Omldapsync and groups - please help

[netpenthe]

I have my users syncing from an OpenLDAP server fine, but I can't get my groups synced up.

The groups appear in the SAC but without the little envelope icon and no members are in the group.

What I have done:
The CN for the user is "John Smith" (and this is searchable using: 'omldapsearch "cn=John Smith"'). I added "John Smith" as a 'memberUid' of the group and set 'memberUid' in the sync script:

Code: Select all

IM_MV_ATTR=objectClass INTERNET-ADDR memberUid
memberUid|omMemberForeignAddr|*|*
EX_ATTR=memberUid exScalixObject .. (etc)

I also added some attributes to the group in my external LDAP:

Code: Select all

exScalixObject: TRUE
exScalixMailnode: mynode,mydomain
objectClass: exScalixClass
mail: mygroup@mydomain.com

The error i get is:

Code: Select all

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddMembersToGroup</FunctionName>
            <AddMembersToGroupParameters id="0d7e69f8-fa27-1027-8727-f9206aabeaaf">
                <member fa="John Smith, o=Scalix"/>
            </AddMembersToGroupParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Failed to obtain CN, MailNode for all the members in the Request SOAP Document from LDAP server scalix1.mydomain.com</message>
                    <errorcode>UM-1019</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

-----
Oh just to add a little more info, in caa.log i get:

Code: Select all

"2006-07-24 22:26:13,320 ERROR [AddDeleteGroupMembersHelper.buildRequestMessage:203] AddMembersToGroup: No CN, MailNode in LDAP server scalix.mydomain.com:Skipping Member with filter (omForeignAddr=John Smith, o=Scalix)"

Any help would be most appreciated, we're trying to get this into production this week!

Cheers

J

[netpenthe]

I've been looking at this for the last three hours.

I'm thinking maybe its because in the sync script it is called omMemberForeignAddr but the error in caa.log it complains:
"ERROR [AddDeleteGroupMembersHelper.buildRequestMessage:203] AddMembersToGroup: No CN, MailNode in LDAP server scalix.mydomain.com:Skipping Member with filter (omForeignAddr=John Smith)"

As you can see this complains about 'omForeignAddr' NOT 'omMemberForeignAddr', have these names changed at some point?

In any case changing omMemberForeignAddr to omForeignAddr doesn't fix it..it stops the error in 'caa.log' but users still don't appear groups.

[ScalixSupport]

Hi,

Please see the following post.

http://www.scalix.com/community/viewtopic.php?t=1302

Cheers,
Yuri

[netpenthe]

Thanks for the reply, its much appreciated. I actually saw that thread but don't think this is the same problem. I have added the 'mailnode' attribute the the group, which can be seen in the message:

Code: Select all

  <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddGroup</FunctionName>
            <AddGroupParameters>
                <user type="MAIL"/>
                <mailNode name="scalix1,mynode"/>
                <userAttributes>
                    <entity name="FOREIGN-ADDR" value="cn=is-mygroup,ou=Groups,dc=mydomain,dc=com"/>
                    <entity name="S" value="is-mygroup"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="0d7e69f8-fa27-1027-8727-f9206aabeaaf"/>
                    <entity name="ENTRY-DESC" value="My Group Only"/>
                    <entity name="CN" value="My Group Only"/>
                    <entity name="INTERNET-ADDR" value="is-mygroup@scalix.mydomain.com"/>
                    <entity name="omForeignAddr" value="John Smith"/>
                </userAttributes>
            </AddGroupParameters>
        </scalix-caa:CAARequestMessage

In the Scalix LDAP i get:

Code: Select all

objectClass=top
objectClass=distributionList
objectClass=mhsDistributionList
objectClass=scalixDistributionList
mhsORAddresses=S=is-mygroup/OU1=scalix/OU2=mydomain/CN=myowncn
omInternetAddr=is-groupname@scalix.mydomain.com
mail=is-mygroup@scalix.mydomain.com
rfc822Mailbox=is-mydomain@scalix.mydomain.com
omAddress=is-mydomain /scalix,mynode/CN=myowncn
omMailnode=scalix,mynode
omCn=Information Services: mygroup
omForeignAddr=cn=is-mygroup,ou=Groups,dc=mydomain,dc=com
omGlobalUniqueId=0d7e69f8-fa27-1027-8727-f9206aabeaaf
omLocalUniqueId=12608


[netpenthe]

any ideas on what could be wrong here? I've tried many things throughout today, but it still doesn't want to add the user to the group and the groupp icon remains without the little envelope on it.

:( :(

[netpenthe]

i worked it out after about 5+hours on it :)

i'll post what i did once i've cleaned it up a bit.

j

[kurtbe]

Can you give any hints? I have exactly the sambe problem

[kurtbe]

Ok, I got it:

my member entry looks like this in openldap:

uid=ttest,ou=Users,dc=bendlin,dc=biz

scalix wants the member attribute in this form:

uid\=ttest,ou\=Users,dc\=bendlin,dc\=biz

so I modified my sync.cfg to

member|omMemberForeignAddr|*|!REPLACE=\075|\134\075

this way every = will be replaced to \= and the user is added to the group.
One thing I noticed:

A User which is added to scalix and not via sync will receive the "Failed to obtain CN, MailNode for all the members in the Request SOAP Document..." error, even if I add him in the openldap with variations like

cn=cmoss,o=Scalix,dc=domain,dc=biz (remove)

looks for me like native user does not have the FOREIGN-ADDR Attribut which synced users do.

hth, Kurt

[hughesjr]

PLEASE, PLEASE, PLEASE .... post the answer to this
---------------------------------
EDIT
My working solution is at the below link
---------------------------------
Also, see this thread:
http://www.scalix.com/community/viewtopic.php?t=5405

[kurtbe]

wow, good job done. Aside this, is scalix 11 working smoothy on your CentOS?

[hughesjr]

My setup is still in development / testing for the people who want collaboration to look at, so it is not seeing a huge volume of mail traffic right now.

I setup mailwasher, clamav, authentication against our openldap server, syncing of users and groups from openldap (our samba domain controllers use openldap) to scalix, installed an openldap with smbk5pwd so ldap/windows/unix passwords stay in sync, and a backup script that does snapshots.

The server has had no issues at all (though it has only been 2 weeks ... and I restarted after the 11 GA release).

I have also been working with Tom Pohl to get working LDAP-Account-Manager modules for adding users and groups. (Tom did the module, I tested and tweaked only a bit). Tom is still working on this, but I am sure we will post these somewhere ... probably LAM will include them when completed.

So far, the webmail via SWA seems rock solid stable.

I have had some issues when adjusting permissions in public folders using outlook 2003 with outlook crashing. Thus far, the crashing outlook via the connector is the only issue I have had.

I am just getting ready to start forwarding all my e-mail to this machine and see what happens.

[maurerhjm]

Hi

in the message above you were talking about a lam module for scalix.
Do you have any news, where it can be accessed.

I downloaded lam cvs, but did not find any reference.

Greetings

Hansjorrg

[netpenthe]

i got this working then worked out that groups can't be used for setting permissions for folders etc

(we wanted to be able to use groups to control access to things for Premium Users).

Grooups can only be used for mailing lists i think...

(this was in Scalix 10, don't know if its different now)..