omldapsync no longer works after update from 10 to 11

[davidz]

We updated our Scalix 10 server to 11.0.0 a little while ago and everything is working great except for the sync to our OpenLDAP server. (Which was working fine). To be more specific I can add new users to my ldap directory and they successfully sync to scalix and create the user and everything is good. But if I try to change an attribute of an existing user it fails. Like MessageStoreLimits. Here is an example of a user that already exists in Scalix.

User output ldapsearch of OpenLDAP directory

Code: Select all

# davidz, Users, DOMAIN.com
dn: uid=davidz,ou=Users,dc=DOMAIN,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: scalixUserClass
cn: davidz
sn: davidz
uid: davidz
uidNumber: 1046
homeDirectory: /home/davidz
loginShell: /bin/bash
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-3092
sambaLogonScript: logon.bat
sambaHomeDrive: H:
gidNumber: 512
sambaPrimaryGroupSID: S-1-5-21-4205727931-4131263253-1851132061-512
sambaKickoffTime: 0
description: David Last Name
sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
scalixScalixObject: TRUE
scalixMailnode: SCALIX,DOMAIN
scalixServerLanguage: ENGLISH
scalixLimitOutboundMail: FALSE
scalixLimitInboundMail: FALSE
scalixLimitNotifyUser: TRUE
scalixHideUserEntry: FALSE
scalixMailboxClass: FULL
displayName: David Last Name
gecos: David Last Name
scalixAdministrator: TRUE
scalixMailboxAdministrator: TRUE
mail: "David Last Name" <davidz@DOMAIN.com>
mail: "David Last Name" <David.LastName@DOMAIN.com>
mail: "David Last Name" <davidz@SCALIX.DOMAIN.com>
scalixLimitMailboxSize: 1024
sambaAcctFlags: [UX]
sambaPwdCanChange: 1168546516
sambaPwdMustChange: 9223372036854775807

Here is the same user in Scalix LDAP:

Code: Select all

# David Last Name, Scalix
dn: cn=David Last Name, o=Scalix
cn: David Last Name
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: mhsUser
objectClass: scalixPerson
surname: davidz
description: David Last Name
mhsORAddresses: S=davidz/OU1=SCALIX/OU2=DOMAIN/CN=David Last Name
omInternetAddr: "David Last Name" <davidz@DOMAIN.com>
omInternetAddr: "David Last Name" <David.LastName@DOMAIN.com>
omInternetAddr: "David Last Name" <davidz@SCALIX.DOMAIN.com>
mail: davidz@sutc.com
mail: David.LastName@DOMAIN.com
mail: davidz@SCALIX.DOMAIN.com
rfc822Mailbox: davidz@DOMAIN.com
rfc822Mailbox: David.LastName@DOMAIN.com
rfc822Mailbox: davidz@SCALIX.DOMAIN.com
omAddress: davidz /SCALIX,DOMAIN/CN=David LastName
omMailnode: SCALIX,DOMAIN
omCn: David LastName
omForeignAddr: uid=davidz,ou=Users,dc=DOMAIN,dc=com
omGlobalUniqueId: 60073c8e-594a-102a-9931-c8862f133c18
omLocalUniqueId: 2641
omParentDl: 6496
omParentDl: 6720
omParentDl: 6752
omParentDl: 6784
omParentDl: 6848
omUlClass: Full

Here is omsearch -e "S=davidz" -m @ALL-ATTR@

Code: Select all

S=davidz/OU1=SCALIX/OU2=DOMAIN/CN=David LastName/INTERNET-ADDR="David LastName" <davidz@DOMAIN.com>="David LastName"
<David.LastName@DOMAIN.com>="David LastName" davidz@SCALIX.DOMAIN.com>
/ENTRY-TYPE=1/UL-AUTHID=davidz/UL-CAPS=23/GLOBAL-UNIQUE-ID=04a00000f127f444-05.001.861.291/UL-CLASS=Full
/UL-IL=ENGLISH/HOST-FQDN=SCALIX.DOMAIN.com/
LOCAL-UNIQUE-ID=2641/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=DOMAIN,dc\=com/ENTRY-DESC=David LastName/PARENT-DL=6496=6720=6752=6784=6848/IA-FORMAL=davidz@DOMAIN.com=
David.LastName@DOMAIN.com=davidz@SCALIX.DOMAIN.com/S-SDX=D132/DBV-ID=33554524


And here is the error message from /opt/scalix/bin/omldapsync -u hermesNEW

Code: Select all

2007-03-08 09:16:19 STATUS: LDAP dir sync import hermesNEW started ###############
2007-03-08 09:16:21 INFO: work dir is /var/opt/scalix/hs/s/ldapsync/hermesNEW/import
2007-03-08 09:16:22 STATUS: search source directory on ldap.domain.com ...
2007-03-08 09:16:22 INFO: search base is ou=Users,dc=DOMAIN,dc=COM
2007-03-08 09:16:22 INFO: ... 151 entries to check
2007-03-08 09:16:22 STATUS: find delta and perform mapping ...
2007-03-08 09:16:23 INFO: ... 0 entries to delete
2007-03-08 09:16:23 INFO: ... 0 entries to add
2007-03-08 09:16:23 INFO: ... 1 entries to modify
2007-03-08 09:16:23 STATUS: apply membdelete data against Scalix ...
2007-03-08 09:16:23 INFO: ... 0 entries passed for member.curr
2007-03-08 09:16:23 INFO: ... 0 entries failed for member.curr
2007-03-08 09:16:23 INFO: ... 0 entries warned for member.curr
2007-03-08 09:16:23 STATUS: apply delete data against Scalix ...
2007-03-08 09:16:23 INFO: ... 0 entries passed for delete.curr
2007-03-08 09:16:23 INFO: ... 0 entries failed for delete.curr
2007-03-08 09:16:23 INFO: ... 0 entries warned for delete.curr
2007-03-08 09:16:23 STATUS: apply add data against Scalix ...
2007-03-08 09:16:23 INFO: ... 0 entries passed for add.curr
2007-03-08 09:16:23 INFO: ... 0 entries failed for add.curr
2007-03-08 09:16:23 INFO: ... 0 entries warned for add.curr
2007-03-08 09:16:23 STATUS: apply limit data against Scalix ...
2007-03-08 09:16:23 INFO: ... 0 entries passed for add.curr
2007-03-08 09:16:23 INFO: ... 0 entries failed for add.curr
2007-03-08 09:16:23 INFO: ... 0 entries warned for add.curr
2007-03-08 09:16:23 STATUS: apply modify data against Scalix ...
2007-03-08 09:16:25 INFO: ... 1 entries passed for modify.curr
2007-03-08 09:16:25 INFO: ... 0 entries failed for modify.curr
2007-03-08 09:16:25 INFO: ... 0 entries warned for modify.curr
2007-03-08 09:16:25 STATUS: apply limit data against Scalix ...
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://hermes.sutc.com/caa/ for method:ModifyUserMessageStoreLimits
--------> Received SOAP Response from Ubermanager@http://hermes.domain.com/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin@hermes.domain.com" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>ModifyUserMessageStoreLimits</FunctionName>
            <ModifyUserMessageStoreLimitsParameters id="60073c8e-594a-102a-9931-c8862f133c18">
                <userAttributes>
                    <entity name="rs" value="FALSE"/>
                    <entity name="ms" value="2048"/>
                    <entity name="us" value="TRUE"/>
                    <entity name="ss" value="FALSE"/>
                </userAttributes>
            </ModifyUserMessageStoreLimitsParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Failed to locate Mailnode/HostFQDN for id = 60073c8e-594a-102a-9931-c8862f133c18</message>
                    <errorcode>UM-1016</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2007-03-08 09:16:26 ERROR: failed to run omldapagent
2007-03-08 09:16:26 INFO: ... 0 entries passed for modify.curr
2007-03-08 09:16:26 INFO: ... 1 entries failed for modify.curr
2007-03-08 09:16:26 INFO: ... 0 entries warned for modify.curr
2007-03-08 09:16:26 STATUS: apply membadd data against Scalix ...
2007-03-08 09:16:26 INFO: ... 0 entries passed for member.curr
2007-03-08 09:16:26 INFO: ... 0 entries failed for member.curr
2007-03-08 09:16:26 INFO: ... 0 entries warned for member.curr
2007-03-08 09:16:26 STATUS: apply membmodify data against Scalix ...
2007-03-08 09:16:26 INFO: ... 0 entries passed for member.curr
2007-03-08 09:16:26 INFO: ... 0 entries failed for member.curr
2007-03-08 09:16:26 INFO: ... 0 entries warned for member.curr
2007-03-08 09:16:26 STATUS: update sync data files with partial results ...
2007-03-08 09:16:26 INFO: ... 1 entries deleted from modify.pass
2007-03-08 09:16:26 STATUS: LDAP dir sync import failed, error=2 ###########
2007-03-08 09:16:26 STATUS: LDAP dir sync export hermesNEW started ###############
2007-03-08 09:16:26 INFO: agreement type 13 only supports import operation
2007-03-08 09:16:26 STATUS: LDAP dir sync export hermesNEW completed #############


This used to work perfectly before the upgrade. If I completely remove the user from scalix and then run the sync it considers it a new user and it creates it just fine. I can't do that with this user because he has over 2 gigs of email.

-David

[davidz]

<bump>

[tsanchez88]

I've got a test environment built that is a replica of our live 10.0.1 Scalix Server and Win 2003 AD Server.

Upgrade to 11.0.2.1 and everything looks good. Edit omvscan.cfg to point to updated Scalix logs directory(ClamAV). Update omldapsync config to point to upgraded Java directory, and then test extraction completes sucessfully. Make a change to a user attribute and receive an error.

I repeated my whole upgrade test again with the same outcome.

This needs to be solved before I can go ahead with the upgrade

omldapsync error:


--------> Sending SOAP Request to Ubermanager@http://scalix01.domain.local/caa/ for method:ModifyUser
--------> Received SOAP Response from Ubermanager@http://scalix01.domain.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="sxadmin@scalix01.domain.local" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>ModifyUser</FunctionName>
<ModifyUserParameters id="CAtq7oqJrUa42Nydte2W7w==">
<user type="MAIL"/>
<mailNode name="scalix01,domain"/>
<userAttributes>
<entity name="ADMINISTERED-BY" value="ldapsync-domain.LOCAL"/>
<entity name="CN" value="Todd Sanchez"/>
<entity name="EMPL-DEPT" value="Information Technology"/>
<entity name="FOREIGN-ADDR" value="CN=Todd Sanchez,OU=IT - MI,DC=domain,DC=local"/>
<entity name="G" value="Todd"/>
<entity name="GLOBAL-UNIQUE-ID" value="CAtq7oqJrUa42Nydte2W7w=="/>
<entity name="INTERNET-ADDR" value="&quot;Todd Sanchez&quot; &lt;tsanchez@domainservices.com>"/>
<entity name="PD-OFFICE-NAME" value="Howell"/>
<entity name="PHONE-1" value="(517) 552-1400 x3019"/>
<entity name="S" value="Sanchez"/>
<entity name="UL-AUTHID" value="tsanchez@domain.LOCAL"/>
<entity name="UL-CLASS" value="FULL"/>
<entity name="UL-IL" value="C"/>
<entity name="ACCOUNT_STATUS" value="unlock"/>
</userAttributes>
</ModifyUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>Failed to locate or retrieve information in LDAP for id CAtq7oqJrUa42Nydte2W7w==</message>
<errorcode>UM-1015</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2007-03-13 16:37:09 ERROR: failed to run omldapagent
2007-03-13 16:37:09 INFO: ... 0 entries passed for modify.curr
2007-03-13 16:37:09 INFO: ... 1 entries failed for modify.curr
2007-03-13 16:37:09 INFO: ... 0 entries warned for modify.curr
2007-03-13 16:37:09 STATUS: apply limit data against Scalix ...
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://scalix01.domain.local/caa/ for method:ModifyUserMessageStoreLimits
--------> Received SOAP Response from Ubermanager@http://scalix01.domain.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="sxadmin@scalix01.domain.local" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>ModifyUserMessageStoreLimits</FunctionName>
<ModifyUserMessageStoreLimitsParameters id="CAtq7oqJrUa42Nydte2W7w==">
<userAttributes>
<entity name="ms" value="350"/>
</userAttributes>
</ModifyUserMessageStoreLimitsParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>Failed to locate Mailnode/HostFQDN for id = CAtq7oqJrUa42Nydte2W7w==</message>
<errorcode>UM-1016</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2007-03-13 16:37:12 ERROR: failed to run omldapagent
2007-03-13 16:37:12 INFO: ... 0 entries passed for modify.curr
2007-03-13 16:37:12 INFO: ... 1 entries failed for modify.curr
2007-03-13 16:37:12 INFO: ... 0 entries warned for modify.curr
2007-03-13 16:37:12 STATUS: apply membadd data against Scalix ...
2007-03-13 16:37:12 INFO: ... 0 entries passed for member.curr
2007-03-13 16:37:12 INFO: ... 0 entries failed for member.curr
2007-03-13 16:37:13 INFO: ... 0 entries warned for member.curr
2007-03-13 16:37:13 STATUS: apply membmodify data against Scalix ...
2007-03-13 16:37:13 INFO: ... 0 entries passed for member.curr
2007-03-13 16:37:13 INFO: ... 0 entries failed for member.curr
2007-03-13 16:37:13 INFO: ... 0 entries warned for member.curr
2007-03-13 16:37:14 STATUS: update sync data files with partial results ...
2007-03-13 16:37:14 INFO: ... 1 entries deleted from modify.pass
2007-03-13 16:37:14 STATUS: LDAP dir sync import failed, error=2 ###########
2007-03-13 16:37:14 STATUS: LDAP dir sync export domain.LOCAL started ###############
2007-03-13 16:37:14 INFO: agreement type 11 only supports import operation
2007-03-13 16:37:14 STATUS: LDAP dir sync export domain.LOCAL completed #############
[root@scalix01 sys]#

[dannyt]

Hi,

The cause may be related to known upgrade bug 11175 (Scalix bugzilla is accessible from the outside). Please have a read there and try out the fix script if appropriate. If the original external GUID is already lost in the SYSTEM directory, you may have to change it back (ommodent on the host system) before running the script.

Regards,
Danny

[davidz]

I read through the bugs and they sound exactly like my problem so I ran the perl script and it said it modified 162 entries. Here is a sample of the output:

Code: Select all

447dave 3035ff93de6-594a-102a-992f-c8862f133c18
447markm        3035f12c7b2-594a-102a-990d-c8862f133c18
447mitch        3036218fe36-594a-102a-9971-c8862f133c18
447danielleh    3035e3a3b18-594a-102a-98eb-c8862f133c18
447roy  3035e2694c8-594a-102a-98e5-c8862f133c18
447swhite       30342dee7aa-900f-102a-90de-c3d2ef80569b
447staci        3035e8d81e2-594a-102a-98f8-c8862f133c18
447allyson      3035ef2de84-594a-102a-9908-c8862f133c18
447brent        3035f903cb0-594a-102a-9920-c8862f133c18
447stephanie    303626c511c-594a-102a-997c-c8862f133c18
447robert       303373b0b9e-6e64-102a-8d7d-cd624c0d68cc
447steves       3035e93e154-594a-102a-98f9-c8862f133c18
447kaci 3035ec68faa-594a-102a-9901-c8862f133c18
447bobbie       3035f5a1752-594a-102a-9918-c8862f133c18


I did one quick test by modifying a user in OpenLDAP then sync'ed the changes and it went without any errors. I'll do some more testing other some other accounts that have existed since before the upgrade to 11. Then I will post results here.

Do you want me to add anything to the bug?

Thank you,
David

[vlaurenz]

Someone please "sticky" this as I'm sure there are a lot of us out there using omldapsync.

[davidz]

I agree to a lack of documentation/communication about this issue.

[tsanchez88]

Since I was only testing in a lab, I was able to reset the system back and run the script before attempting the Scalix 11 upgrade. There have been no omldapsync errors after the upgrade this time around.