no permission for XXXX
Hi, I am getting no permission error once i click on any mail. Right hand side top mail id is showing. Also i can not able to restore mail.
Please find mail log and attached screen shot.
maillog :
ldap query: base dn='', filter='(|(&(objectClass=zimbraAccount)(mail=10001@tcszim.com))(&(objectClass=zimbraDistributionList)(zimbraMailForwardingAddress=10001@tcszim.com)))', attr='', 1 hits
Apr 20 18:00:45 inzimm02 piler-webui[17209]: ldap auth against 'inziml01.tcszim.com', dn: 'uid=10001,ou=people,dc=tcszim,dc=com', result: 1
Apr 20 18:00:54 inzimm02 piler-webui[17207]: sphinx query: 'SELECT id FROM main1 WHERE MATCH('@to ') ORDER BY sent
DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 0 hits
Apr 20 18:00:54 inzimm02 piler-webui[17206]: sphinx query: 'SELECT id FROM main1 WHERE MATCH('@to & (@subject nitin) ') ORDER BY sent
DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 1 hits
Comments (30)
-
reporter -
reporter Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:66): avc: denied { getattr } for pid=26724 comm="pilerget" path="/var/piler/store/00/570/3d/ed/400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:67): avc: denied { read } for pid=26724 comm="pilerget" name="400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:68): avc: denied { open } for pid=26724 comm="pilerget" name="400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
-
repo owner Have you ever experienced this issue on this installation before? Also, describe what has changed to get this issue? Have enabled selinux? Was it disabled before?
-
reporter I was not able to login into web ULR due to selinux enabled so i disabled it
\sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
-
reporter just disabled only "Current mode: permissive"
-
repo owner Did disabling selinux improve the issue? Also I'd like to see your email settings on the top right menu of the gui. I suspect that you don't have any email address assigned to you by the gui.
-
reporter Can i disable selinux or not? Problem is that once I enable LDAP authentication with zimbra LDAP I can not able to login with admin@local. I can able to login with zimbra user only. With zimbra user I can not able to see other option in GUI. Only search option is showing in this.
-
repo owner You can disable selinux. Your setup must be messed. LDAP auth and local auth may coexists for sure. The latter is the last resort method.
-
reporter Can explain how to change it. I want both LADP and local auth. IS there any way? And how to resolve permission error which I am getting in GUI.
-
reporter I have create an auditor user through this user i can able to download and restore the mails.
-
repo owner It's enabled by default. Check the logs to see what happens when you try to login. Enable zimbra ldap, and any local user should be able to login, even admin@local.
-
reporter Hi now I am able to login with both LDAP and Local user ID. But i am getting "no permission for XXXX" if except to login with auditor user.
-
reporter Hi Jsuto plz update
-
repo owner I've just stumbled to a similar problem. Please perform the following sql queries:
select * from v_messages where id=7931; select * from metadata where id=7931;
-
reporter Hi, Please find output mysql> select * from v_messages where id=7931; select * from metadata where id=7931; Empty set (0.00 sec)
Empty set (0.00 sec)
-
repo owner OK, it seems that the email with id 7931 is a phantom entry in the sphinx table. You may try to delete it using mysql -h 127.0.0.1 -P 9306, then execute "delete from main1 where id=7931;"
-
repo owner Did you make it?
-
reporter sorry Jsuto I was on leave. i will run it today.
-
reporter Hi, Please find output "mysql> delete from main1 where id=7931; ERROR 1064 (42000): index 'main1' does not support DELETE (enabled=1)"
-
reporter mysql> SELECT * FROM main1; Empty set (0.00 sec)
mysql> SELECT * FROM main2; Empty set (0.00 sec)
mysql> SELECT * FROM main3; Empty set (0.00 sec)
mysql> SELECT * FROM main4; Empty set (0.00 sec)
-
reporter In GUI it is showing more then 50 mails but when i am searching it. Zero result came. sphinx query: 'SELECT id FROM main1 WHERE MATCH('(@subject test) ') ORDER BY
sent
DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 0 hits -
repo owner This is very odd. The sphinx query should search in main1,dailydelta1,delta1 indices. Why you search in main1 only (according to your logged query)? Also it's very odd to have empty main1-4 indices? What's the size of main* files in /var/piler/sphinx?
-
reporter [root@inzimm02 sphinx]# du -kh 188K . [root@inzimm02 sphinx]# pwd /var/piler/sphinx
-
repo owner It looks pretty / almost empty. How many emails did you archive?
-
reporter Processed emails 1 (24 hours) 11 (1 week) 22 (30 days) Message Disposition received messages 38
-
reporter it is in test evn. if you want to recreate data will create it
-
repo owner Sigh. Where do you have the problem "no permission"? Because 7931 means you have at least that many emails. So I'm confused what your issue is.
-
reporter can i create new database.
-
repo owner You can do whatever you want. Anyway I'm marking this issue closed. If you experience a problem (not in the test env, rather in the production env), then create a new issue.
-
repo owner - changed status to closed
- Log in to comment
$config['ENABLE_LDAP_AUTH'] = 1; $config['LDAP_HOST'] = 'inziml01.tcszim.com'; $config['LDAP_HELPER_DN'] = 'uid=zimbra,cn=admins,cn=zimbra'; $config['LDAP_HELPER_PASSWORD'] = 'XXXXXXX'; $config['LDAP_MAIL_ATTR'] = 'mail'; $config['LDAP_ACCOUNT_OBJECTCLASS'] = 'zimbraAccount'; $config['LDAP_BASE_DN'] = ''; $config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList'; $config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress';