Tuesday, February 10, 2009

Zimbra 5.0.13 and Samba

Zimbra have released version 5.0.13. I figured this was a good excuse to set up a test Zimbra server and try and get Samba set up to authenticate via Zimbra, rather than our current method (a separate LDAP server) at work. So to do this I'm setting up a VM running Ubuntu Server 8.04.2 (supported by Zimbra) on which I'll install ZCS 5.0.13, and a VM running Debian Etch and Samba. I'll be using the instructions from the Zimbra wiki for most of this.

My original thought was to set this up using a backup of our existing Zimbra configuration. However, I think that might overcomplicate things. For the time being, I'll just set it up as an entirely new installation, and once I have that going, I'll try getting a configuration set up from our existing setup.

So, to begin with, there's the Ubuntu VM. 64-bit virtual processor, 4G of RAM, 40G of hard disk. I expect that will be plenty of space. I'll install ZCS 5.0.13 via the quick install guide. Next, I'll install the "zimbra_posixaccount" and "zimbra_samba" extensions. However, rather than download the zip files to my desktop, unpack them, modify them, then upload them back to the server, I'll just unpack them and modify them on the server (in /root). Thus in /root/zimbra_posixaccount/config_template.xml, I'll set the ldapSuffix property to "dc=zcstest,dc=company,dc=com". The uidBase and gidBase properties are both set to 10000, which should be fine for my purposes. I'll then zip up all the files in /root/zimbra_posixaccount (excluding the directory itself) into /root/zimbra_posixaccount_company.zip. Similarly, I'll unpack /opt/zimbra/zimlets-admin-extra/zimbra_samba.zip into /root/zimbra_samba, modify config_template.xml the same way I did for zimbra_posixaccount, then pack up the files into /root/zimbra_samba.zip.

Now that I have the extensions configured, it's time to install them. I go to https://zcstest.company.com:7071/ (example URL only) and log in as "admin" with the admin password I set during installation. Interestingly enough, it tells me that my trial license expired 596 days ago. I'm not sure what to make of that, but that's a problem for another time. In the Zimbra Administration UI, I select "Admin Extensions" under "Configuration", then hit "Deploy" near the top of the window. And discover why the instructions said to do the file modifications on your desktop, as the "Deploy" dialog looks for a zip file on the user's desktop. Oops. No matter, though. I'll just copy the files off the server and upload them... no, that won't work either. I attempted to deploy "zimbra_posixaccount_company.zip", and got a message: "Failed to deploy the zimlet!". Ah, I see the problem. The name of the zip file is important. Renaming "zimbra_posixaccount_company.zip" to "zimbra_posixaccount.zip" did the trick. I'll deploy "zimbra_samba" similarly, and reload Zimbra Admin (i.e. hit the "refresh" button in my browser). This gives me two error dialogs:

Warning! Failed to create ou=groups,dc=zcstest,dc=stdbev,dc=com for Samba groups!
Warning! Failed to create ou=machines,dc=zcstest,dc=stdbev,dc=com for Samba machine accounts!

Perhaps this has something to do with my expired license file. I found another license file that's valid until August of this year; perhaps that will do the trick... no. Looking at the installation guide again, I see this bug. Per the bug report, I'll modify /opt/zimbra/bin/amavisdctl... no, that's not it. The file already contains the necessary LD_LIBRARY_PATH setting, which is to be expected, I suppose. The relevant error in /opt/zimbra/log/mailbox.log:


javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'dc=zcstest,dc=company,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at com.zimbra.cs.account.ldap.ZimbraLdapContext.searchDir(ZimbraLdapContext.java:551)
at com.zimbra.ldaputils.GetLDAPEntries.searchObjects(GetLDAPEntries.java:188)
at com.zimbra.ldaputils.GetLDAPEntries.searchObjects(GetLDAPEntries.java:138)
at com.zimbra.ldaputils.GetLDAPEntries.handle(GetLDAPEntries.java:87)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:429)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:286)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:160)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:269)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:350)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)


Just for fun, I'll snapshot the VM, uninstall the system libldap, and see where that gets me. It's a test machine, after all.

(time passes)

No, that didn't do a thing. Time to restore the snapshot and consult the Zimbra forums.

EDIT I found out my problem. My server name was "zcstest.company.corp", but I set the LDAP suffix to "dc=zcstest,dc=company,dc=com". So I had the wrong LDAP suffix. Oops.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)