages you've installed on the Samba server.
• Set back the default entries in the following files under /etc/pam.d on your Samba server: common-auth, common-account, common-session, common-password.
• Set back the default entries in the /etc/nsswitch.conf file.
• Stop Zimbra via zmcontrol stop
• Run the commands: zmprov mcf -zimbraAcccountExtraObjectClass posixAccount, zmprov mcf -zimbraAccountExtraObjectClass sambaSamAccount
• To remove the attributes from accounts that already have Samba and Posix attributes, you need to run the following set of commands: zmprov ma user -objectClass posixAccount -uidNumber XXXXX -gidNumber XXXXX -homeDirectory /home/user -loginShell /bin/whatever, zmprov ma user -objectClass sambaSamAccount -sambaSID S-X-X-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXX-XXXXX -sambaAcctFlags [UX] -sambaDomainName SAMBA.DOMAIN.COM -sambaNTPassword sAmBaNTHaSh -sambaLMPassword sAmBaLMHaSh

  Note: These values can be found by running the 'zmprov ga user' command on the Zimbra server and browsing/grep'ing the output.

• Edit the /opt/zimbra/conf/slapd.conf.in file and remove the following indexes:

#indexes for PAM
index uidNumber             eq
index gidNumber             eq
index memberUID             eq

#indexes for Samba
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq

• Remove the GAL/Posix access entries:

# only allow access to these attrs basically GAL/Postfix related attrs

access to dn.subtree="ou=people,dc=gregzimbra1,dc=zimbra,dc=com"

       by dn.children="cn=admins,cn=zimbra" write
       by * read

access to dn.subtree="ou=groups,dc=gregzimbra1,dc=zimbra,dc=com"

       by dn.children="cn=admins,cn=zimbra" write
       by * read
  Note: As an alternative to the past two steps, you can just substitute a non-modified Zimbra slapd.conf.in file.

• Once this is done, you're almost out of the woods, but this last step is very, very important. You MUST run slapindex to update the indexes in your Zimbra LDAP database, or you run the risk of having segfault/protection errors that crash the slapd process. So far, this has mostly been observed using Zimbra Network Edition running on Ubuntu 8.04 Server LTS. The exact command is '/opt/zimbra/openldap-2.3.43.10z/sbin/slapindex'. The command will probably throw you an error message about "loglevel". Open the referenced slapd file and temporarily change the log-level to an actual number (49152 is what I usually set it to). Then revert that change after slapindex has run. Start Zimbra again via 'zmcontrol start' and watch the processes for about 30 minutes to make sure nothing is amiss. If you get slapd errors, run slapindex again, it's usually the cause of the problem.
• Do another full backup of your Zimbra server.