scalix integration with windows2003 AD

[HariGobi]

Dear all ,

I am trying to integrate Scalix ver 10.0.1 with windows2003 Active Directory using synchronization agreement type 11 when running omldapsync in scalix server (Suse 10 OSS) after running ForestPrep in windows2003 server and I got the following error .

2006-05-12 11:34:12 STATUS: renamed old sync.cfg to sync.last
2006-05-12 11:34:12 STATUS: installed updated config sync.cfg
INPUT: Attempt to test data extraction now y/n (n):y
2006-05-12 11:34:14 INFO: test searching from 192.168.7.26 ...
2006-05-12 11:34:14 INFO: search base is "cn=administrator,dc=winscalix,dc=dsrc,dc=com"
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
2006-05-12 11:34:14 ERROR: failed to run omldapsearch
2006-05-12 11:34:14 INFO: test listing servers from http://linmail.dsrc.com/caa/ ...
2006-05-12 11:34:14 INFO: ... found linmail.dsrc.com OK.
2006-05-12 11:34:14 INFO: test listing mailnodes on linmail.dsrc.com ...
2006-05-12 11:34:15 INFO: ... found mailnode OK.
2006-05-12 11:34:15 STATUS: Configuration of test4 completed ########
Common tasks menu for syncid test4

Any help to solve this will be greatly appreciated ..
Advanced Thanks
HariGobi

[florian]

hi,

i would expect your admin dn to be something like

cn=administrator,ou=users,dc=scalix,dc=local

the number of dc components to this might vary with your internal domain/AD domain name, i.e. if it is florian.scalix.com, it would have 3 dc components. however, your admin account would usually be in the users container.

i believe you deleted the mention of the users container from the sample in the config file template. please review.

Florian.

[HariGobi]

Hi ,

I changed the Admin dn as "cn=administrator,ou=users,dc=winscalix,dc=dsrc,dc=com"
But I got the following error again .

NPUT: Replace old config with new y/n (?):y
2006-05-15 10:14:20 STATUS: renamed old sync.cfg to sync.last
2006-05-15 10:14:20 STATUS: installed updated config sync.cfg
INPUT: Attempt to test data extraction now y/n (n):y
2006-05-15 10:14:21 INFO: test searching from 192.168.7.26 ...
2006-05-15 10:14:21 INFO: search base is "cn=administrator,ou=users,dc=winscalix,dc=dsrc,dc=com"
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
2006-05-15 10:14:21 ERROR: failed to run omldapsearch
2006-05-15 10:14:22 INFO: test listing servers from http://linmail.dsrc.com/caa/ ...
2006-05-15 10:14:22 INFO: ... found linmail.dsrc.com OK.
2006-05-15 10:14:22 INFO: test listing mailnodes on linmail.dsrc.com ...
2006-05-15 10:14:23 INFO: ... found mailnode OK.
2006-05-15 10:14:23 STATUS: Configuration of test4 completed ########
Common tasks menu for syncid test4

The local dn is linmail.dsrc.com and AD dn is winscalix.dsrc.com .
I edited the sync.cfg file (with the parameters to be passed only).
User container information in the sync.cfg file like this ..

SCALIX_MBOXADMIN=scalixMailboxAdministrator
# EX_ATTR: attributes to extract from remote system for import
# e.g. "objectclass displayName sn givenname initials mail proxyAddresses mailNickname <etc>"
EX_ATTR=scalixHideUserEntry scalixMailboxClass scalixLimitMailboxSize scalixLimitOutboundMail scalixLimitInboundMail scalixLimitNotifyUser scalixScalixObject scalixMailnode scalixServerLanguage scalixAdministrator scalixMailboxAdministrator userAccountControl member distinguishedName userPrincipalName objectclass name displayName sn givenname initials mail scalixEmailAddress mailNickname objectGUID textEncodedORaddress facsimileTelephoneNumber homephone streetAddress st telephoneNumber title c company department description l mobile pager physicalDeliveryOfficeName postalCode secretary
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1="cn=administrator,ou=users,dc=winscalix,dc=dsrc,dc=com"
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# NOTE: extra EX_BASE10 upto EX_BASE200 can be defined here
# EX_FILTER: search filter to include/exclude entries to import
# e.g. "(&(cn=*)(mail=*))" for any cn AND mail
EX_FILTER=(&(cn=*)(mail=*))
# IM_OMADDRESS: Scalix address where where entries are imported
# NOTE: this is a route which you configure for coexistence
# e.g. "/internet,tnef" or "internet,tnef"
IM_OMADDRESS=/internet,tnef
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "objectGUID"
EX_GUID=objectGUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. "objectGUID"
LDAPCT_BIN_ATT=objectGUID
# EX_PAGESIZE: use pagesize control extension t

Am I right in giving the user container information in the configuration file ?

Thanks
HariGobi

hi,

i would expect your admin dn to be something like

cn=administrator,ou=users,dc=scalix,dc=local

the number of dc components to this might vary with your internal domain/AD domain name, i.e. if it is florian.scalix.com, it would have 3 dc components. however, your admin account would usually be in the users container.

i believe you deleted the mention of the users container from the sample in the config file template. please review.

Florian.

[florian]

ok.... the error is still the same and pretty obvious.... either the Windows Username (in DN form) is not matching or the Windows Admin Password is incorrect....

2006-05-15 10:14:21 INFO: search base is "cn=administrator,ou=users,dc=winscalix,dc=dsrc,dc=com"
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

My apologies... believe Active Directory uses cn=users instead of ou=users

Hope this helps,
Florian.

P.S. your actual container structure might vary - if you are unsure what the dn of your admin account is, you might want to use MIcrosoft's ADSIEdit (believe it's part of the W2000/W2003 Resource Kit, please google) to have a LDAP look at your LDAP tree....

[HariGobi]

Thanks for your reply and it works.

After I enable the Mailbox service for the user option in the Windows2003 server, Running option2 ( force a complete load of the directory ) in the scalix server throws the following error .

INPUT: Replace old config with new y/n (?):y
2006-05-22 14:07:16 STATUS: renamed old sync.cfg to sync.last
2006-05-22 14:07:16 STATUS: installed updated config sync.cfg
INPUT: Attempt to test data extraction now y/n (n):y
2006-05-22 14:07:17 INFO: test searching from winscalix.dsrc7.com ...
2006-05-22 14:07:17 INFO: search base is cn=users,dc=dsrc7,dc=com
2006-05-22 14:07:19 INFO: ... test searched OK.
2006-05-22 14:07:19 INFO: test listing servers from http://linmail.dsrc.com/caa/ ...
2006-05-22 14:07:19 INFO: ... found linmail.dsrc.com OK.
2006-05-22 14:07:19 INFO: test listing mailnodes on linmail.dsrc.com ...
2006-05-22 14:07:20 INFO: ... found mailnode OK.
2006-05-22 14:07:20 STATUS: Configuration of test4 completed ########
INPUT: Please enter an option (0):2
2006-05-22 14:13:48 STATUS: LDAP dir sync import test4 started ###############
2006-05-22 14:13:48 STATUS: load all records from winscalix.dsrc7.com ...
2006-05-22 14:13:48 INFO: work dir is /var/opt/scalix/ldapsync/test4/import
2006-05-22 14:13:48 STATUS: search source directory on winscalix.dsrc7.com ...
2006-05-22 14:13:48 INFO: search base is cn=users,dc=dsrc7,dc=com
2006-05-22 14:13:48 INFO: ... 1 entries to check
2006-05-22 14:13:48 STATUS: find delta and perform mapping ...
2006-05-22 14:13:48 INFO: ... 0 entries to delete
2006-05-22 14:13:48 INFO: ... 1 entries to add
2006-05-22 14:13:48 INFO: ... 0 entries to modify
2006-05-22 14:13:49 STATUS: apply membdelete data against Scalix ...
2006-05-22 14:13:49 INFO: ... 0 entries passed for member.curr
2006-05-22 14:13:49 INFO: ... 0 entries failed for member.curr
2006-05-22 14:13:49 INFO: ... 0 entries warned for member.curr
2006-05-22 14:13:49 STATUS: apply delete data against Scalix ...
2006-05-22 14:13:49 INFO: ... 0 entries passed for delete.curr
2006-05-22 14:13:49 INFO: ... 0 entries failed for delete.curr
2006-05-22 14:13:49 INFO: ... 0 entries warned for delete.curr
2006-05-22 14:13:49 STATUS: apply add data against Scalix ...
--------> Sending SOAP Request to Ubermanager@http://linmail.dsrc.com/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://linmail.dsrc.com/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="">
<Identity name="Hari.Gobi@linmail.dsrc.com" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>AddUser</FunctionName>
<AddUserParameters>
<user type="MAIL"/>
<mailNode name="linmail,dsrc"/>
<userAttributes>
<entity name="FOREIGN-ADDR" value="CN=test1,CN=Users,DC=dsrc7,DC=com"/>
<entity name="CN" value="test1"/>
<entity name="GLOBAL-UNIQUE-ID" value="kFMPrET0gEirrC7FakL2JA=="/>
<entity name="ACCOUNT_STATUS" value="unlock"/>
<entity name="UL-AUTHID" value="test1@DSRC7.COM"/>
<entity name="UL-IL" value="C"/>
<entity name="INTERNET-ADDR" value="&quot;test1&quot; &lt;test1@linmail.dsrc.com>"/>
<entity name="UL-CLASS" value="FULL"/>
<entity name="ADMINISTERED-BY" value="ldapsync-test4"/>
</userAttributes>
</AddUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>
<errorcode>UM-1012</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-05-22 14:13:49 ERROR: failed to run omldapagent
2006-05-22 14:13:49 INFO: ... 0 entries passed for add.curr
2006-05-22 14:13:49 INFO: ... 1 entries failed for add.curr
2006-05-22 14:13:49 INFO: ... 0 entries warned for add.curr
2006-05-22 14:13:49 STATUS: apply limit data against Scalix ...
2006-05-22 14:13:49 INFO: ... 0 entries passed for add.curr
2006-05-22 14:13:49 INFO: ... 0 entries failed for add.curr
2006-05-22 14:13:49 INFO: ... 0 entries warned for add.curr
2006-05-22 14:13:49 STATUS: apply modify data against Scalix ...
2006-05-22 14:13:49 INFO: ... 0 entries passed for modify.curr
2006-05-22 14:13:49 INFO: ... 0 entries failed for modify.curr
2006-05-22 14:13:50 INFO: ... 0 entries warned for modify.curr
2006-05-22 14:13:50 STATUS: apply limit data against Scalix ...
2006-05-22 14:13:50 INFO: ... 0 entries passed for modify.curr
2006-05-22 14:13:50 INFO: ... 0 entries failed for modify.curr
2006-05-22 14:13:50 INFO: ... 0 entries warned for modify.curr
2006-05-22 14:13:50 STATUS: apply membadd data against Scalix ...
2006-05-22 14:13:50 INFO: ... 0 entries passed for member.curr
2006-05-22 14:13:50 INFO: ... 0 entries failed for member.curr
2006-05-22 14:13:50 INFO: ... 0 entries warned for member.curr
2006-05-22 14:13:50 STATUS: apply membmodify data against Scalix ...
2006-05-22 14:13:50 INFO: ... 0 entries passed for member.curr
2006-05-22 14:13:50 INFO: ... 0 entries failed for member.curr
2006-05-22 14:13:50 INFO: ... 0 entries warned for member.curr
2006-05-22 14:13:50 STATUS: LDAP dir sync import failed, error=2 ###########
2006-05-22 14:13:50 STATUS: LDAP dir sync export test4 started ###############
2006-05-22 14:13:50 STATUS: load all records from linmail.dsrc.com ...
2006-05-22 14:13:50 INFO: agreement type 11 only supports import operation
2006-05-22 14:13:50 STATUS: LDAP dir sync export test4 completed #############

Thanks & Regards
HariGobi

ok.... the error is still the same and pretty obvious.... either the Windows Username (in DN form) is not matching or the Windows Admin Password is incorrect....

2006-05-15 10:14:21 INFO: search base is "cn=administrator,ou=users,dc=winscalix,dc=dsrc,dc=com"
ldap_bind: Invalid credentials
ldap_bind: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

My apologies... believe Active Directory uses cn=users instead of ou=users

Hope this helps,
Florian.

P.S. your actual container structure might vary - if you are unsure what the dn of your admin account is, you might want to use MIcrosoft's ADSIEdit (believe it's part of the W2000/W2003 Resource Kit, please google) to have a LDAP look at your LDAP tree....

[florian]

HariGobi,

your friend here is the following line:

<message>Malformed userAttributes element. It must have at least 'G' or 'S' or 'I' elements</message>

This refers to directory attributes - normally, at least the "S"urname needs to be set, at best the "G"ivenname as well. These must be set on the General Tab in AD.

Cheers,
Florian.

[HariGobi]

Dear Florian ,

Thanks for your reply .
After adding surname attributes, the soap errors are resolved but adding entries in the LDAP sync failed . The error log is like this ...

Common tasks menu for syncid test4
0. Display this menu
1. Configure the LDAP dir sync settings
2. Force a complete (re)load of the directory
3. Update the directory after some changes
4. Accept previous error and update directory
5. Skip previous error and update directory
6. Update the directory and prompt for error
7. Modify all sync records from the directory
8. Delete all sync records in the directory
d. Toggle debug mode from current setting <0>
n. Toggle test mode from current setting <>
q. Quit
INPUT: Please enter an option (0):2
2006-06-28 14:44:20 STATUS: LDAP dir sync import test4 started ###############
2006-06-28 14:44:20 STATUS: load all records from 192.168.7.26 ...
2006-06-28 14:44:20 INFO: work dir is /var/opt/scalix/ldapsync/test4/import
2006-06-28 14:44:20 STATUS: search source directory on 192.168.7.26 ...
2006-06-28 14:44:20 INFO: search base is cn=users,dc=dsrc7,dc=com
2006-06-28 14:44:20 INFO: ... 1 entries to check
2006-06-28 14:44:20 STATUS: find delta and perform mapping ...
2006-06-28 14:44:20 INFO: ... 0 entries to delete
2006-06-28 14:44:20 INFO: ... 1 entries to add
2006-06-28 14:44:20 INFO: ... 0 entries to modify
2006-06-28 14:44:20 STATUS: apply membdelete data against Scalix ...
2006-06-28 14:44:20 INFO: ... 0 entries passed for member.curr
2006-06-28 14:44:20 INFO: ... 0 entries failed for member.curr
2006-06-28 14:44:20 INFO: ... 0 entries warned for member.curr
2006-06-28 14:44:20 STATUS: apply delete data against Scalix ...
2006-06-28 14:44:20 INFO: ... 0 entries passed for delete.curr
2006-06-28 14:44:20 INFO: ... 0 entries failed for delete.curr
2006-06-28 14:44:20 INFO: ... 0 entries warned for delete.curr
2006-06-28 14:44:20 STATUS: apply add data against Scalix ...
2006-06-28 14:44:22 INFO: ... 1 entries passed for add.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for add.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for add.curr
2006-06-28 14:44:22 STATUS: apply limit data against Scalix ...
2006-06-28 14:44:22 INFO: ... 0 entries passed for add.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for add.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for add.curr
2006-06-28 14:44:22 STATUS: apply modify data against Scalix ...
2006-06-28 14:44:22 INFO: ... 0 entries passed for modify.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for modify.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for modify.curr
2006-06-28 14:44:22 STATUS: apply limit data against Scalix ...
2006-06-28 14:44:22 INFO: ... 0 entries passed for modify.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for modify.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for modify.curr
2006-06-28 14:44:22 STATUS: apply membadd data against Scalix ...
2006-06-28 14:44:22 INFO: ... 0 entries passed for member.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for member.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for member.curr
2006-06-28 14:44:22 STATUS: apply membmodify data against Scalix ...
2006-06-28 14:44:22 INFO: ... 0 entries passed for member.curr
2006-06-28 14:44:22 INFO: ... 0 entries failed for member.curr
2006-06-28 14:44:22 INFO: ... 0 entries warned for member.curr
2006-06-28 14:44:22 STATUS: LDAP dir sync import test4 completed #############
2006-06-28 14:44:22 STATUS: LDAP dir sync export test4 started ###############
2006-06-28 14:44:22 STATUS: load all records from linmail.dsrc.com ...
2006-06-28 14:44:22 INFO: agreement type 11 only supports import operation
2006-06-28 14:44:22 STATUS: LDAP dir sync export test4 completed #############

regards
Harigobi

[florian]

Harigobi,

given that it says

2006-06-28 14:44:22 INFO: ... 1 entries passed for add.curr

what actually failed?

if you do an omshowu -m all, wouldn't you see the user? The output you're posting is the output of a fully successful omldapsync run.

Cheers,
Florian.

[HariGobi]

Dear florian ,

After selecting the option 4 ( Accept previous error and update directory) then running option 2 gives the previous log .
Actually after creating a new user in AD and running omldapsync gives the following error (in the next paragraph) . Even though in the scalix server the user has been added but authentication failure occurs while I tried to login using scalix webmail .
one more issue, even after disabling the scalix mailbox service in the AD for the user, the users has not been removed in the scalix mail server.

NPUT: Please enter an option (0):2
2006-06-28 17:31:32 STATUS: LDAP dir sync import test4 started ###############
2006-06-28 17:31:32 STATUS: load all records from 192.168.7.26 ...
2006-06-28 17:31:32 INFO: work dir is /var/opt/scalix/ldapsync/test4/import
2006-06-28 17:31:32 STATUS: search source directory on 192.168.7.26 ...
2006-06-28 17:31:32 INFO: search base is cn=users,dc=dsrc7,dc=com
2006-06-28 17:31:32 INFO: ... 2 entries to check
2006-06-28 17:31:32 STATUS: find delta and perform mapping ...
2006-06-28 17:31:32 INFO: ... 0 entries to delete
2006-06-28 17:31:32 INFO: ... 2 entries to add
2006-06-28 17:31:32 INFO: ... 0 entries to modify
2006-06-28 17:31:32 STATUS: apply membdelete data against Scalix ...
2006-06-28 17:31:32 INFO: ... 0 entries passed for member.curr
2006-06-28 17:31:32 INFO: ... 0 entries failed for member.curr
2006-06-28 17:31:32 INFO: ... 0 entries warned for member.curr
2006-06-28 17:31:32 STATUS: apply delete data against Scalix ...
2006-06-28 17:31:32 INFO: ... 0 entries passed for delete.curr
2006-06-28 17:31:32 INFO: ... 0 entries failed for delete.curr
2006-06-28 17:31:33 INFO: ... 0 entries warned for delete.curr
2006-06-28 17:31:33 STATUS: apply add data against Scalix ...
--------> Sending SOAP Request to Ubermanager@http://linmail.dsrc.com/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://linmail.dsrc.com/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="Hari.Gobi@linmail.dsrc.com" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>AddUser</FunctionName>
<AddUserParameters>
<user type="MAIL"/>
<mailNode name="linmail,dsrc"/>
<userAttributes>
<entity name="S" value="testuser"/>
<entity name="G" value="testuser"/>
<entity name="FOREIGN-ADDR" value="CN=testuser testuser,CN=Users,DC=dsrc7,DC=com"/>
<entity name="CN" value="testuser testuser"/>
<entity name="GLOBAL-UNIQUE-ID" value="E3A/vNp6REqMQq/uGveV4A=="/>
<entity name="ACCOUNT_STATUS" value="unlock"/>
<entity name="UL-AUTHID" value="testuser@DSRC7.COM"/>
<entity name="UL-IL" value="ENGLISH"/>
<entity name="INTERNET-ADDR" value="&quot;testuser testuser&quot; &lt;testuser@dsrc7.com>"/>
<entity name="UL-CLASS" value="FULL"/>
<entity name="ADMINISTERED-BY" value="ldapsync-test4"/>
</userAttributes>
</AddUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>omaddu : [OM 8265] Authentication ID testuser@DSRC7.COM already used. :linmail.dsrc.com</message>
<errorcode>OM 8265</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-06-28 17:31:33 ERROR: failed to run omldapagent
--------> Sending SOAP Request to Ubermanager@http://linmail.dsrc.com/caa/ for method:AddUser
--------> Received SOAP Response from Ubermanager@http://linmail.dsrc.com/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="Hari.Gobi@linmail.dsrc.com" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>AddUser</FunctionName>
<AddUserParameters>
<user type="MAIL"/>
<mailNode name="linmail,dsrc"/>
<userAttributes>
<entity name="S" value="newuser"/>
<entity name="G" value="newuser"/>
<entity name="FOREIGN-ADDR" value="CN=newuser newuser,CN=Users,DC=dsrc7,DC=com"/>
<entity name="CN" value="newuser newuser"/>
<entity name="GLOBAL-UNIQUE-ID" value="E8fzczMw6kWlZDeUmuiatw=="/>
<entity name="ACCOUNT_STATUS" value="unlock"/>
<entity name="UL-AUTHID" value="newuser@DSRC7.COM"/>
<entity name="UL-IL" value="ENGLISH"/>
<entity name="INTERNET-ADDR" value="&quot;newuser newuser&quot; &lt;newuser@dsrc7.com>"/>
<entity name="UL-CLASS" value="LIMITED"/>
<entity name="ADMINISTERED-BY" value="ldapsync-test4"/>
</userAttributes>
</AddUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>omaddu : [OM 8265] Authentication ID newuser@DSRC7.COM already used. :linmail.dsrc.com</message>
<errorcode>OM 8265</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-06-28 17:31:34 ERROR: failed to run omldapagent
2006-06-28 17:31:34 INFO: ... 0 entries passed for add.curr
2006-06-28 17:31:34 INFO: ... 2 entries failed for add.curr
2006-06-28 17:31:34 INFO: ... 0 entries warned for add.curr
2006-06-28 17:31:34 STATUS: apply limit data against Scalix ...
2006-06-28 17:31:34 INFO: ... 0 entries passed for add.curr
2006-06-28 17:31:34 INFO: ... 0 entries failed for add.curr
2006-06-28 17:31:34 INFO: ... 0 entries warned for add.curr
2006-06-28 17:31:34 STATUS: apply modify data against Scalix ...
2006-06-28 17:31:34 INFO: ... 0 entries passed for modify.curr
2006-06-28 17:31:34 INFO: ... 0 entries failed for modify.curr
2006-06-28 17:31:34 INFO: ... 0 entries warned for modify.curr
2006-06-28 17:31:34 STATUS: apply limit data against Scalix ...
2006-06-28 17:31:34 INFO: ... 0 entries passed for modify.curr
2006-06-28 17:31:34 INFO: ... 0 entries failed for modify.curr
2006-06-28 17:31:34 INFO: ... 0 entries warned for modify.curr
2006-06-28 17:31:34 STATUS: apply membadd data against Scalix ...
2006-06-28 17:31:34 INFO: ... 0 entries passed for member.curr
2006-06-28 17:31:34 INFO: ... 0 entries failed for member.curr
2006-06-28 17:31:34 INFO: ... 0 entries warned for member.curr
2006-06-28 17:31:34 STATUS: apply membmodify data against Scalix ...
2006-06-28 17:31:35 INFO: ... 0 entries passed for member.curr
2006-06-28 17:31:35 INFO: ... 0 entries failed for member.curr
2006-06-28 17:31:35 INFO: ... 0 entries warned for member.curr
2006-06-28 17:31:35 STATUS: LDAP dir sync import failed, error=2 ###########
2006-06-28 17:31:35 STATUS: LDAP dir sync export test4 started ###############
2006-06-28 17:31:35 STATUS: load all records from linmail.dsrc.com ...
2006-06-28 17:31:35 INFO: agreement type 11 only supports import operation
2006-06-28 17:31:35 STATUS: LDAP dir sync export test4 completed #############


Thanks and regards
HariGobi

[florian]

Hi Harigobi,

it seems that the system has gotten out of sync; one must be careful with some of the options, especially the "Accept Error" one - have you checked omldapsync manpage about when this is applicable?

Key here seems to be the

<message>omaddu : [OM 8265] Authentication ID newuser@DSRC7.COM already used. :linmail.dsrc.com</message>

message which indicates the system trying to create a duplicate user record.

I would now recommend the following:

1. execute an omshowu -m all
2. delete all the users created through the omldapsync config with the omdelu command manually
3. go to your /var/opt/scalix/ldapsync/<name_of_agreement>/import directory
4. You should find about 20-25 files in there (add.curr, search.last, similar names). Delete them all using rm -f *.
5. execute omldapsync again and select option 2 - it should now create your two users again, correctly.
6. from that moment on, please always use option 3 to sync further records. Avoid using option 4. For some errors, you might need to use option 5. Check the manpage for details.

Hope this helps,
Florian.

[HariGobi]

Hi Florian,

Thanks . As per your instructions , it works fine and added the two users in the scalix server .

one more issue, even after uncheck the option "scalix mailbox service " in the AD for the user, the user has not been removed in the scalix mail server. Using option 3 in the ldapsync for update, it throws the following error ...

INPUT: Please enter an option (0):3
2006-06-29 12:42:08 STATUS: LDAP dir sync import test4 started ###############
2006-06-29 12:42:09 INFO: work dir is /var/opt/scalix/ldapsync/test4/import
2006-06-29 12:42:09 STATUS: search source directory on 192.168.7.26 ...
2006-06-29 12:42:09 INFO: search base is cn=users,dc=dsrc7,dc=com
2006-06-29 12:42:09 INFO: ... 2 entries to check
2006-06-29 12:42:09 STATUS: find delta and perform mapping ...
2006-06-29 12:42:09 INFO: ... 0 entries to delete
2006-06-29 12:42:09 INFO: ... 0 entries to add
2006-06-29 12:42:09 INFO: ... 1 entries to modify
2006-06-29 12:42:09 STATUS: apply membdelete data against Scalix ...
2006-06-29 12:42:09 INFO: ... 0 entries passed for member.curr
2006-06-29 12:42:09 INFO: ... 0 entries failed for member.curr
2006-06-29 12:42:09 INFO: ... 0 entries warned for member.curr
2006-06-29 12:42:09 STATUS: apply delete data against Scalix ...
2006-06-29 12:42:09 INFO: ... 0 entries passed for delete.curr
2006-06-29 12:42:09 INFO: ... 0 entries failed for delete.curr
2006-06-29 12:42:09 INFO: ... 0 entries warned for delete.curr
2006-06-29 12:42:09 STATUS: apply add data against Scalix ...
2006-06-29 12:42:09 INFO: ... 0 entries passed for add.curr
2006-06-29 12:42:09 INFO: ... 0 entries failed for add.curr
2006-06-29 12:42:09 INFO: ... 0 entries warned for add.curr
2006-06-29 12:42:09 STATUS: apply limit data against Scalix ...
2006-06-29 12:42:09 INFO: ... 0 entries passed for add.curr
2006-06-29 12:42:09 INFO: ... 0 entries failed for add.curr
2006-06-29 12:42:09 INFO: ... 0 entries warned for add.curr
2006-06-29 12:42:09 STATUS: apply modify data against Scalix ...
--------> Sending SOAP Request to Ubermanager@http://linmail.dsrc.com/caa/ for method:ModifyUser
--------> Received SOAP Response from Ubermanager@http://linmail.dsrc.com/caa/
error: Response contains failure report
>>>>>>>>SOAP Request
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<scalix-caa:CAARequestMessage xmlns:scalix-caa="http://www.scalix.com/caa">
<ServiceType>scalix.res</ServiceType>
<Credentials id="12345">
<Identity name="Hari.Gobi@linmail.dsrc.com" passwd="xxxxxxxx"/>
</Credentials>
<FunctionName>ModifyUser</FunctionName>
<ModifyUserParameters id="E8fzczMw6kWlZDeUmuiatw==">
<user type="INTERNET"/>
<mailNode name="internet,tnef"/>
<userAttributes>
<entity name="ACCOUNT_STATUS" value="unlock"/>
<entity name="ADMINISTERED-BY" value="ldapsync-test4"/>
<entity name="CN" value="newuser newuser"/>
<entity name="FOREIGN-ADDR" value="CN=newuser newuser,CN=Users,DC=dsrc7,DC=com"/>
<entity name="G" value="newuser"/>
<entity name="GLOBAL-UNIQUE-ID" value="E8fzczMw6kWlZDeUmuiatw=="/>
<entity name="INTERNET-ADDR" value="newuser@dsrc7.com"/>
<entity name="S" value="newuser"/>
<entity name="UL-AUTHID" value="newuser@DSRC7.COM"/>
<entity name="UL-CLASS" value="LIMITED"/>
<entity name="UL-IL" value=""/>
</userAttributes>
</ModifyUserParameters>
</scalix-caa:CAARequestMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
>>>>>>>>SOAP Response
SOAP part:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>CAA Service Error</faultstring>
<detail>
<scalix-caa:fault-details xmlns:scalix-caa="http://www.scalix.com/caa">
<message>User Conversion for type of user specified in the SOAP message is not supported yet.</message>
<errorcode>UM-1065</errorcode>
</scalix-caa:fault-details>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
0 entries passed
1 entries failed
0 entries warned
2006-06-29 12:42:10 ERROR: failed to run omldapagent
2006-06-29 12:42:10 INFO: ... 0 entries passed for modify.curr
2006-06-29 12:42:10 INFO: ... 1 entries failed for modify.curr
2006-06-29 12:42:10 INFO: ... 0 entries warned for modify.curr
2006-06-29 12:42:10 STATUS: apply limit data against Scalix ...
2006-06-29 12:42:10 INFO: ... 0 entries passed for modify.curr
2006-06-29 12:42:10 INFO: ... 0 entries failed for modify.curr
2006-06-29 12:42:10 INFO: ... 0 entries warned for modify.curr
2006-06-29 12:42:10 STATUS: apply membadd data against Scalix ...
2006-06-29 12:42:10 INFO: ... 0 entries passed for member.curr
2006-06-29 12:42:10 INFO: ... 0 entries failed for member.curr
2006-06-29 12:42:10 INFO: ... 0 entries warned for member.curr
2006-06-29 12:42:10 STATUS: apply membmodify data against Scalix ...
2006-06-29 12:42:10 INFO: ... 0 entries passed for member.curr
2006-06-29 12:42:10 INFO: ... 0 entries failed for member.curr
2006-06-29 12:42:10 INFO: ... 0 entries warned for member.curr
2006-06-29 12:42:10 STATUS: LDAP dir sync import failed, error=2 ###########
2006-06-29 12:42:10 STATUS: LDAP dir sync export test4 started ###############
2006-06-29 12:42:10 INFO: agreement type 11 only supports import operation
2006-06-29 12:42:10 STATUS: LDAP dir sync export test4 completed #############
Common tasks menu for syncid test4

Regards - HariGobi

[florian]

That is correct behaviour as of today.

Having a user with all the data in place (i.e. email address) will try to create a contact record by default (external email address!).

Conversion from a contact record to a full user is a supported operation. the reverse conversion isn't (because it would delete the users mailbox).

Scalix 11 ADE will have a modifed UI here that makes this pretty clear.

In Scalix 10, most people opt to disable to ability to create contact records; this requires a modifcation in the FILTER condition inside the agreement.

Florian.

[HariGobi]

Florain,

Thanks for your instructions.

Whether Single-signon possible for accessing SWA in the Domain environment.
(The usernames and details are imported using LDAP sync except passwords.)

Thanks - HariGobi

[florian]

Hi,

we'll need to be careful with the wording here - Single Sign On would refer to a ticket-based mechanism for using OS authentication inside applications. This is currently only available for AD, Kerberos and Outlook as an application.

I believe what you're referring to will be the "external authentication" part. In this case, user will still have to enter Username/Password when accessing the App (i.e. SWA), this will be handed through to the Scalix server for validation, but the Scalix server will use an external authentication source to verify as it doesn't have the passwords.

For this, Kerberos and AD can be used. The full procedure is described in the Scalix Admin guide, i.e. setting up the system to do both username/password-based kerberos auth in the swa case and SSO (where possible) in the OL case.

Note that omldapsync never syncs passwords; for security reasons, most external directories would never allow people to sync down passwords.

Cheers,
Florian.