I tried forcing the umask via sudoers as such:
02_zimbra-ldap:
Defaults!/opt/zimbra/libexec/zmslapd umask_override,umask=XXXX
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
But it wouldnt play ball
Messing with chmod g+w /opt/zimbra/data/ldap/state/run/ldapi
in /opt/zimbra/bin/ldap fails as the zimbra user doesnt have permission
I need to do 'zmcontrol start' twice to get zimbra up
Re: I need to do 'zmcontrol start' twice to get zimbra up
messing with checkListening() just confirms that the zimbra user doesnt have permission on the socket
Re: I need to do 'zmcontrol start' twice to get zimbra up
the /opt/zimbra/bin/ldap sudo'ing to zimbra seems somewhat pointless, as /etc/init.d/zimbra is using sudo to call zmcontrol, which itself insists on being zimbra
/opt/zimbra/libexec/zmslapd is a shell script. messing with umask in there doesnt impact either
/opt/zimbra/libexec/zmslapd is a shell script. messing with umask in there doesnt impact either
Re: I need to do 'zmcontrol start' twice to get zimbra up
Ive spent enough time on it this evening. A combination of the above also doesnt work, but perhaps there is enough information there for someone else to nail it.
Something has to force slapd to g+w the ldapi socket
Something has to force slapd to g+w the ldapi socket
Re: I need to do 'zmcontrol start' twice to get zimbra up
Upgrading ubuntu didnt help at all
Re: I need to do 'zmcontrol start' twice to get zimbra up
A fresh install of u16 works correctly.
A strack trace of both openldaps shows they are actually doing the same thing:
umask(0) = 022
bind(7, {sa_family=AF_LOCAL, sun_path="/opt/zimbra/data/ldap/state/run/ldapi"}, 110) = 0
umask(022)
umask(0) = 022
bind(7, {sa_family=AF_LOCAL, sun_path="/opt/zimbra/data/ldap/state/run/ldapi"}, 110) = 0
umask(022)
It must be something in ubuntu
A strack trace of both openldaps shows they are actually doing the same thing:
umask(0) = 022
bind(7, {sa_family=AF_LOCAL, sun_path="/opt/zimbra/data/ldap/state/run/ldapi"}, 110) = 0
umask(022)
umask(0) = 022
bind(7, {sa_family=AF_LOCAL, sun_path="/opt/zimbra/data/ldap/state/run/ldapi"}, 110) = 0
umask(022)
It must be something in ubuntu
Re: I need to do 'zmcontrol start' twice to get zimbra up
Found it, it seems the upgraded ubuntu is full of acls.
fix with: setfacl -b /opt/zimbra/data/ldap/state/run
Code: Select all
# getfacl /opt/zimbra/data/ldap
getfacl: Removing leading '/' from absolute path names
# file: opt/zimbra/data/ldap
# owner: zimbra
# group: zimbra
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
Code: Select all
# getfacl /opt/zimbra/data/ldap/state/run
getfacl: Removing leading '/' from absolute path names
# file: opt/zimbra/data/ldap/state/run
# owner: zimbra
# group: zimbra
user::rwx
group::r-x
other::r-x