Uninstall Instructions for Unix and Windows Account Management in Admin UI

Uninstall instructions for UNIX and Windows Account Management in Admin UI

   KB 3010        Last updated on 2015-07-13  




0.00
(0 votes)

Statement of Intent

I wrote these instructions up as a guideline for two reasons:

Please note that this is a first draft, and thus, a work in progress.

Tested Platform

This is a partial disclaimer section. These steps have been tested on Ubuntu 8.04 LTS 64-bit edition running Zimbra 5.0.18 Network Edition.

Uninstall Steps

  • Like any good Systems Administrator, you should do a full backup of your Zimbra server before doing anything else.
  • Undeploy the Samba and Posix Admin Zimlets from the Zimbra Admin GUI.
  • Stop the Samba services on your Samba server, and remove any references to the Zimbra server from the smb.conf file.
  • Remove the libnss-ldap and libpam-ldap packages you've installed on the Samba server.
  • Set back the default entries in the following files under /etc/pam.d on your Samba server: common-auth, common-account, common-session, common-password.
  • Set back the default entries in the /etc/nsswitch.conf file.
  • Stop Zimbra via zmcontrol stop
  • On the Zimbra Server, run these commands:
zmprov mcf -zimbraAcccountExtraObjectClass posixAccount
zmprov mcf -zimbraAccountExtraObjectClass sambaSamAccount
  • To remove the attributes from accounts that already have Samba and Posix attributes, you need to run the following set of commands:
zmprov ma user -objectClass posixAccount -uidNumber XXXXX -gidNumber XXXXX -homeDirectory /home/user -loginShell /bin/whatever
zmprov ma user -objectClass sambaSamAccount -sambaSID S-X-X-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXX-XXXXX -sambaAcctFlags [UX] -sambaDomainName SAMBA.DOMAIN.COM -sambaNTPassword sAmBaNTHaSh -sambaLMPassword sAmBaLMHaSh
  Note: These values can be found by running the 'zmprov ga user' command on the Zimbra server and browsing/grep'ing the output.


  • This script automatically cleans the user list from POSIX attributes
#!/bin/sh
# this script removes all the posix attributes from zimbra userlist
# run me as zimbra user
# Works for me, hope this helps folks! Quentin Bierent
for i in $(zmprov gaa);
do echo -e "\ncleaning user account : $i"
posixAccount=$(zmprov ga $i | grep posixAccount | sed 's/objectClass:\ //')
echo "posixAccount=$posixAccount"
uidNumber=$(zmprov ga $i | grep uidNumber | sed 's/uidNumber:\ //')
echo "uidNumber=$uidNumber"
gidNumber=$(zmprov ga $i | grep gidNumber | sed 's/gidNumber:\ //')
echo "gidNumber=$gidNumber"
homeDirectory=$(zmprov ga $i | grep homeDirectory | sed 's/homeDirectory:\ //')
echo "homeDirectory=$homeDirectory"
loginShell=$(zmprov ga $i | grep loginShell | sed 's/loginShell:\ //')
echo "loginShell=$loginShell"
#####
zmprov ma $i -objectClass posixAccount -uidNumber $uidNumber -gidNumber $gidNumber -homeDirectory "$homeDirectory" -loginShell "$loginShell"
#####
sambaSamAccount=$(zmprov ga $i | grep sambaSamAccount | sed 's/obectclass:\ //')
echo "sambaSamAccount=$sambaSamAccount"
sambaSID=$(zmprov ga $i | grep sambaSID | sed 's/sambaSID:\ //')
echo "sambaSID=$sambaSID"
sambaAcctFlags=$(zmprov ga $i | grep sambaAcctFlags | sed 's/sambaAcctFlags:\ //')
echo "sambaAcctFlags=$sambaAcctFlags"
sambaDomainName=$(zmprov ga $i | grep sambaDomainName | sed 's/sambaDomainName:\ //')
echo "sambaDomainName=$sambaDomainName"
sambaNTPassword=$(zmprov ga $i | grep sambaNTPassword | sed 's/sambaNTPassword:\ //')
echo "sambaNTPassword=$sambaNTPassword"
sambaLMPassword=$(zmprov ga $i | grep sambaLMPassword | sed 's/sambaLMPassword:\ //')
echo "sambaLMPassword=$sambaLMPassword"
#####
zmprov ma $i -objectClass sambaSamAccount -sambaSID "$sambaSID" -sambaAcctFlags "$sambaAcctFlags" -sambaDomainName "$sambaDomainName" -sambaNTPassword "$sambaNTPassword" -sambaLMPassword "$sambaLMPassword"
#####
done


  • the users password change may still be blocked by unkwown attribute, those commands helped to pinpoint the problem
$ zmprov gacf | grep samba
zimbraPasswordChangeListener: sambapassword
$ zmprov mcf -zimbraPasswordChangeListener sambapassword


  • Edit the /opt/zimbra/conf/slapd.conf.in file and remove the following indexes:
#indexes for PAM
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
#indexes for Samba
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
  • Remove the GAL/Posix access entries:
# only allow access to these attrs basically GAL/Postfix related attrs
access to dn.subtree="ou=people,dc=gregzimbra1,dc=zimbra,dc=com"
       by dn.children="cn=admins,cn=zimbra" write
       by * read
access to dn.subtree="ou=groups,dc=gregzimbra1,dc=zimbra,dc=com"
       by dn.children="cn=admins,cn=zimbra" write
       by * read
 Note: As an alternative to the past two steps, you can just substitute a non-modified Zimbra slapd.conf.in file.
  • Once this is done, you're almost out of the woods, but this last step is very, very important. You MUST run slapindex to update the indexes in your Zimbra LDAP database, or you run the risk of having segfault/protection errors that crash the slapd process. So far, this has mostly been observed using Zimbra Network Edition running on Ubuntu 8.04 Server LTS. The exact command is '/opt/zimbra/openldap-2.3.43.10z/sbin/slapindex'. The command will probably throw you an error message about "loglevel". Open the referenced slapd file and temporarily change the log-level to an actual number (49152 is what I usually set it to). Then revert that change after slapindex has run. Start Zimbra again via 'zmcontrol start' and watch the processes for about 30 minutes to make sure nothing is amiss. If you get slapd errors, run slapindex again, it's usually the cause of the problem.
  • Do another full backup of your Zimbra server.
Verified Against: Ubuntu 8.04 LTS 64-bit edition running Zimbra 5.0.18 Network Edition Date Created: 9/2/2009
Article ID: https://wiki.zimbra.com/index.php?title=Uninstall_Instructions_for_Unix_and_Windows_Account_Management_in_Admin_UI Date Modified: 2015-07-13



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search