We are using Scalix Community 9.4.2.x on RH ES 4.
We made tremendous progress getting Scalix to sync and authenticate to our LDAP server (Fedora Directory Server) using agreement type 13. However, we have been unable to create groups in LDAP and get them to sync to Scalix.
We would really like to be able to create/manage our distribution lists and other group management tasks in LDAP and just run omldapsync -u 13.
In our ldapsync13.cfg we have things like:
EX_SCALIX_ATTRS=EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_EXTAUTH EX_SCALIX_ADMIN EX_SCALIX_MBOXADMIN
...
EX_ATTR=exScalixObject exScalixMailnode exScalixExtauth exScalixAdmin exScalixMboxadmin member dn uid objectClass displayName sn givenname initials mail nsuniqueid cn facsimileTelephoneNumber homephone street st telephoneNumber title co company departmentNumber description l mobile pager physicalDeliveryOfficeName postalCode omulclass
...
EX_BASE1=ou=People,dc=pillartechnology,dc=com
EX_BASE2=ou=Groups,dc=pillartechnology,dc=com
...
EX_FILTER=(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))
...
objectClass|*|groupOfNames|distributionList
...
# the DN of the group members
member|omMemberForeignAddr|*|*
...
Can anyone point us in the right direction? Do we need a specific EX_SCALIX_?? attribute of some sort?
Should we be able to do this in Community v9.4.x?
omldapsync of groups
Moderators: ScalixSupport, admin
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
Well, it seems you're almost there...
what you need is....
... objects with objectClass = groupOfNames
... the object should have a mail attribute (the email address of the group/PDL)
... the members should be listed as DNs in "member" attributes
obviously, the members need to be objects that are picked up as users by scalix. As of 9.x, there can not be groups with members that do not represent Scalix users.
Your template should be allright, it's all a data thing now.
Naturally, it makes sense that the group object also has a display name/common name attribute.
-- f.
what you need is....
... objects with objectClass = groupOfNames
... the object should have a mail attribute (the email address of the group/PDL)
... the members should be listed as DNs in "member" attributes
obviously, the members need to be objects that are picked up as users by scalix. As of 9.x, there can not be groups with members that do not represent Scalix users.
Your template should be allright, it's all a data thing now.
Naturally, it makes sense that the group object also has a display name/common name attribute.
-- f.
Florian von Kurnatowski, Die Harder!
-
pillarguys
A little closer
We added an object as you described. We are closer, but not there yet.
The added group shows up in SAC under Groups, but the members are not added and the icon does not include the little envelop over the 2 people.
The group also appears if you look at Member Of for a user, but cannot be selected.
In comparing (through an LDAP browser) our group from omldapsync to our Everyone group created through SAC, here are some noted differences:
Any further help is appreciated. Is there other information I could post?
Most logs I could find only reiterated the output of the omldapsync command:
INFO: 1 entries warned for member.curr.memb
...
INFO: 1 entries passed for for modify.curr.dist
...
INFO: 1 entries had group mamber
...
INFO: some warning reported by omldapagent
The added group shows up in SAC under Groups, but the members are not added and the icon does not include the little envelop over the 2 people.
The group also appears if you look at Member Of for a user, but cannot be selected.
In comparing (through an LDAP browser) our group from omldapsync to our Everyone group created through SAC, here are some noted differences:
Code: Select all
mhsORAddresses S=test/OU1=internet/CN=test
omAddress test/internet/CN=test
omForeignAddr cn=test,ou=Groups,dc=pillartechnology,dc=com
omMailnode internet
mhsORAddresses S=Everyone/OU1=community/OU2=pillarforge/CN=Everyone
omAddress Everyone /community,pillarforge/CN=Everyone
omMailnode community,pillarforge
Any further help is appreciated. Is there other information I could post?
Most logs I could find only reiterated the output of the omldapsync command:
INFO: 1 entries warned for member.curr.memb
...
INFO: 1 entries passed for for modify.curr.dist
...
INFO: 1 entries had group mamber
...
INFO: some warning reported by omldapagent
-
dannyt
- Scalix
- Posts: 140
- Joined: Mon Aug 08, 2005 11:52 am
- Location: UK
Hi,
It looks like the problem lies with the mailnode (or lack of) given to the group on the source directory side. This is eventually mapped to "omMailnode" which must represent a local mailnode on one of the Scalix system (in your case it is mapped to the default "internet" which is not a real mailnode in Scalix), otherwise members of the groups would not be syned over by omldapsync.
So find the attribute that corresponds to EX_SCALIX_MAILNODE in your source LDAP and give it a real mailnode name (e.g. community,pillarforge) and try to add a new group again.
Regards,
Danny
It looks like the problem lies with the mailnode (or lack of) given to the group on the source directory side. This is eventually mapped to "omMailnode" which must represent a local mailnode on one of the Scalix system (in your case it is mapped to the default "internet" which is not a real mailnode in Scalix), otherwise members of the groups would not be syned over by omldapsync.
So find the attribute that corresponds to EX_SCALIX_MAILNODE in your source LDAP and give it a real mailnode name (e.g. community,pillarforge) and try to add a new group again.
Regards,
Danny
Who is online
Users browsing this forum: No registered users and 11 guests