no permission for XXXX

Issue #680 closed

nitin patil created an issue 2016-04-21

Hi, I am getting no permission error once i click on any mail. Right hand side top mail id is showing. Also i can not able to restore mail.

Please find mail log and attached screen shot.

maillog :

ldap query: base dn='', filter='(|(&(objectClass=zimbraAccount)(mail=10001@tcszim.com))(&(objectClass=zimbraDistributionList)(zimbraMailForwardingAddress=10001@tcszim.com)))', attr='', 1 hits Apr 20 18:00:45 inzimm02 piler-webui[17209]: ldap auth against 'inziml01.tcszim.com', dn: 'uid=10001,ou=people,dc=tcszim,dc=com', result: 1 Apr 20 18:00:54 inzimm02 piler-webui[17207]: sphinx query: 'SELECT id FROM main1 WHERE MATCH('@to ') ORDER BY sent DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 0 hits Apr 20 18:00:54 inzimm02 piler-webui[17206]: sphinx query: 'SELECT id FROM main1 WHERE MATCH('@to & (@subject nitin) ') ORDER BY sent DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 1 hits

piler.JPG

Comments (30)

nitin patil reporter
$config['ENABLE_LDAP_AUTH'] = 1; $config['LDAP_HOST'] = 'inziml01.tcszim.com'; $config['LDAP_HELPER_DN'] = 'uid=zimbra,cn=admins,cn=zimbra'; $config['LDAP_HELPER_PASSWORD'] = 'XXXXXXX'; $config['LDAP_MAIL_ATTR'] = 'mail'; $config['LDAP_ACCOUNT_OBJECTCLASS'] = 'zimbraAccount'; $config['LDAP_BASE_DN'] = ''; $config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList'; $config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress';
- 2016-04-21T04:34:04+00:00
nitin patil reporter
Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:66): avc: denied { getattr } for pid=26724 comm="pilerget" path="/var/piler/store/00/570/3d/ed/400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:67): avc: denied { read } for pid=26724 comm="pilerget" name="400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file Apr 21 11:22:59 inzimm02 kernel: type=1400 audit(1461217979.994:68): avc: denied { open } for pid=26724 comm="pilerget" name="400000005705f80e0b956694009178c23ded.m" dev=dm-4 ino=262511 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
- 2016-04-21T05:54:49+00:00
Janos SUTO repo owner
Have you ever experienced this issue on this installation before? Also, describe what has changed to get this issue? Have enabled selinux? Was it disabled before?
- 2016-04-21T07:06:53+00:00
nitin patil reporter
I was not able to login into web ULR due to selinux enabled so i disabled it

\sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
- 2016-04-21T07:52:01+00:00
nitin patil reporter
just disabled only "Current mode: permissive"
- 2016-04-21T07:56:07+00:00
Janos SUTO repo owner
Did disabling selinux improve the issue? Also I'd like to see your email settings on the top right menu of the gui. I suspect that you don't have any email address assigned to you by the gui.
- 2016-04-21T10:08:11+00:00
nitin patil reporter
Can i disable selinux or not? Problem is that once I enable LDAP authentication with zimbra LDAP I can not able to login with admin@local. I can able to login with zimbra user only. With zimbra user I can not able to see other option in GUI. Only search option is showing in this.
- 2016-04-21T12:35:16+00:00
Janos SUTO repo owner
You can disable selinux. Your setup must be messed. LDAP auth and local auth may coexists for sure. The latter is the last resort method.
- 2016-04-21T13:54:39+00:00
nitin patil reporter
Can explain how to change it. I want both LADP and local auth. IS there any way? And how to resolve permission error which I am getting in GUI.
- 2016-04-22T03:50:11+00:00
nitin patil reporter
I have create an auditor user through this user i can able to download and restore the mails.
- 2016-04-22T05:24:15+00:00
Janos SUTO repo owner
It's enabled by default. Check the logs to see what happens when you try to login. Enable zimbra ldap, and any local user should be able to login, even admin@local.
- 2016-04-22T06:57:27+00:00
nitin patil reporter
Hi now I am able to login with both LDAP and Local user ID. But i am getting "no permission for XXXX" if except to login with auditor user.
- 2016-04-25T12:57:50+00:00
nitin patil reporter
Hi Jsuto plz update
- 2016-04-27T04:11:56+00:00
Janos SUTO repo owner
I've just stumbled to a similar problem. Please perform the following sql queries:

select * from v_messages where id=7931; select * from metadata where id=7931;
- 2016-04-27T06:49:33+00:00
nitin patil reporter
Hi, Please find output mysql> select * from v_messages where id=7931; select * from metadata where id=7931; Empty set (0.00 sec)

Empty set (0.00 sec)
- 2016-04-29T04:27:58+00:00
Janos SUTO repo owner
OK, it seems that the email with id 7931 is a phantom entry in the sphinx table. You may try to delete it using mysql -h 127.0.0.1 -P 9306, then execute "delete from main1 where id=7931;"
- 2016-04-29T06:51:51+00:00
Janos SUTO repo owner
Did you make it?
- 2016-05-03T20:03:14+00:00
nitin patil reporter
sorry Jsuto I was on leave. i will run it today.
- 2016-05-04T08:01:00+00:00
nitin patil reporter
Hi, Please find output "mysql> delete from main1 where id=7931; ERROR 1064 (42000): index 'main1' does not support DELETE (enabled=1)"
- 2016-05-05T06:01:55+00:00
nitin patil reporter
mysql> SELECT * FROM main1; Empty set (0.00 sec)

mysql> SELECT * FROM main2; Empty set (0.00 sec)

mysql> SELECT * FROM main3; Empty set (0.00 sec)

mysql> SELECT * FROM main4; Empty set (0.00 sec)
- 2016-05-05T06:39:33+00:00
nitin patil reporter
In GUI it is showing more then 50 mails but when i am searching it. Zero result came. sphinx query: 'SELECT id FROM main1 WHERE MATCH('(@subject test) ') ORDER BY sent DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 0 hits
- 2016-05-05T06:41:06+00:00
Janos SUTO repo owner
This is very odd. The sphinx query should search in main1,dailydelta1,delta1 indices. Why you search in main1 only (according to your logged query)? Also it's very odd to have empty main1-4 indices? What's the size of main* files in /var/piler/sphinx?
- 2016-05-05T07:01:04+00:00
nitin patil reporter
[root@inzimm02 sphinx]# du -kh 188K . [root@inzimm02 sphinx]# pwd /var/piler/sphinx
- 2016-05-05T07:02:46+00:00
Janos SUTO repo owner
It looks pretty / almost empty. How many emails did you archive?
- 2016-05-05T07:04:05+00:00
nitin patil reporter
Processed emails 1 (24 hours) 11 (1 week) 22 (30 days) Message Disposition received messages 38
- 2016-05-05T07:13:52+00:00
nitin patil reporter
it is in test evn. if you want to recreate data will create it
- 2016-05-05T07:16:02+00:00
Janos SUTO repo owner
Sigh. Where do you have the problem "no permission"? Because 7931 means you have at least that many emails. So I'm confused what your issue is.
- 2016-05-05T07:18:24+00:00
nitin patil reporter
can i create new database.
- 2016-05-05T07:22:34+00:00
Janos SUTO repo owner
You can do whatever you want. Anyway I'm marking this issue closed. If you experience a problem (not in the test env, rather in the production env), then create a new issue.
- 2016-05-05T07:44:09+00:00
Janos SUTO repo owner
- changed status to closed
- 2016-05-05T07:44:19+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: closed

Votes: 0

Watchers: 1