Vanilla config, no packages or customization’s have been installed.
*Using LDAP intergration with MSAD domain
Elasticsearch 7.17.15
mariaDB 10.3.39
Looking for best practice and suggestions for upgrading Zammad Alpha to newest Stable version on production machine. Also which items should be upgraded in what order from the list above?
Sweet! So no particular order of operations is better? Zammad upgrade then DB then Elasticsearch, Debian… I’m trying hard not to Bork my installation during the upgrade
Unless you have anything else in your Elasticsearch (e.g. Kibana) doesn’t matter if it’s just data from Zammad. You can always just “reimport” the data via Zammad rebuild.
Converting to PostgreSQL has just a “lower” version limit, so your current version needs to be higher. That’s technically all.
Well, it all when swimmingly with a successful PostgreSQL migration. Except no one can logon to the web interface anymore using their MS AD creds. I’ve found even before starting the upgrade that Zammad would ‘loose’ the AD channel at times. I’d also ways have a logged on Admin so was able to just restarting Zammad from terminal which seemed to fix the AD connection.
I’ve looked at Rails Setting.get(‘http_type’) and its set to http. Storage provider is set to file.
I can’t get in with the Debian user account either.
Further, If I try a few times, we get the CSRF token verification failed message.
If I try User.find_by(email: ) i can find my account and all the information. Everything is there. But for reasons still unknown I can not pass that information through to GUI.
I’ll try to see if the postgreSQL is somehow not connected.
After logon with a local Admin account, we could see that he LDAP config had been wiped out during the upgrade process. Recreating this and everything sync’d up again nicely.
One gotha was using a admin account that was giving us some false results due to the account being ‘locked out’ in Zammad.
To the developers: It would be nice to ‘Account locked out’ message forwarded to the logon page rather than a generic “Check your credentials” followed by the CSRF Token failed message on an second attempt.
That is not possible as this would allow attackers or bad guys to find out if the account they’re trying actually exists. This is a security thing I’m afraid.