Scalix Forums

Running into an error when trying to sync with AD. I deleted 6 ex-employees and something is hanging up omldapsync. I am running Scalix v11.0.2. I have searched the forums and it is possible I am being affected by http://bugzilla.scalix.com/show_bug.cgi?id=11175 but I can't be sure and I don't want to run the perl script recommended there until I know for sure.

Here's the partial results of my sync:



In the above error, Bill is one of the employees I deleted. I checked in SAC and in AD and he is not listed in that group in either place.

The following error is repeated multiple times (once for each deleted employee):



Can anyone help me here?

Thanks,

Mike G.

Hi,

The second error does look like the bug you mentioned. However before running the perl script you need to make sure that the entry for each user in the SYSTEM directory has the GUID set (restored) to that of the AD sync side (normally of the form ABDCEFG==) and use ommodent (see man page, e.g. ommodent -e G=first/S=last -n GLOBAL-UNIQUE-ID='ABCDEF\=\='). Only then should you run the perl script which sync the SYSTEM GUID with the internal Scalix USERLIST. Once this is sorted, try omldapsync again to see what error remains and take it from there.

Regards,
Danny

Ok, time to revisit this. I was able to clear out the first error but I still have the 6 accounts I deleted that are not being deleted out of Scalix and I need some clarification. I don't want to clutter this post with the entire SOAP response (but if someone would like it I will) but here's the important part of all 6 failures:

<message>Failed to locate or retrieve information in LDAP for id /FedfOP3uUaL97fq/J6B/g==</message>

Of course the "id" is different for each of the 6 people I deleted.

To recap, I deleted 6 ex-employees from AD and want those users deleted out of Scalix. After I deleted those employees I ran omldapsync and received the error about not being able to locate or retrieve information in LDAP for those id's.

I have read the post here by dannyt about 30 different times and I'm still confused. Sorry if I'm missing something obvious. Here's some of my thinking and investigating. Maybe someone can take a look and straighten me out. For instance, here's a look at the GLOBAL-UNIQUE-ID for my account in both the SYSTEM and in USERLIST:



I found this technique for searching when looking at the description for Bug 11175. We can see that both of my GUID's are the same (which is what I think I want) but when I look at my info in AD I cannot find that id in any attribute. In fact, the only attribute I can find that might be it is called objectGUID but that's set to a HEX value.

At this point I don't know where to go. I have 6 users I deleted and omldapsync is searching Scalix for 6 id's but I don't know where omldapsync is getting the id's it's searching for. And, I'm embarrassed to say, I don't even remember who the 6 employees are so I'll have to compare AD to Scalix to find out. Either way, can someone provide me with more direction here?

Where is omldapsync getting those id's from?
I am syncing to AD, what is the proper procedure for deleting an employee so that his/her mailbox is also deleted?
Is there a way to manually delete user(s) from Scalix after they have been removed from AD?
How close to the ceiling does a fly get before it flips over and lands?

I could get by without an answer to that last one.

MG

For omldapsync from AD to Scalix, the GUID is usually the text representation of the objectUID expressed in base64 encoding. This can be obtained of one does omldapsearch -L "" against AD.

The normal procedure after the deleting the user in AD is to run omldapsync which should remove the Scalix mailbox. Note that for safety reason omldapsync allows this default behaviour to be prevented by having a IM_DELETE_MAILBOX option in the sync cfg file.

If you need to *manually* delete a Scalix mailbox created by omldapsync, just omdelu the user. You may also have to accept error from omldapsync due to this mismatch of status.

Danny