Bugzilla – Bug 215
zExtras suite overwriting Zimbra patch code in Zimbra 8.6.0
Last modified: 2016-12-29 14:07:24 CET
Hi ZeXtras team,
We've had a customer run into an issue where delegate admins aren't able to delete users on different mailbox servers. This issue was resolved in 8.6.0 patch 4 (https://bugzilla.zimbra.com/show_bug.cgi?id=96254) and therefore escalated to our engineering team. After investigation, the engineer on the case determined that the ZeXtras suite is overwriting patch code on Zimbra 8.6.0, rendering the patched fix impotent.
At this point in time, we are unaware of any other functionality that may be affected in a similar manner. In the meantime, will ZeXtras engineers take a look at the patch and determine the necessary fix for this issue?
Zimbra Product Manager, Synacor
reproduced in zimbra 8.7 multistore
When creating a new delegated administrator the domain cache is not synchronized on other mailboxes leading to:
"zmprov flushCache domain acl" fix the issue.
We will add an automatic flush cache after creating or editing delegated administrators permissions.
Does it fix your issue, or do you have a different one?
We've found another issue which is probably the one you were referring to, defendsAgainstDelegateAdminAccountHarvesting() is not implemented in ZAL  returning always false which leads to PERM_DENIED if the loginAs right is missing from the delegated administrator.
As a temporary workaround you can add loginAs right, the fix will be available in the next release 2.4.3, scheduled for early next week.
fixed in 2.4.3
Copyright © 2017 ZeXtras, All rights reserved.
Zimbra is a trademark of Zimbra Software, LLC.
ActiveSync is a registered Trademark of Microsoft Corporation