Uninstall Instructions for Unix and Windows Account Management in Admin UI
Uninstall instructions for UNIX and Windows Account Management in Admin UI
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
- This article is a Work in Progress, and may be unfinished or missing sections.
Statement of Intent
I wrote these instructions up as a guideline for two reasons:
- This procedure was carried out for the environment that I administer, and I thought it might be useful to others.
- There was a comment on Greg's original setup page asking for uninstall instructions.
Please note that this is a first draft, and thus, a work in progress.
Tested Platform
This is a partial disclaimer section. These steps have been tested on Ubuntu 8.04 LTS 64-bit edition running Zimbra 5.0.18 Network Edition.
Uninstall Steps
- Like any good Systems Administrator, you should do a full backup of your Zimbra server before doing anything else.
- Undeploy the Samba and Posix Admin Zimlets from the Zimbra Admin GUI.
- Stop the Samba services on your Samba server, and remove any references to the Zimbra server from the smb.conf file.
- Remove the libnss-ldap and libpam-ldap packages you've installed on the Samba server.
- Set back the default entries in the following files under /etc/pam.d on your Samba server: common-auth, common-account, common-session, common-password.
- Set back the default entries in the /etc/nsswitch.conf file.
- Stop Zimbra via zmcontrol stop
- On the Zimbra Server, run these commands:
zmprov mcf -zimbraAcccountExtraObjectClass posixAccount zmprov mcf -zimbraAccountExtraObjectClass sambaSamAccount
- To remove the attributes from accounts that already have Samba and Posix attributes, you need to run the following set of commands:
zmprov ma user -objectClass posixAccount -uidNumber XXXXX -gidNumber XXXXX -homeDirectory /home/user -loginShell /bin/whatever zmprov ma user -objectClass sambaSamAccount -sambaSID S-X-X-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXX-XXXXX -sambaAcctFlags [UX] -sambaDomainName SAMBA.DOMAIN.COM -sambaNTPassword sAmBaNTHaSh -sambaLMPassword sAmBaLMHaSh
Note: These values can be found by running the 'zmprov ga user' command on the Zimbra server and browsing/grep'ing the output.
- This script automatically cleans the user list from POSIX attributes
#!/bin/sh # this script removes all the posix attributes from zimbra userlist # run me as zimbra user # Works for me, hope this helps folks! Quentin Bierent for i in $(zmprov gaa); do echo -e "\ncleaning user account : $i" posixAccount=$(zmprov ga $i | grep posixAccount | sed 's/objectClass:\ //') echo "posixAccount=$posixAccount" uidNumber=$(zmprov ga $i | grep uidNumber | sed 's/uidNumber:\ //') echo "uidNumber=$uidNumber" gidNumber=$(zmprov ga $i | grep gidNumber | sed 's/gidNumber:\ //') echo "gidNumber=$gidNumber" homeDirectory=$(zmprov ga $i | grep homeDirectory | sed 's/homeDirectory:\ //') echo "homeDirectory=$homeDirectory" loginShell=$(zmprov ga $i | grep loginShell | sed 's/loginShell:\ //') echo "loginShell=$loginShell" ##### zmprov ma $i -objectClass posixAccount -uidNumber $uidNumber -gidNumber $gidNumber -homeDirectory "$homeDirectory" -loginShell "$loginShell" ##### sambaSamAccount=$(zmprov ga $i | grep sambaSamAccount | sed 's/obectclass:\ //') echo "sambaSamAccount=$sambaSamAccount" sambaSID=$(zmprov ga $i | grep sambaSID | sed 's/sambaSID:\ //') echo "sambaSID=$sambaSID" sambaAcctFlags=$(zmprov ga $i | grep sambaAcctFlags | sed 's/sambaAcctFlags:\ //') echo "sambaAcctFlags=$sambaAcctFlags" sambaDomainName=$(zmprov ga $i | grep sambaDomainName | sed 's/sambaDomainName:\ //') echo "sambaDomainName=$sambaDomainName" sambaNTPassword=$(zmprov ga $i | grep sambaNTPassword | sed 's/sambaNTPassword:\ //') echo "sambaNTPassword=$sambaNTPassword" sambaLMPassword=$(zmprov ga $i | grep sambaLMPassword | sed 's/sambaLMPassword:\ //') echo "sambaLMPassword=$sambaLMPassword" ##### zmprov ma $i -objectClass sambaSamAccount -sambaSID "$sambaSID" -sambaAcctFlags "$sambaAcctFlags" -sambaDomainName "$sambaDomainName" -sambaNTPassword "$sambaNTPassword" -sambaLMPassword "$sambaLMPassword" ##### done
- the users password change may still be blocked by unkwown attribute, those commands helped to pinpoint the problem
$ zmprov gacf | grep samba zimbraPasswordChangeListener: sambapassword $ zmprov mcf -zimbraPasswordChangeListener sambapassword
- Edit the /opt/zimbra/conf/slapd.conf.in file and remove the following indexes:
#indexes for PAM index uidNumber eq index gidNumber eq index memberUID eq #indexes for Samba index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq
- Remove the GAL/Posix access entries:
# only allow access to these attrs basically GAL/Postfix related attrs access to dn.subtree="ou=people,dc=gregzimbra1,dc=zimbra,dc=com" by dn.children="cn=admins,cn=zimbra" write by * read access to dn.subtree="ou=groups,dc=gregzimbra1,dc=zimbra,dc=com" by dn.children="cn=admins,cn=zimbra" write by * read
Note: As an alternative to the past two steps, you can just substitute a non-modified Zimbra slapd.conf.in file.
- Once this is done, you're almost out of the woods, but this last step is very, very important. You MUST run slapindex to update the indexes in your Zimbra LDAP database, or you run the risk of having segfault/protection errors that crash the slapd process. So far, this has mostly been observed using Zimbra Network Edition running on Ubuntu 8.04 Server LTS. The exact command is '/opt/zimbra/openldap-2.3.43.10z/sbin/slapindex'. The command will probably throw you an error message about "loglevel". Open the referenced slapd file and temporarily change the log-level to an actual number (49152 is what I usually set it to). Then revert that change after slapindex has run. Start Zimbra again via 'zmcontrol start' and watch the processes for about 30 minutes to make sure nothing is amiss. If you get slapd errors, run slapindex again, it's usually the cause of the problem.
- Do another full backup of your Zimbra server.