External Ldap Integration

[vlaurenz]

The email.map file must be in the same directory as the ldapsync config file. It uses the Subject Mapper from the Service Router.

The important lines are

Code: Select all

displayname=`grep displayName sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

email=""$displayname" <$input>"

This takes the Display Name from LDAP, as well as the email address and formats it as

Code: Select all

Display Name <email>

and then returns the value. I needed to extract the value from the displayName, hence the cut and sed.

The rest of the script is just wrapping around it, to get the data from the Subject Mapper and to return various result values to it.

Credit here must go to Florian, he showed me the ropes in the beginning

Time to bring this back up.

Would this be a change that could be made to a live sync agreement? Would there be any issues with doing so? For example, would making the changes above to an agreement that was used to popluate my entire Scalix user-base cause any corruption of the Scalix sync data or the Scalix directory itself?

Thanks again for the help.

As an aside: I think that having Scalix handle this would make a very useful Feature/Enhancement Request. In my mind, there is no reason why Scalix couldn't just grab the displayName and the IA and create a properly formatted email address before sending.

[vlaurenz]

I tried this in a dev environment and the display name is empty:

Code: Select all

#omshowu auser
Authentication ID: auser
User Name : Angela User /CN=Angela User
MailNode : mymailn
Internet Address : "" <auser@mydomain>="" <angela.user@mydomain>
System Login : 60564
Password : unset
Admin Capabilities : NO
Mailbox Admin Capabilities : NO
Language : AMERICAN
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Full

See here also:

Code: Select all

# sh email.map --ldifrec sourcefile
220 Email Address Mapper Ready
grep: sourcefile: No such file or directory
HELO
250 Ok
SUBJECT:auser@mydomin
252 "" <auser@mydomin>
QUIT
221 Subject Mapper Close

What is 'sourcefile' referring to here?

Code: Select all

mail|INTERNET-ADDR|*,1,512|!SCRIPT=email.map --ldifrec sourcefile

Also, please note Scalix expects email.map to live in /var/opt/scalix/rules NOT in the same directory as the sync.cfg.

[vlaurenz]

One piece of the puzzle solved. I needed to change this:

Code: Select all

displayname=`grep displayName sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

to this:

Code: Select all

displayname=`grep -i cn sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

I've also realized that 'sourcefile' is an arbitrary filename passed to the .map script.

Now here's where the weird stuff happens. Every user that is synced this way will have the same Full Name. My guess is the CN from the first entry in the 'sourcefile' file is being used each time the mapping occurs. Now it's just a matter of figuring out how this is supposed to work...

Any ideas Valerion?

[vlaurenz]

SOLVED!

I moved this line:

Code: Select all

displayname=`grep -i cn sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

here:

Code: Select all

    "SUBJECT:"*)
        # handle "SUBJECT:<text>"
        # subject matches requirement, strip off "SUBJECT:"
        displayname=`grep -i cn sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`
        input=`echo $cmd | sed -e "s/SUBJECT://"`
        email="\"$displayname\" <$input>"
        rep="252 $email"
        ;;

The issue was obviously that for each entry being sync'ed, the displayname variable was not updated from the first pass. This move allows the displayname variable to be set each time a new request is made to the mapper.

I hope this helps others. It will be very useful to us.

[Valerion]

I'm glad you got it sorted out. Seems I made a few typos earlier, and didn't give enough explanation everywhere.

The script I posted was specifically for eDirectory, so the attribute name changes are normal. I will have to go re-check my script to make sure it works ...

Congrats

[vlaurenz]

I'm glad you got it sorted out. Seems I made a few typos earlier, and didn't give enough explanation everywhere.

The script I posted was specifically for eDirectory, so the attribute name changes are normal. I will have to go re-check my script to make sure it works ...

Congrats

Thanks.

I made a couple more tweaks. Notice the ':' after 'cn' and the extra logic for blank CN's. Here's the final version of the SUBJECT hander:

Code: Select all

    "SUBJECT:"*)
        # handle "SUBJECT:<text>"
        # Grab the displayname from the CN in the LDIF
        displayname=`grep -i cn: sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`
        # subject matches requirement, strip off "SUBJECT:"
        input=`echo $cmd | sed -e "s/SUBJECT://"`
        # Make sure displayname is not NULL
        if [ "$displayname" != "" ]
        then
                # Create a 'friendly' email address with displayname
                email=""$displayname" <$input>"
        else
                # displayname is empty; just use the email address
                email="$input"
        fi
        rep="252 $email"
        ;;