LDAP Intergration to AD

mikevl · Postby **mikevl** » Thu Dec 21, 2006 5:09 pm

Hi I have connected a scalix server to W2k3r2 server and tryilng to import users. The dap sync log says all is OK but the scalix server is very lonely as it has no users on board form the windows server.

Log below is telling the truth in that it did not import the users, but Windows users do exist. The log is not complaining about anything. what have I done wrong?

Code: Select all

2006-12-21 01:19:45 STATUS: Interactive for w2k3r2 started ########
2006-12-21 01:20:12 STATUS: LDAP dir sync import w2k3r2 started ###############
2006-12-21 01:20:12 STATUS: load all records from 192.168.10.226 ...
2006-12-21 01:20:15 INFO: work dir is /var/opt/scalix/r4/s/ldapsync/w2k3r2/import
2006-12-21 01:20:15 STATUS: search source directory on 192.168.10.226 ...
2006-12-21 01:20:15 INFO: search base is cn=Users,dc=scalixplay,dc=local
2006-12-21 01:20:15 INFO: ... 0 entries to check
2006-12-21 01:20:16 STATUS: find delta and perform mapping ...
2006-12-21 01:20:16 INFO: ... 0 entries to delete
2006-12-21 01:20:16 INFO: ... 0 entries to add
2006-12-21 01:20:16 INFO: ... 0 entries to modify
2006-12-21 01:20:16 STATUS: apply membdelete data against Scalix ...
2006-12-21 01:20:17 INFO: ... 0 entries passed for member.curr
2006-12-21 01:20:17 INFO: ... 0 entries failed for member.curr
2006-12-21 01:20:17 INFO: ... 0 entries warned for member.curr
2006-12-21 01:20:17 STATUS: apply delete data against Scalix ...
2006-12-21 01:20:18 INFO: ... 0 entries passed for delete.curr
2006-12-21 01:20:18 INFO: ... 0 entries failed for delete.curr
2006-12-21 01:20:18 INFO: ... 0 entries warned for delete.curr
2006-12-21 01:20:18 STATUS: apply add data against Scalix ...
2006-12-21 01:20:18 INFO: ... 0 entries passed for add.curr
2006-12-21 01:20:18 INFO: ... 0 entries failed for add.curr
2006-12-21 01:20:18 INFO: ... 0 entries warned for add.curr
2006-12-21 01:20:19 STATUS: apply limit data against Scalix ...
2006-12-21 01:20:19 INFO: ... 0 entries passed for add.curr
2006-12-21 01:20:19 INFO: ... 0 entries failed for add.curr
2006-12-21 01:20:19 INFO: ... 0 entries warned for add.curr
2006-12-21 01:20:19 STATUS: apply modify data against Scalix ...
2006-12-21 01:20:20 INFO: ... 0 entries passed for modify.curr
2006-12-21 01:20:20 INFO: ... 0 entries failed for modify.curr
2006-12-21 01:20:20 INFO: ... 0 entries warned for modify.curr
2006-12-21 01:20:20 STATUS: apply limit data against Scalix ...
2006-12-21 01:20:21 INFO: ... 0 entries passed for modify.curr
2006-12-21 01:20:21 INFO: ... 0 entries failed for modify.curr
2006-12-21 01:20:21 INFO: ... 0 entries warned for modify.curr
2006-12-21 01:20:21 STATUS: apply membadd data against Scalix ...
2006-12-21 01:20:22 INFO: ... 0 entries passed for member.curr
2006-12-21 01:20:22 INFO: ... 0 entries failed for member.curr
2006-12-21 01:20:22 INFO: ... 0 entries warned for member.curr
2006-12-21 01:20:22 STATUS: apply membmodify data against Scalix ...
2006-12-21 01:20:23 INFO: ... 0 entries passed for member.curr
2006-12-21 01:20:23 INFO: ... 0 entries failed for member.curr
2006-12-21 01:20:23 INFO: ... 0 entries warned for member.curr
2006-12-21 01:20:23 STATUS: LDAP dir sync import w2k3r2 completed #############
2006-12-21 01:20:23 STATUS: LDAP dir sync export w2k3r2 started ###############
2006-12-21 01:20:23 STATUS: load all records from rhel4.scalixplay.local ...
2006-12-21 01:20:23 INFO: agreement type 11 only supports import operation
2006-12-21 01:20:23 STATUS: LDAP dir sync export w2k3r2 completed #############

Thanks

Mike

florian · Postby **florian** » Thu Dec 21, 2006 9:40 pm

Are you using Community Edition or Small Business or Enterprise Editions? SBE and EE provide a comprehensive set of tools including an AD GUI plugin for managing users through AD.

Florian.

mikevl · Postby **mikevl** » Thu Dec 21, 2006 9:46 pm

Hi Florin thanks for your reply

Yes I have the tools necessary to complete the intergration the two MSI tools LDAP Sync etc

florian · Postby **florian** » Thu Dec 21, 2006 9:51 pm

so can you post your /var/opt/scalix/ldapsync/<name_of_agreement>/sync.cfg

Florian.

mikevl · Postby **mikevl** » Thu Dec 21, 2006 10:10 pm

Thanks Florin

Code: Select all


##################################################################
#
# Scalix LDAP Directory Synchronization configuration
# NOTE: this file must be edited with care before use
# Interactively editable fields are controlled by the following:
EDIT_PROMPT=JAVA_HOME EX_HOST EX_LOGON EX_PASS IM_HOST IM_CAA_URL IM_CAA_KEYSTORE IM_CAA_NAME IM_CAA_PASS EX_BASE1 EX_BASE2 EX_BASE3 IM_OMADDRESS
# Sync agreement type - see omldapsync man page
TYPE_ID=11
# Sync agreement id - set by argument
SYNC_ID=w2k3r2
# NEXT_SYNCID: next sync agreement id to be executed after current
# agreement has completed, e.g. user sync followed by group sync
NEXT_SYNCID=
# JAVA_HOME: home directory of java installation
# e.g. "/usr/java/j2sdk1.4.2_02"
JAVA_HOME=/usr/java/jre1.5.0_06
# The class path required by omldapagent java application (under
# /opt/scalix/svr/java/bin) is setup automatically by omldapsync to 
# access dependent java libraries (under /opt/scalix/svr/java/lib)
##################################################################
#
# PART 1 General Configuration
##################################################################
# This section covers the settings required for tools to access
# both the remote and local systems for import or export.
# The general format is one or more line of <tag>=<value>
# Line starts with '#' is treated as comment
# When edited using omldaputil, do one of the followings:
#   -presss <enter> to accept the default offered inside []
#   -type in alternative <value> and press <enter> 
#   -do not quote the value with "" or ''
#
# PART 1.1 for IMPORT - remote host
##########################################
# EX_HOST: remote LDAP directory server name or IP address
# e.g. "remote_server.your_domain.com" or "192.168.1.216"
EX_HOST=192.168.10.226
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Administrator,cn=Users,dc=your_org,dc=com"
EX_LOGON=cn=Administrator,cn=Users,dc=scalixplay,dc=local
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=lennie
#
# PART 1.2 for IMPORT - local host
#########################################
# IM_HOST: local Scalix directory server name
# must specify FQDN where internet and user group will be imported
# e.g. "local_server.your_domain.com"
IM_HOST=rhel4.scalixplay.local
# IM_CAA_URL: Scalix CAA service url - must end with "/"
# e.g. "http://local_server.your_domain.com:8080/caa/"
IM_CAA_URL=http://rhel4.scalixplay.local/caa/
# IM_CAA_KEYSTORE: Scalix CAA service keystore for HTTPS only
# e.g "/var/opt/scalix/ldapsync/keystore"
IM_CAA_KEYSTORE=
# IM_CAA_ID: service login session-id
# e.g. "12345"
IM_CAA_ID=12345
# IM_CAA_NAME: service login auth-id, must have Scalix admin capability
# e.g. "user_name@your_domain.com"
IM_CAA_NAME=sxadmin
# IM_CAA_PASS: service login password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
IM_CAA_PASS=lennie
# IM_DELETE_MAILBOX: whether sync of mailbox delete will be applied to Scalix
# NOTE: set to "FALSE" to keep the mailbox and handle the deletion manually
IM_DELETE_MAILBOX=TRUE
# IM_FAIL2WARN_OPCODES: space separated list of opcodes that will be changed
# from failure to warning, a way to auto ignore certain type of error
# opcodes for add/modify/delete users=1/4/7 and groups=2/5/8
# opcodes for add/modify/delete members=3/3/9 and limits=12/12/-
# NOTE: should use a whole set, e.g. "3 9" to auto ignore all members error
IM_FAIL2WARN_OPCODES=
#
# PART 1.3 for IMPORT - ldap parameters
#######################################
# EX_SCALIX_ATTRS: list of resersed Scalix attributes in external directory
# to administer Scalix user/group from this remote master source 
# e.g. "EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG ..."
EX_SCALIX_ATTRS=SCALIXHIDEUSERENTRY SCALIXMAILBOXCLASS SCALIXLIMITMAILBOXSIZE SCALIXLIMITOUTBOUNDMAIL SCALIXLIMITINBOUNDMAIL SCALIXLIMITNOTIFYUSER EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG EX_SCALIX_ADMIN EX_SCALIX_MBOXADMIN
# SCALIXHIDEUSERENTRY: name of attribute to specify whether the user entry
# should be hidden from Outlook address book
# e.g. "scalixHideUserEntry"
SCALIXHIDEUSERENTRY=scalixHideUserEntry
# SCALIXMAILBOXCLASS: name of attribute to specify whether the mailbox class
# should have full or limited features
# e.g. "scalixMailboxClass"
SCALIXMAILBOXCLASS=scalixMailboxClass
# SCALIXLIMITMAILBOXSIZE: name of attribute to specify whether Scalix limit
# on mailbox size is required, must use a numerical value >= zero
# e.g. "scalixLimitMailboxSize"
SCALIXLIMITMAILBOXSIZE=scalixLimitMailboxSize
# SCALIXLIMITOUTBOUNDMAIL: name of attribute to specify whether Scalix limit
# on outbound mail is required, must use a boolean value "true" or "false" 
# e.g. "scalixLimitOutboundMail"
SCALIXLIMITOUTBOUNDMAIL=scalixLimitOutboundMail
# SCALIXLIMITINBOUNDMAIL: name of attribute to specify whether Scalix limit
# on inbound mail is required, must use a boolean value "true" or "false"
# e.g. "scalixLimitInboundMail"
SCALIXLIMITINBOUNDMAIL=scalixLimitInboundMail
# SCALIXLIMITNOTIFYUSER: name of attribute to specify whether Scalix limit
# on notify user is required, must use a boolean value "true" or "false"
# e.g. "scalixLimitNotifyUser"
SCALIXLIMITNOTIFYUSER=scalixLimitNotifyUser
# EX_SCALIX_MAILBOX: name of attribute to specify whether Scalix mailbox
# is required, yes if value is set to "true" or "scalix"
# e.g. "scalixScalixObject"
EX_SCALIX_MAILBOX=scalixScalixObject
# EX_SCALIX_MAILNODE: name of attribute to specify which Scalix mailnode
# to add the mailbox, must use "<ou1>,<ou2>,<ou3>,<ou4>" format
# e.g. "scalixMailnode"
EX_SCALIX_MAILNODE=scalixMailnode
# EX_SCALIX_MSGLANG: name of attribute to specify which Scalix message
# catalog language to use for client, default to "C" if not set
# e.g. "scalixServerLanguage"
EX_SCALIX_MSGLANG=scalixServerLanguage
# EX_SCALIX_ADMIN: name of attribute to specify whether to give the user
# Scalix admin capability, yes if value is set to "true"
# e.g. "scalixAdministrator"
EX_SCALIX_ADMIN=scalixAdministrator
# EX_SCALIX_MBOXADMIN: name of attribute to specify whether to give the user
# Scalix mailbox-admin capability, yes if value is set to "true"
# e.g. "scalixMailboxAdministrator"
EX_SCALIX_MBOXADMIN=scalixMailboxAdministrator
# EX_ATTR: attributes to extract from remote system for import
# e.g. "objectclass displayName sn givenname initials mail proxyAddresses mailNickname <etc>"
EX_ATTR=scalixHideUserEntry scalixMailboxClass scalixLimitMailboxSize scalixLimitOutboundMail scalixLimitInboundMail scalixLimitNotifyUser scalixScalixObject scalixMailnode scalixServerLanguage scalixAdministrator scalixMailboxAdministrator userAccountControl member distinguishedName userPrincipalName objectclass name displayName sn givenname initials mail scalixEmailAddress mailNickname objectGUID textEncodedORaddress facsimileTelephoneNumber homephone streetAddress st telephoneNumber title c company department description l mobile pager physicalDeliveryOfficeName postalCode secretary
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1=cn=Users,dc=scalixplay,dc=local
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# NOTE: extra EX_BASE10 upto EX_BASE200 can be defined here
# EX_FILTER: search filter to include/exclude entries to import
# e.g. "(&(cn=*)(mail=*))" for any cn AND mail
EX_FILTER=(&(cn=*)(mail=*))
# IM_OMADDRESS: Scalix address where where entries are imported
# NOTE: this is a route which you configure for coexistence
# e.g. "/internet,tnef" or "internet,tnef"
IM_OMADDRESS=/internet,tnef
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "objectGUID"
EX_GUID=objectGUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. "objectGUID"
LDAPCT_BIN_ATT=objectGUID
# EX_PAGESIZE: use pagesize control extension to overcome search limit
# e.g. "100"
EX_PAGESIZE=1000
# EX_SCOPE: use one of sub, one, base to control search scope 
# e.g. "sub"
#EX_SCOPE=sub
#
# PART 1.4 for EXPORT - ldap parameters
#######################################
# NOTE: export is not supported for this agreement type
#
# PART 2 Mapping Configuration
#################################################################
# WARNING: refer to documentation before editing the tables.
# This section defines the mappings required in order to map data
# between the remote and local LDAP systems for import or export.
# The general format is <lines of value> enclosed by markers.
# When edited using omldaputil, do one of the followings:
#   -presss <enter> to accept the default offered inside []
#   -type in alternative value and press <enter> 
#   -type in '-' to remove the line offered
#   -type in '+<value> to insert it before current line
# For more details on all mapping rules see omldaputil man page.
#
# PART 2.1 for IMPORT - mapping table
#####################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in IM_MV_ATTR, only keep first instances
#####################################
# primary mapping table
IM_MAPPING_TABLE=
# tag the entry using sync agreement name
|ADMINISTERED-BY|*|ldapsync-w2k3r2
# scalix reserved attributes
scalixHideUserEntry|EX-CDA-DIRECTORY|TRUE|1
scalixHideUserEntry|EX-CDA-DIRECTORY|FALSE|
scalixMailboxClass|UL-CLASS|*|*
scalixLimitMailboxSize|scalixLimitMailboxSize|*|*
scalixLimitOutboundMail|scalixLimitOutboundMail|*|*
scalixLimitInboundMail|scalixLimitInboundMail|*|*
scalixLimitNotifyUser|scalixLimitNotifyUser|*|*
scalixScalixObject|omMailbox|*|*
scalixMailnode|omMailnode|*|*
scalixServerLanguage|UL-IL|*|*
scalixAdministrator|ADMIN|*|*
scalixMailboxAdministrator|MBOXADMIN|*|*
# mailbox locking
userAccountControl|ACCOUNT_STATUS|*,1,10!FLAGUNSET=2|unlock
userAccountControl|ACCOUNT_STATUS|*,1,10!FLAGISSET=2|lock
# scalix object classes
objectClass|*|group|distributionList
objectClass|*|organizationalPerson|*
objectClass||*|#ignore others
# distinguished name
dn|*|*|*
# global unique id
objectGUID|GLOBAL-UNIQUE-ID|*|*
# common name
name|CN|*,1,64!ISMISSING=displayname|*
name||*|#suppress it otherwise
displayName|CN|*,1,64|*
# initial
initials|I|*,1,5|*
# surname
sn|S|*,1,40|*
# extract surname substitute if real is missing
textEncodedORaddress|S|*|!CUSTOM=EX_TEXT_EOA_TO_SN
# givenname if surname is present
givenName|G|*,1,16!ISPRESENT=surname|*
givenName||*|#suppress it otherwise
# primary internet address for non-scalix user
mail|INTERNET-ADDR|*,1,512!ISMISSING=scalixemailaddress|!CUSTOM=TX_IA_TO_QP_IA
mail||*|#suppress it otherwise
# all internet addresses for scalix user
scalixEmailAddress|INTERNET-ADDR|*,1,512|!CUSTOM=TX_IA_TO_QP_IA
# map to alias
mailNickname|ALIAS|*,1,16|*
# the DN of the entry
distinguishedName|FOREIGN-ADDR|*,1,512|*
# the DN of the group member
member|omMemberForeignAddr|*|*
# authentication id - note down/up shift the name/realm for SSO
userPrincipalName|UL-AUTHID|*,1,256|!CUSTOM=TO_CANONICAL_PRINCIPAL
# informational attributes
facsimileTelephoneNumber|FAX|*,1,32|!CUSTOM=TO_PS_STR
homephone|HOME-PHONE|*,1,32|!CUSTOM=TO_PS_STR
streetAddress|STREET-ADDRESS|*,1,128|!REPLACE=\015\012|\012
st|STATE-OR-PROVINCE|*,1,128|*
telephoneNumber|PHONE-1|*,1,32|!CUSTOM=TO_PS_STR
title|TITLE|*,1,128|*
c|CNTRY|*,1,2|*
company|EMPL-ORG|*,1,64|*
department|EMPL-DEPT|*,1,32|*
description|ENTRY-DESC|*,1,1024|!REPLACE=\015\012|\012
l|L|*,1,128|*
mobile|MOBILE-PHONE|*,1,32|!CUSTOM=TO_PS_STR
pager|PAGER-PHONE|*,1,32|!CUSTOM=TO_PS_STR
physicalDeliveryOfficeName|PD-OFFICE-NAME|*,1,128|*
postalCode|POSTAL-CODE|*,1,40|*
secretary|ASSISTANT-PHONE|*,1,32|!CUSTOM=TO_PS_STR
#Telephone-Office2|PHONE-2|*,1,32|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#IM_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# PART 2.2 for EXPORT - mapping tables
######################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in EX_MV_ATTR, only keep first instances
#####################################
# primary mapping table
EX_MAPPING_TABLE=
*|*|*|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#EX_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# END
#################################################################

florian · Postby **florian** » Thu Dec 21, 2006 10:17 pm

hm.... do the entries in your users container have a mail address and a common name/display name set in AD? If the base is correct, only the filter is questionable - and obviously, your agreement doesnt pull the data from the source LDAP.

Florian.

mikevl · Postby **mikevl** » Thu Dec 21, 2006 10:31 pm

Hi Florin

No the users do not have a n email address in AD There is no Exchange installed on that server. It was hoped the the Scalix AD connector would do that. The Scalix General and Scalix Advanced tabs Shoe correct mailnode etc. I have tokld them to allow the server to generate ther email address. I just need the names to come across from the AD to the Scalix server to get tit working
[/img]

florian · Postby **florian** » Thu Dec 21, 2006 10:33 pm

Ok,

so this configuration is not officially supported with the Scalix 10 version of the AD integration. It is actually supported with the Scalix 11 version, which was released today, so you might want to consider an upgrade.

Having said that, email address autogeneration should somehow work when you remove the (mail=*) condition from EX_FILTER

Florian.

mikevl · Postby **mikevl** » Thu Dec 21, 2006 10:55 pm

Hi Florin

I am running S11 RC2 at the moment

Will check your sujjesstion

mikevl · Postby **mikevl** » Thu Dec 21, 2006 11:06 pm

Thanks got the names but what a show

Code: Select all

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddUser</FunctionName>
            <ScalixServers>
                <Host>rhel4.scalixplay.local</Host>
            </ScalixServers>
            <AddUserParameters>
                <user type="INTERNET"/>
                <mailNode name="internet,tnef"/>
                <userAttributes>
                    <entity name="ENTRY-DESC" value="Key Distribution Center Service Account"/>
                    <entity name="FOREIGN-ADDR" value="CN=krbtgt,CN=Users,DC=scalixplay,DC=local"/>
                    <entity name="CN" value="krbtgt"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="Fl9BTOIRmkyUhWK4U4LMzA=="/>
                    <entity name="ADMINISTERED-BY" value="ldapsync-w2k3r2"/>
                </userAttributes>
            </AddUserParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
                    <errorcode>UM-1012</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-12-21 20:24:21 ERROR: failed to run omldapagent
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://rhel4.scalixplay.local/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://rhel4.scalixplay.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddUser</FunctionName>
            <ScalixServers>
                <Host>rhel4.scalixplay.local</Host>
            </ScalixServers>
            <AddUserParameters>
                <user type="INTERNET"/>
                <mailNode name="internet,tnef"/>
                <userAttributes>
                    <entity name="ENTRY-DESC" value="Default container for upgraded user accounts"/>
                    <entity name="FOREIGN-ADDR" value="CN=Users,DC=scalixplay,DC=local"/>
                    <entity name="CN" value="Users"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="fw5z2Y7yW06XtnQ96KvM2Q=="/>
                    <entity name="ADMINISTERED-BY" value="ldapsync-w2k3r2"/>
                </userAttributes>
            </AddUserParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
                    <errorcode>UM-1012</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-12-21 20:24:22 ERROR: failed to run omldapagent
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://rhel4.scalixplay.local/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://rhel4.scalixplay.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddUser</FunctionName>
            <ScalixServers>
                <Host>rhel4.scalixplay.local</Host>
            </ScalixServers>
            <AddUserParameters>
                <user type="INTERNET"/>
                <mailNode name="internet,tnef"/>
                <userAttributes>
                    <entity name="ENTRY-DESC" value="Built-in account for administering the computer/domain"/>
                    <entity name="FOREIGN-ADDR" value="CN=Administrator,CN=Users,DC=scalixplay,DC=local"/>
                    <entity name="CN" value="Administrator"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="HsIPgVcLfE2+wNi0iOW7zA=="/>
                    <entity name="ADMINISTERED-BY" value="ldapsync-w2k3r2"/>
                </userAttributes>
            </AddUserParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
                    <errorcode>UM-1012</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-12-21 20:24:24 ERROR: failed to run omldapagent
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://rhel4.scalixplay.local/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://rhel4.scalixplay.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddUser</FunctionName>
            <ScalixServers>
                <Host>rhel4.scalixplay.local</Host>
            </ScalixServers>
            <AddUserParameters>
                <user type="INTERNET"/>
                <mailNode name="internet,tnef"/>
                <userAttributes>
                    <entity name="ENTRY-DESC" value="This is a vendor's account for the Help and Support Service"/>
                    <entity name="FOREIGN-ADDR" value="CN=SUPPORT_388945a0,CN=Users,DC=scalixplay,DC=local"/>
                    <entity name="CN" value="CN=Microsoft Corporation,L=Redmond,S=Washington,C=US"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="k5yOhCLY3k6pHEJK9mqV4Q=="/>
                    <entity name="ADMINISTERED-BY" value="ldapsync-w2k3r2"/>
                </userAttributes>
            </AddUserParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
                    <errorcode>UM-1012</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-12-21 20:24:25 ERROR: failed to run omldapagent
Enter CAA Password: --------> Sending SOAP Request to Ubermanager@http://rhel4.scalixplay.local/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://rhel4.scalixplay.local/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
            <ServiceType>scalix.res</ServiceType>
            <Credentials id="12345">
                <Identity name="sxadmin" passwd="xxxxxxxx"/>
            </Credentials>
            <FunctionName>AddUser</FunctionName>
            <ScalixServers>
                <Host>rhel4.scalixplay.local</Host>
            </ScalixServers>
            <AddUserParameters>
                <user type="INTERNET"/>
                <mailNode name="internet,tnef"/>
                <userAttributes>
                    <entity name="ENTRY-DESC" value="Built-in account for guest access to the computer/domain"/>
                    <entity name="FOREIGN-ADDR" value="CN=Guest,CN=Users,DC=scalixplay,DC=local"/>
                    <entity name="CN" value="Guest"/>
                    <entity name="GLOBAL-UNIQUE-ID" value="PSjzsTklU0OnpfdKbmBnXg=="/>
                    <entity name="ADMINISTERED-BY" value="ldapsync-w2k3r2"/>
                </userAttributes>
            </AddUserParameters>
        </scalix-caa:CAARequestMessage>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>SOAP-ENV:Server</faultcode>
            <faultstring>CAA Service Error</faultstring>
            <detail>
                <scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
                    <message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
                    <errorcode>UM-1012</errorcode>
                </scalix-caa:fault-details>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-12-21 20:24:31 ERROR: failed to run omldapagent

florian · Postby **florian** » Fri Dec 22, 2006 1:07 am

well,

it requires the data to be a bit more rich, e.g.the data will have to have a last name.

youj'll need to fixup your data.
Florian.

Scalix Forums

LDAP Intergration to AD

LDAP Intergration to AD

Who is online