Scalix Forums

Greetings,

I currently have SCALIX in place and its working great. I have it setup so that it is authenticating against my existing OpenLDAP tree and and the plan is to use omldapsync to synchronize when I add new users. The issue I am running into is how to run omldapsync to update when new users are added or when changes are made to OpenLDAP tree. For example I discovered that some items were missing in a few user objects and therefore had not been brought over into the SCALIX ldap tree. I am curious on what omldapsync options should I be using to keep the two trees in sync.

Thanks in advance.

Hello,

if I understand you right you are setting up some new new users in your openldap with some new items like fax number etc. So to say if you create a new user within OpenLDAP it will be created in scalix too but some "user-items" are missing?

Did you already checked if the omldapsync just knows these attributes? Just take a look at /var/op/scalix/sys/ldap.attribs

there you should add some lines with your special attributes like

FAXHEAD faxHead
FAXCPI faxCPI

Cheers

Stefan

Not exactly. I want to be able to create a new user in LDAP and have that user replicate over to SCALIX. I would also like to be able to change attributes in the existing LDAP tree or like you said, map new ones into SCALIX and have it update the user in the SCALIX tree. The problem I am running into is that omldapsync when I run it, errors out because the user already exists in the SCALIX ldap tree. What I would like to know is how can I run omldapsync so that it will update the existing users rather than attempt add them.

Thanks

You pre-created your users, then? Not sure if I understand you correctly, but:

The problem is that the Global Unique ID in LDAP and in Scalix now differs. omldapsync can't update the entry (no mathing GUID) and can't add it (conflicting names). The easiest is to omcpoutu your mailboxes, delete the users and use omldapsync to create them, then omcpinu the mailboxes. Then any changes to the OpenLDAP tree will be reflected in the user after the next sync run.

You can only manage your users in one place, either LDAP or with the SAC, unless you want bad things to happen. Therefore a user created with omldapsync is not editable in SAC. You can try to use ommigu to couple/decouple this linkage, if you have to, though I'm not sure if that's the best course of action.

EDIT:

Just had a look at a OpenLDAP-provisioned mailbox, and the following was different:
* GLOBAL-UNIQUE-ID showed the UUID from OpenLDAP
* There is a FOREIGN-ADDR that reflects the user's DN (= is escaped as \=)

I am only creating users on the OpenLDAP side. SCALIX is setup to authenticate against the OpenLDAP tree and an initial omldapsync brought in the user base. As I said I am only creating users on the openldap side but would like to be able to sync up when I make changes such as adding a new user (to the OpenLDAP side) or changing a user attribute (again on the OpenLDAP side).

Thanks

Just re-run omldapsync -u on a regular basis (hourly? daily?) It will compare the current LDAP tree with the Scalix info and sync the changes to Scalix.