samba - Sep 2016 - upgrading to 4.4+

hi

im still running zarafa Product version:        7,2,1,51838

and when i ran the dbcheck i couldn't authenticate against ldap from zarafa
webapp

i'll try to upgrade to the latest samba and rerun again and see if it breaks
it.

Thanks for sharing your experience.



Samba - General mailing list wrote
> Hai, 
> 
> You can fix it, i did it here for my zarafa 7.2.3. after upgrading to
> samba 4.4.3. 
> 
> Im running now with samba 4.4.5 , samba, my own packages,
> backported from debian strectch. 
> Found here http://downloads.van-belle.nl/samba4
> Please do read the readme.txt 
> 
> And im now looking into zarafa 7.2.4, i upgraded zarafa already,
> now checking for schema changes. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:
> samba-bounces at .samba
> ] Namens yabko via samba
>> Verzonden: dinsdag 9 augustus 2016 15:43
>> Aan: 
> samba at .samba
>> Onderwerp: [Samba] upgrading to 4.4+
>> 
>> im currently on
>> Version 4.3.6
>> 
>> when i tried to upgrade to 4.4.0 i did the usual upgrade procedure but
>> when
>> it came to samba-tool dbcheck it said it needed to fix some of my
ZARAFA
>> extended schema attributes. Can I skip this step since it broke my
>> install
>> and i had to restore the backup ?
>> 
>> Also if i want to bring my install current can i got to from 4.3.6 to
>> 4.4.5
>> and then to 4.5.x or can i got directly to 4.5.x ?
>> 
>> Thanks
>> 
>> 
>> 
>> --
>> View this message in context:
>> http://samba.2283325.n4.nabble.com/upgrading-to-4-4-tp4706380.html
>> Sent from the Samba - General mailing list archive at Nabble.com.
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




--
View this message in context:
http://samba.2283325.n4.nabble.com/upgrading-to-4-4-tp4706380p4706387.html
Sent from the Samba - General mailing list archive at Nabble.com.

just to follow up i tried to upgrade again to 4.4.5 and run the dbcheck with
--fix flag and it makes changes to zarafa extended schema attributes which
breaks zarafa ldap integration (getting messages that it can't activate ldap
plugin)

my samba is compiled if that makes any difference

also found similar issue here

http://samba.2283325.n4.nabble.com/Previously-extended-schema-not-working-in-4-4-0-td4700868.html

ill give it another try with either the patch there or wait until 4.5.0 is
out



--
View this message in context:
http://samba.2283325.n4.nabble.com/upgrading-to-4-4-tp4706380p4706450.html
Sent from the Samba - General mailing list archive at Nabble.com.

>getting messages that it can't activate ldap plugin
I dont see that here. And ldap works fine. 

Can you post the message you get at the dbfix 
Or any other errors you see, these are most helpfull.
I fixed my db also and it all still works fine. 
But if you can show how you see your errors i'll check that agains my env. 
But untill now is dont have any problems, but maybe is missed something. 


Few pointers of my setup.
I used th 7.2.1 extentios (zarafaads.exe ) since thats still the latest. 
Imported these with this tool.
https://community.zarafa.com/pg/plugins/project/9588/developer/tdeklein/samba4-ad-integration-for-zarafa

and yes few things like mobile support are missing but you can add this in the
server.cfg.

im now running samba 4.4.5 (packages from debian recompiled) with zarafa 7.2.1
extentions on debian Jessie.
Mail server is running zarafa 7.2.4 /postfix and very thing over ldapS. 

my setup 

cat server.cfg | grep user_plugin
user_plugin             = ldap
user_plugin_config      = /etc/zarafa/ldap.cfg

I used the : ldap.active-directory.cfg config copied that to ldap.cfg
some of my ldap.cfg 

ldap_host ldap_port = 636 
ldap_protocol = ldaps
ldap_uri = ldaps://dc1.internal.domain.tld ldaps://dc2.internal.domain.tld 

ldap_bind_user = CN=SPECIAL_USERSHERE,OU=Service-Accounts,OU=MYCOMPANY
ldap_bind_passwd = mysecretpassword. 
ldap_search_base = OU=MYCOMPANY

# i limit search to only zarafaAddount enabled users. 
ldap_user_search_filter = (objectCategory=Person)(zarafaAccount=1) 
..
etc .. if you need mor just ask. 

Most important here, i have a correct ssl setup, internal side my own
certificates,

cat /etc/ldap/ldap.conf
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow 

My root cert is in /etc/ssl/certs/ca-certificates.crt 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens yabko via samba
> Verzonden: woensdag 10 augustus 2016 9:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] upgrading to 4.4+
> 
> just to follow up i tried to upgrade again to 4.4.5 and run the dbcheck
> with
> --fix flag and it makes changes to zarafa extended schema attributes which
> breaks zarafa ldap integration (getting messages that it can't activate
> ldap
> plugin)
> 
> my samba is compiled if that makes any difference
> 
> also found similar issue here
> 
> http://samba.2283325.n4.nabble.com/Previously-extended-schema-not-working-
> in-4-4-0-td4700868.html
> 
> ill give it another try with either the patch there or wait until 4.5.0 is
> out
> 
> 
> 
> --
> View this message in context:
> http://samba.2283325.n4.nabble.com/upgrading-to-4-4-tp4706380p4706450.html
> Sent from the Samba - General mailing list archive at Nabble.com.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

hi bringing this thread back to life

i waited to ugprade to 4.5.0

and after installing it i get a lot the same errors for users and computers
objects when runnung

samba-tool dbcheck --cross-ncs

Checked 4744 objects (4909 errors)

ERROR: unsorted attributeID values in replPropertyMetaData on
CN=50LPT01,OU=Computers,OU=50,OU=MAINOU,DC=DOMAIN,DC=MY
Not fixing replPropertyMetaData on
CN=50LPT01,OU=Computers,OU=50,OU=MAINOU,DC=DOMAIN,DC=MY


CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY: 0x00000000
ERROR: incorrect attributeID values in replPropertyMetaData on
CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY

Not fixing incorrect value 0x002a0001 with 0x97b17421 for zarafaAdmin in
replPropertyMetaData on CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY

and there's lots of them

after applying the --fix

rerunning the command gives

Checked 4744 objects (315 errors)

and another check shows that 

unable to find object for DN CN=USER2,OU=Users,OU=1968 205
OB,OU=MAINOU,DC=DOMAIN,DC=MY - (No such Base DN: CN=USER2,OU=Users,OU=1968
205 OB,OU=MAINOU,DC=DOMAIN,DC=MY)
Not removing dangling forward link

and the --fix flag won't remove those links

and also after the initial fix i cannot authenticate to zarafa, so some
properties are broken that worked prior to upgrading, my zarafa config looks
similiar to yours. and the most strange thing is that it worked prior to
upgrading.









--
View this message in context:
http://samba.2283325.n4.nabble.com/upgrading-to-4-4-tp4706380p4708029.html
Sent from the Samba - General mailing list archive at Nabble.com.