Usually this works without error, but I have run into a few instances where Global-Unique-ID is not being read for a particular user. The synclog shows the this value as being blank. I can look in eDirectory and the GUID attribute has an asigned value (ie... 'BqOlLS7U1BGaEw=='), but for some reason this in not being translated to Scalix. I usually correct this problem by recreating the user object in eDirectory. After doing so the sync will run properly.
Now however, I have run into a user object that will not import even after recreating it in eDirectory several times. In eDirectory I can create new users, alter existing users and have them import into scalix. This one user is simply refusing to import.
here is the sync error I'm receiving
Code: Select all
Enter CAA Password: error 1005: Entry must have a valid global unique id
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="sxadmin" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>AddUser</FunctionName>
<AddUserParameters>
<user type="MAIL"/>
<mailNode name="scalix"/>
<userAttributes>
<entity name="FOREIGN-ADDR" value="cn=xxxxxx,ou=xxxxxxxx,o=xx"/>
<entity name="UL-IL" value="english"/>
<entity name="UL-CLASS" value="full"/>
<entity name="CN" value="Test User"/>
<entity name="INTERNET-ADDR" value=""Test User"<tuser@mydomain1.org>"/>
<entity name="INTERNET-ADDR" value="tuser@mydomain2.org"/>
<entity name="GLOBAL-UNIQUE-ID" value=""/>
<entity name="G" value="Test"/>
<entity name="S" value="User"/>
<entity name="STREET-ADDRESS" value="123 Main Street"/>
<entity name="STATE-OR-PROVINCE" value="XX"/>
<entity name="POSTAL-CODE" value="XXXXX"/>
<entity name="PD-OFFICE-NAME" value="Any Where"/>
<entity name="MBOXADMIN" value="FALSE"/>
<entity name="ADMIN" value="FALSE"/>
</userAttributes>
</AddUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warnedAs you can see the Global-Unique-ID value is blank.
I can perform an ldapseach of the users object and the GUID is clearly assigned. However if I try using the command omldapsearch the GUID for that user returns blank.
Whats the difference between omldapsearch & ldapsearch? Any thoughts on why omldapsearch doesn't recognize the GUID.
Here is my sync.cfg if you need to look at it.
Code: Select all
##################################################################
#
# Scalix LDAP Directory Synchronization configuration
# NOTE: this file must be edited with care before use
# Interactively editable fields are controlled by the following:
EDIT_PROMPT=JAVA_HOME EX_HOST EX_LOGON EX_PASS IM_HOST IM_CAA_URL IM_CAA_KEYSTORE IM_CAA_NAME IM_CAA_PASS EX_BASE1 EX_BASE2 EX_BASE3 IM_OMADDRESS
# Sync agreement type - see omldapsync man page
TYPE_ID=13
# Sync agreement id - set by argument
SYNC_ID=sync01
# JAVA_HOME: home directory of java installation
# e.g. "/usr/java/j2sdk1.4.2_02"
JAVA_HOME=/usr/java/jre1.5.0_10
# The class path required by omldapagent java application (under
# /opt/scalix/svr/java/bin) is setup automatically by omldapsync to
# access dependent java libraries (under /opt/scalix/svr/java/lib)
##################################################################
#
# PART 1 General Configuration
##################################################################
# This section covers the settings required for tools to access
# both the remote and local systems for import or export.
# The general format is one or more line of <tag>=<value>
# Line starts with '#' is treated as comment
# When edited using omldaputil, do one of the followings:
# -presss <enter> to accept the default offered inside []
# -type in alternative <value> and press <enter>
# -do not quote the value with "" or ''
#
# PART 1.1 for IMPORT - remote host
##########################################
# EX_HOST: remote LDAP directory server name or IP address
# e.g. "remote_server.your_domain.com" or "192.168.1.216"
EX_HOST=xxx.xx.0.7
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Export Admin,cn=users,dc=your_org,dc=com"
EX_LOGON=cn=sxxxx,o=xx
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=xxxxx
#
# PART 1.2 for IMPORT - local host
#########################################
# IM_HOST: local Scalix directory server name
# must specify FQDN where internet and user group will be imported
# e.g. "local_server.your_domain.com"
IM_HOST=scalix.mydomain.org
# IM_PORT: LDAP server port number
# e.g. "389" is normally used
#<na>IM_PORT=389
# IM_LOGON: user that can search/delete/add/modify directory
# your Scalix administrator account is often used
# e.g. "Import Admin" for user with this common name
#<na>IM_LOGON=Import Admin
# IM_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
#<na>IM_PASS=
# IM_CAA_URL: Scalix CAA service url - must end with "/"
# e.g. "http://local_server.your_domain.com:8080/caa/"
IM_CAA_URL=http://scalix.mydomain.org/caa/
# IM_CAA_KEYSTORE: Scalix CAA service keystore for HTTPS only
# e.g "/var/opt/scalix/ldapsync/keystore"
IM_CAA_KEYSTORE=
# IM_CAA_ID: service login session-id
# e.g. "12345"
IM_CAA_ID=12345
# IM_CAA_NAME: service login auth-id, must have Scalix admin capability
# e.g. "user_name@your_domain.com"
IM_CAA_NAME=sxxxxx
# IM_CAA_PASS: service login password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
IM_CAA_PASS=xxxxx
# IM_DELETE_MAILBOX: whether sync of mailbox delete will be applied to Scalix
# NOTE: set to "FALSE" to keep the mailbox and handle the deletion manually
IM_DELETE_MAILBOX=FALSE
#
# PART 1.3 for IMPORT - ldap parameters
#######################################
# EX_SCALIX_ATTRS: list of resersed Scalix attributes in external directory
# to administer Scalix user/group from this remote master source
# e.g. "EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG ..."
EX_SCALIX_ATTRS=EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG EX_SCALIX_ADMIN SCALIXMAILBOXCLASS EX_SCALIX_MBOXADMIN
# EX_SCALIX_MAILBOX: name of attribute to specify whether Scalix object
# is required, yes if value is set to "TRUE"
# e.g. "exScalixObject"
EX_SCALIX_MAILBOX=exScalixObject
# SCALIXMAILBOXCLASS: name of attribute to specify whether the mailbox class
# should have full or limited features
# e.g. "scalixMailboxClass"
SCALIXMAILBOXCLASS=scalixMailboxClass
# EX_SCALIX_MAILNODE: name of attribute to specify which Scalix mailnode
# to add the mailbox, must use "<ou1>,<ou2>,<ou3>,<ou4>" format
# e.g. "exScalixMailnode"
EX_SCALIX_MAILNODE=exScalixMailnode
# EX_SCALIX_MSGLANG: name of attribute to specify which Scalix message
# catalog language to use for client, default to "C" if not set
# e.g. "exScalixMsglang"
EX_SCALIX_MSGLANG=exScalixMsglang
# EX_SCALIX_ADMIN: name of attribute to specify whether to give the user
# Scalix admin capability, yes if value is set to "TRUE"
# e.g. "exScalixAdmin"
EX_SCALIX_ADMIN=exScalixAdmin
# EX_SCALIX_MBOXADMIN: name of attribute to specify whether to give the user
# Scalix mailbox-admin capability, yes if value is set to "TRUE"
# e.g. "exScalixMboxadmin"
EX_SCALIX_MBOXADMIN=exScalixMboxadmin
# EX_ATTR: attributes to extract from remote system for import
# e.g. "member dn uid objectClass displayName sn givenname initials mail GUID cn <etc>"
EX_ATTR=exScalixObject exScalixMailnode exScalixMsglang exScalixAdmin exScalixMboxadmin scalixMailboxClass member dn uid objectClass displayName sn givenname initials mail GUID cn facsimileTelephoneNumber homephone street st telephoneNumber title co company departmentNumber description l mobile pager physicalDeliveryOfficeName postalCode
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1=o=BC
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# EX_FILTER: search filter to include/exclude entries to import
# e.g. "(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))"
EX_FILTER=(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))
# IM_DN_SUFFIX: set the dn suffix (location) for the imported entries
# NOTE: by default all rdns from the remote dn will be retained & encoded
# for maximum uniqueness. To only use the first <N> rdns for this, specify
# the argument in the format "<N>|<suffix>" instead of "<suffix>".
# e.g. "o=Scalix" for all rdns, or "2|o=Scalix" for first 2 rdns.
#<na>IM_DN_SUFFIX=2|o=Scalix
# IM_OMADDRESS: Scalix address where where entries are imported
# NOTE: this is a route which you configure for coexistence
# e.g. "/internet" or "internet"
IM_OMADDRESS=/internet
# IM_MV_ATTR: mapped attributes that can be imported with multi values
# e.g. "objectClass INTERNET-ADDR omMemberForeignAddr"
IM_MV_ATTR=objectClass INTERNET-ADDR omMemberForeignAddr
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "GUID"
EX_GUID=GUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. ""
LDAPCT_BIN_ATT=EX_GUID
# EX_PAGESIZE: use pagesize control extension to overcome search limit
# e.g. "100"
EX_PAGESIZE=1000
#
# PART 1.4 for EXPORT - ldap parameters
#######################################
# NOTE: export is not supported for this agreement type
#
# PART 2 Mapping Configuration
#################################################################
# WARNING: refer to documentation before editing the tables.
# This section defines the mappings required in order to map data
# between the remote and local LDAP systems for import or export.
# The general format is <lines of value> enclosed by markers.
# When edited using omldaputil, do one of the followings:
# -presss <enter> to accept the default offered inside []
# -type in alternative value and press <enter>
# -type in '-' to remove the line offered
# -type in '+<value> to insert it before current line
# For more details on all mapping rules see omldaputil man page.
#
# PART 2.1 for IMPORT - mapping table
#####################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in IM_MV_ATTR, only keep first instances
#####################################
# primary mapping table
IM_MAPPING_TABLE=
# scalix reserved attributes
exScalixObject|omMailbox|*|*
exScalixMailnode|omMailnode|*|*
scalixMailboxClass|UL-CLASS|*|*
exScalixMsglang|UL-IL|*|*
exScalixAdmin|ADMIN|*|*
exScalixMboxadmin|MBOXADMIN|*|*
# scalix object classes
objectClass|*|groupOfNames|distributionList
objectClass|*|inetOrgPerson|organizationalPerson
objectClass||*|#ignore others
# distinguished name
dn|*|*|*
# global unique id
GUID|GLOBAL-UNIQUE-ID|*|*
# common name
displayName|CN|*,1,64|*
# use cn for common name if displayName is missing
cn|CN|*,1,64!ISMISSING=displayName|*
cn||*|#suppress it otherwise
# initial
initials|I|*,1,5|*
# surname
sn|S|*,1,40|*
# use cn for surname if sn is missing
cn|S|*,1,40!ISMISSING=sn|*
# given name is mapped if surname is present
givenName|G|*,1,16!ISPRESENT=sn|*
givenName||*|#suppress it otherwise
# internet addresses
mail|INTERNET-ADDR|*,1,512|*
# no mapping for ALIAS
# the DN of the entry
dn|FOREIGN-ADDR|*,1,512|*
# the DN of the group members
member|omMemberForeignAddr|*|*
# authentication id
uid|UL-AUTHID|*|*
# informational attributes
facsimileTelephoneNumber|FAX|*,1,32|!CUSTOM=TO_PS_STR
homephone|HOME-PHONE|*,1,32|!CUSTOM=TO_PS_STR
street|STREET-ADDRESS|*,1,128|!REPLACE=\033J|\012
st|STATE-OR-PROVINCE|*,1,128|*
telephoneNumber|PHONE-1|*,1,32|!CUSTOM=TO_PS_STR
title|TITLE|*,1,128|*
co|CNTRY|*,1,2|*
company|EMPL-ORG|*,1,64|*
departmentNumber|EMPL-DEPT|*,1,32|*
description|ENTRY-DESC|*,1,1024|!REPLACE=\033J|\012
l|L|*,1,128|*
mobile|MOBILE-PHONE|*,1,32|!CUSTOM=TO_PS_STR
pager|PAGER-PHONE|*,1,32|!CUSTOM=TO_PS_STR
physicalDeliveryOfficeName|PD-OFFICE-NAME|*,1,128|*
postalCode|POSTAL-CODE|*,1,40|*
# no mapping for ASSISTANT-PHONE
# no mapping for PHONE-2
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#IM_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# PART 2.2 for EXPORT - mapping tables
######################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in EX_MV_ATTR, only keep first instances
#####################################
# primary mapping table
EX_MAPPING_TABLE=
*|*|*|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#EX_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# END
#################################################################
-Chris
