Scalix Forums

Can Scalix Server use an existing LDAP server to authenticate against? We are running SUSE Enterprise 10 on our existing server and I would like to setup Scalix under a Virtual Machine and able to make use of our existing LDAP db for auth.

Thanks.

Yes.
I'm authenticating Scalix against my OpenLDAP server.
You'll have to syncronize your scalix system directory with omldapsync, and you can authenticate against both scalix and LDAP.

I am attempting the same thing at present, just one question, is it possible to still make changes in SAC? Such as groupings etc? Would it be the case that the user info created on the LDAP server is copied to SCALIX but user data created in SAC is not transfered to LDAP. Hope that made sense

Richard

You can still make some changes such as grouping, change the user type (licensed or not), scalix password.
But uid, user name and such, I'd do it from ldap

Thanks, so if i was to change the password for example in SAC would that sync to LDAP?

No.
Scalix has its own password database.
You can authenticate against scalix (om_auth), against ldap (pam_ldap), or against both.
If you change userPassword in LDAP, it will not change Scalix user's password. Same the other way.

My system is configured so that I do all my user administration from my OpenLDAP directory that gets sync'd to scalix via cron job (omldapsync). Then group/distribution lists are managed from SAC.

I spent a lot of time with support getting it working, if you do a search for posts by me you will get several good threads about this type of configuration.

Just another quick question to clarify, if i use omldapsync with an empty openLDAP server and an already populated Scalix directory, will the end result be two identical copies? Is the sync bi-directional? for example if there was one user on the LDAP server would both end up with that user, plus the Scalix users.

Many Thanks in Advance

(p.s thanks to davidz, your past posts have been a great help )

No, omldapsync with OpenLDAP is just one way: OpenLDAP -> SCALIX.
you can't export from Scalix to OpenLDAP.
I guess what you can do is create an ldif from scalix and then slapadd to populate your LDAP.

Thanks for that, just one more question, if i have say 1 entry in openLDAP and 10 in SCALIX, will i end up with 11 in SCALIX? What i am trying to say is, is the sync adding / updating records, or replacing them...
Regards

Richard

It depends on the 10 users in Scalix already. If all 11 have different names then you will end up with 11 total entries. If some overlap the sync will fail and give errors.

For example: My system has two types of users in SAC. The greyed out ones from my OpenLDAP system (these are all regular users). Then I also have system type users that I have created and am able to edit in SAC (like servername@domain.com for some of our server systems thta need email but not a samba login). I just make sure that the system users are not in my LDAP directory.

umm thats interesting actually, my testing so far has involved syncing a new user to existing Scalix directory. The problem i have is that I am going from having an existing Scalix server with users, to an ldap server (essentially for the many authorization needs such as SAMBA and others) and this is the opposite to how most people would do it. SO.... i have the problem of having well established users on my Scalix server which need to be on the ldap server, but omldapsync will only work for new users to my ldap system, and show conflict between others.

*breath*

Suggestions anyone?

Regards

RIchard

Is your openLDAP empty? cant you export a LDIF from scalix and then slapcat into openldap?
I guess you'll have to change the DN of your users, and probablly some other attributes.

in that case could anyone give me some advice on the mapping settings in omldapsync's configuration, just a quick example would be ok, i cant seem to find any in-depth explination of it, many thanks once again, you have all been of great help

Regards

Richard

Which settings in particular are in question?

Check the man page for omldaputil it gives a litte more info in additon the the man page for omldapsync.