Hello all.
After update my zimbra OSE installation to Zimbra 8.8.15_GA_4303 (build 20220612004933)
I lost ability to run zmprov from linux user Zimbra
[zimbra@mail vbm]$ zmprov
ERROR: service.PERM_DENIED (permission denied: Error in Authentication)
Though I can use zmprov if use mail admin credeintials with keys -a -p
If anyone knows can I add local linux user to mail admins now?
Or is it bug in my installation or security improvement?
Thank you
Linux user zimbra lost rights in zmprov
Re: Linux user zimbra lost rights in zmprov
Hello. Have you managed to solve this problem?
Re: Linux user zimbra lost rights in zmprov
I am having the same problem and I can't solve it. Has anyone figured out what should be done?
Re: Linux user zimbra lost rights in zmprov
I may have found the problem, but still don't know how to properly fix it.
When I ran the zmlocalconfig -s command, I saw the following output:
zimbra_ldap_user = zimbra
zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
Then I did a ldap search: ldapsearch -D "uid=zimbra,cn=admins,cn=zimbra" -w YOURPASSWORD -H ldaps://YOURDOMAIN -b "uid=zimbra,cn=admins,cn=zimbra". The output (shown bellow) shows that my zimbra master admin account is locked. However, I don't know how to unlock an account that doesn't belong to my domain.
# zimbra, admins, zimbra
dn: uid=zimbra,cn=admins,cn=zimbra
uid: zimbra
objectClass: zimbraAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: zimbra
sn: zimbra
zimbraIsAdminAccount: TRUE
zimbraIsSystemResource: TRUE
zimbraId: e0fafd89-1360-11d9-8661-000a95d98ef2
description: The master zimbra admin account
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
zimbraLastLogonTimestamp: xxxxxxxxxxxxxxx
zimbraAccountStatus: lockout
zimbraMailStatus: enabled
Does anyone know how to unlock the uid=zimbra,cn=admins,cn=zimbra account?
When I ran the zmlocalconfig -s command, I saw the following output:
zimbra_ldap_user = zimbra
zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
Then I did a ldap search: ldapsearch -D "uid=zimbra,cn=admins,cn=zimbra" -w YOURPASSWORD -H ldaps://YOURDOMAIN -b "uid=zimbra,cn=admins,cn=zimbra". The output (shown bellow) shows that my zimbra master admin account is locked. However, I don't know how to unlock an account that doesn't belong to my domain.
# zimbra, admins, zimbra
dn: uid=zimbra,cn=admins,cn=zimbra
uid: zimbra
objectClass: zimbraAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: zimbra
sn: zimbra
zimbraIsAdminAccount: TRUE
zimbraIsSystemResource: TRUE
zimbraId: e0fafd89-1360-11d9-8661-000a95d98ef2
description: The master zimbra admin account
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
zimbraLastLogonTimestamp: xxxxxxxxxxxxxxx
zimbraAccountStatus: lockout
zimbraMailStatus: enabled
Does anyone know how to unlock the uid=zimbra,cn=admins,cn=zimbra account?