Scalix / AD Integration

[bpasdar]

Hello,

I am trying to get the integration between Scalix and Win2003/AD to work and keep getting the following error. I have tried multiple accounts and roles with the same result. Can anyone shed some light as to why it keeps saying invalid credentials?

2007-02-02 16:31:50 INFO: test searching from abc-nj1-ds-ad-1.abc.com ...
2007-02-02 16:31:50 INFO: search base is cn=users,dc=biz,dc=abc,dc=com
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
2007-02-02 16:31:50 ERROR: failed to run omldapsearch

As a note: When I installed scalix, I installed it with: scalix.abc.com, but my AD is in the ad.biz.abc.com. Will this matter?

Thanks

Babak

[ScalixSupport]

Hi!

While creating sync agreement (11) in the section, "PART 1.1 for IMPORT - remote host" for
EX_LOGON argument, did you enter cn=administrator,cn=users,dc=biz,dc=abc,dc=com like
for me it was:
EX_LOGON[cn=Export Admin,cn=users,dc=your_org,dc=com]:cn=administrator,cn=users,dc=sxindia,dc=co,dc=in

Thanks,
Subir

[florian]

there is a little issue in Scalix 10 and 11 - you need to specify the ad login in the DN-form, i.e. cn=administrator, ou=users, dc=mydomain, dc=com or similar. just specifying a username, e.g. administrator@MYDOMAIN.COM will not work as omldapsync detects this string and prepends a cn= to it, making it unworkable for AD to authenticate.

this will lead to the error described, even though username and password are correct.

hope this helps,
Florian.

[dmsupport]

Hi

I am having the same problem and my scalix server is udayanga.tech.com and my active directory server is TestAD.Tech.com so i am using following for the connection and getting the same error Please Help.

EX_HOST=TestAD.Tech.com
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Export Admin,cn=users,dc=your_org,dc=com"
EX_LOGON=cn=Administrator,dc=Tech,dc=com
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=1
#
---------
EX_BASE1=cn=users,dc=Tech,dc=com
EX_BASE2=

output as follows =============
INPUT: Attempt to test data extraction now y/n (n):y
2007-05-16 15:14:59 INFO: test searching from TestAD.Tech.com ...
2007-05-16 15:14:59 INFO: search base is cn=users,dc=tech,dc=com
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
2007-05-16 15:14:59 ERROR: failed to run omldapsearch
2007-05-16 15:14:59 INFO: test listing servers from http://udayanga.tech.com/caa/ ...
2007-05-16 15:15:02 INFO: ... found udayanga.tech.com OK.
2007-05-16 15:15:02 INFO: test listing mailnodes on udayanga.tech.com ...
2007-05-16 15:15:05 INFO: ... found mailnode OK.
2007-05-16 15:15:05 STATUS: Configuration of AD_SXT completed ########
Common tasks menu for syncid AD_SXT


Please advice on this

Thanks & regards
kosala

[florian]

you did not specifiy the container the Administrator user is in in your distinuguished name login name.

normally the administrator user is in the 'Users' container, so this would have to read

Code: Select all

EX_LOGON=cn=Administrator,cn=Users,dc=Tech,dc=com

This might depend on your installation and tree structure within AD though.

Florian.