Removing samba/posix zimlets for 6.0 upgrade

The Samba/Posix zimlets add a number of elements to the directory that will not be recognized during a 6.0 upgrade. Customers that are not planning to use Samba/Posix going forward may choose to remove the zimlets and their directory extensions to simplify a 6.0 upgrade.

To remove the zimlets:

zmzimletctl undeploy zimbra_posixaccount
zmzimletctl undeploy zimbra_samba

To remove the schema extensions:

1. Edit /opt/zimbra/conf/slapd.conf.in.
2. Comment out the include lines referring to solaris-nis.schema and samba.schema.

To remove the objectclass extensions from ZCS:

zmprov mcf -- -zimbraAccountExtraObjectClass sambaSamAccount
zmprov mcf -- -zimbraAccountExtraObjectClass posixAccount

At this point, any new users created will not include Samba/Posix attributes or objectclasses, and the Samba/Posix extensions will no longer be present in the admin console. The LDAP directory will also not accept any new entries that include Samba/Posix attributes or objectclasses. The 6.0 upgrade procedure dumps a copy of the LDAP directory to disk and reloads it into the system. The Samba/Posix data already in the system will cause trouble here, as it is included in the dumped out data but the schema of the 6.0 directory will not permit it to be loaded into the system. To avoid this problem, we will need to remove the Samba/Posix data from the LDAP directory prior to the upgrade.

To do this:

1.  Stop the directory server.  You may also stop all Zimbra services at this time.
2.  Run:
    /opt/zimbra/openldap/sbin/slapcat -b "" -f /opt/zimbra/conf/slapd.conf > /tmp/slapcat.out
3.  Edit slapcat.out by removing any of the following:
     Attributes:
       MEMBERUID
       HOMEDIRECTORY
       LOGINSHELL
       uidNumber
       gidNumber
       Any starting with 'samba'
       Any starting with 'posix'
       Any starting with 'nis'
       Any starting wtih 'SHADOW'
     Objectclasses:
       Any starting with 'samba'
       Any starting with 'posix'
       Any starting with 'nis'
4.  When editing is complete, move aside the existing contents of the /opt/zimbra/openldap-data directory.  All *.bdb, __*.log 
     and alock files should be moved to another directory, as should the existing db and logs directories.  When this is complete, 
     new empty db and logs directories should be created.  The only contents of the openldap-data directory should be these 
     directories and the DB_CONFIG file.
5.  Run:
     /opt/zimbra/openldap/sbin/slapadd -f /opt/zimbra/conf/slapd.conf -l /tmp/slapcat.out -b "" -c
6.  This will add the contents of the slapcat.out file to the now empty LDAP directory, recreating only entries that comply with
     the new schema.  Any remaining entries that include Samba/Posix content will be skipped.  You may see errors indicating that
     some entries are not being created because of missing objectclasses.  Those are okay.  Check the output of the slapadd 
     command for other entries that may have been skipped.  It is possible there are Samba/Posix-related attributes and 
     objectclasses that could be rejected.  If rejections are happening to user accounts or domain entries, you will need to find
     and correct them in /tmp/slapcat.out, and repeat from step 4.

When this is completed, the server should be ready for a 6.0 upgrade.

Jump to: navigation, search