I'm evaluating Scalix to install in my organization.
Our directory infraestructure is based in a OpenLDAP server to Unix and Samba Accounts.
My openLDAP server is fully functionaly and only accepts binds if the connection is over TLS (SSL connection over port 389)
I've tried to use my openLDAP installation as central user managemente but the omldapsync returns the error:
ldap_bind: Not an LDAP errno 13
Viewing the logs in my openLDAP server seems that the omldapsync not start a TLS connection.
Attach my sync.cfg
##################################################################
#
# Scalix LDAP Directory Synchronization configuration
# NOTE: this file must be edited with care before use
# Interactively editable fields are controlled by the following:
EDIT_PROMPT=JAVA_HOME EX_HOST EX_LOGON EX_PASS IM_HOST IM_CAA_URL IM_CAA_KEYSTORE IM_CAA_NAME IM_CAA_PASS EX_BASE1 EX_BASE2 EX_BASE3
IM_OMADDRESS
# Sync agreement type - see omldapsync man page
TYPE_ID=13
# Sync agreement id - set by argument
SYNC_ID=at4sync
# NEXT_SYNCID: next sync agreement id to be executed after current
# agreement has completed, e.g. user sync followed by group sync
NEXT_SYNCID=
# JAVA_HOME: home directory of java installation
# e.g. "/usr/java/j2sdk1.4.2_02"
#JAVA_HOME=/usr/java/j2sdk1.4.2_02
JAVA_HOME=/usr/java/jre1.5.0_17
# The class path required by omldapagent java application (under
# /opt/scalix/svr/java/bin) is setup automatically by omldapsync to
# access dependent java libraries (under /opt/scalix/svr/java/lib)
##################################################################
#
# PART 1 General Configuration
##################################################################
# This section covers the settings required for tools to access
# both the remote and local systems for import or export.
# The general format is one or more line of <tag>=<value>
# Line starts with '#' is treated as comment
# When edited using omldaputil, do one of the followings:
# -presss <enter> to accept the default offered inside []
# -type in alternative <value> and press <enter>
# -do not quote the value with "" or ''
#
# PART 1.1 for IMPORT - remote host
##########################################
# EX_HOST: remote LDAP directory server name or IP address
# e.g. "remote_server.your_domain.com" or "192.168.1.216"
EX_HOST=ldap-cluster.in.at4.net
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Export Admin,cn=users,dc=your_org,dc=com"
EX_LOGON=cn=root,dc=in,dc=at4,dc=net
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=
#
# PART 1.2 for IMPORT - local host
#########################################
# IM_HOST: local Scalix directory server name
# must specify FQDN where internet and user group will be imported
# e.g. "local_server.your_domain.com"
IM_HOST=correo.in.at4.net
# IM_CAA_URL: Scalix CAA service url - must end with "/"
# e.g. "http://local_server.your_domain.com:8080/caa/"
# IM_CAA_KEYSTORE: Scalix CAA service keystore for HTTPS only
# e.g "/var/opt/scalix/ldapsync/keystore"
IM_CAA_KEYSTORE=
# IM_CAA_ID: service login session-id
# e.g. "12345"
IM_CAA_ID=12345
# IM_CAA_NAME: service login auth-id, must have Scalix admin capability
# e.g. "user_name@your_domain.com"
IM_CAA_NAME=sxadmin
# IM_CAA_PASS: service login password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
IM_CAA_PASS=
# IM_DELETE_MAILBOX: whether sync of mailbox delete will be applied to Scalix
# NOTE: set to "FALSE" to keep the mailbox and handle the deletion manually
IM_DELETE_MAILBOX=FALSE
# IM_DELETE_LIMIT: absolute or percentage of total object deletions allowed
# NOTE: if delete count exceeds the limit then report error and terminate
# e.g. "50" for 50 deletions or "50%" for 50% deletions from the total
IM_DELETE_LIMIT=50%
# IM_FAIL2WARN_OPCODES: space separated list of opcodes that will be changed
# from failure to warning, a way to auto ignore certain type of error
# opcodes for add/modify/delete users=1/4/7 and groups=2/5/8
# opcodes for add/modify/delete members=3/3/9 and limits=12/12/-
# NOTE: should use a whole set, e.g. "3 9" to auto ignore all members error
IM_FAIL2WARN_OPCODES=
#
# PART 1.3 for IMPORT - ldap parameters
#######################################
# EX_ATTR: attributes to extract from remote system for import
# e.g. "member dn uid objectClass displayName sn givenname initials mail entryUUID cn <etc>"
EX_ATTR=scalixHideUserEntry scalixMailboxClass scalixLimitMailboxSize scalixLimitOutboundMail scalixLimitInboundMail scalixLimitNoti
fyUser scalixScalixObject scalixMailnode scalixServerLanguage scalixAdministrator scalixMailboxAdministrator scalixEmailAddress memb
er dn uid objectClass displayName sn givenname initials mail entryUUID cn facsimileTelephoneNumber homephone street st telephoneNumb
er title c company departmentNumber description l mobile pager physicalDeliveryOfficeName postalCode
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1=ou=accounts,ou=Samba,dc=in,dc=at4,dc=net
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# NOTE: extra EX_BASE10 upto EX_BASE200 can be defined here
# EX_FILTER: search filter to include/exclude entries to import
# e.g. "(&(cn=*)(|(mail=*)(scalixEmailAddress=*))(|(objectClass=inetOrgPerson)(objectClass=groupOfNames)))"
EX_FILTER=(&(cn=*)(|(mail=*)(scalixEmailAddress=*))(|(objectClass=inetOrgPerson)(objectClass=groupOfNames)))
# IM_OMADDRESS: Scalix address where remote entries are imported
# NOTE: this may be an internet route configured for coexistence
# If the remote entry supplies its own route then to use it in
# preference to the default a special '@' prefix must be added.
# e.g. "/internet" or "internet"
IM_OMADDRESS=/internet
# IM_MV_ATTR: mapped attributes that can be imported with multi values
# e.g. "objectClass INTERNET-ADDR omMemberForeignAddr"
IM_MV_ATTR=objectClass INTERNET-ADDR omMemberForeignAddr
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "entryUUID"
EX_GUID=entryUUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. ""
LDAPCT_BIN_ATT=
# EX_PAGESIZE: use pagesize control extension to overcome search limit
# e.g. "100"
EX_PAGESIZE=1000
# EX_SCOPE: use one of sub, one, base to control search scope
# e.g. "sub"
#EX_SCOPE=sub
#
# PART 1.4 for EXPORT - ldap parameters
#######################################
# NOTE: export is not supported for this agreement type
#
# PART 2 Mapping Configuration
#################################################################
# WARNING: refer to documentation before editing the tables.
# This section defines the mappings required in order to map data
# between the remote and local LDAP systems for import or export.
# The general format is <lines of value> enclosed by markers.
# When edited using omldaputil, do one of the followings:
# -presss <enter> to accept the default offered inside []
# -type in alternative value and press <enter>
# -type in '-' to remove the line offered
# -type in '+<value> to insert it before current line
# For more details on all mapping rules see omldaputil man page.
#
# PART 2.1 for IMPORT - mapping table
#####################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in IM_MV_ATTR, only keep first instances
#####################################
# primary mapping table
IM_MAPPING_TABLE=
# tag the entry using sync agreement name
|ADMINISTERED-BY|*|ldapsync-at4sync
# scalix reserved attributes
scalixHideUserEntry|EX-CDA-DIRECTORY|TRUE|1
scalixHideUserEntry|EX-CDA-DIRECTORY|FALSE|
scalixMailboxClass|UL-CLASS|*|*
scalixLimitMailboxSize|*|*|*
scalixLimitOutboundMail|*|*|*
scalixLimitInboundMail|*|*|*
scalixLimitNotifyUser|*|*|*
scalixScalixObject|omMailbox|*|*
scalixMailnode|omMailnode|*|*
scalixServerLanguage|UL-IL|*|*
scalixAdministrator|ADMIN|*|*
scalixMailboxAdministrator|MBOXADMIN|*|*
# scalix object classes
objectClass|*|groupOfNames|distributionList
objectClass|*|inetOrgPerson|organizationalPerson
objectClass||*|#ignore others
# distinguished name
dn|*|*|*
# global unique id
entryUUID|GLOBAL-UNIQUE-ID|*|*
# common name
cn|CN|*,1,64!ISMISSING=displayName|*
cn||*|#suppress it otherwise
displayName|CN|*,1,64|*
# initial
initials|I|*,1,5|*
# surname
sn|S|*,1,40|*
# use cn for surname if sn is missing
cn|S|*,1,40!ISMISSING=sn|*
# given name is mapped if surname is present
givenName|G|*,1,16!ISPRESENT=sn|*
givenName||*|#suppress it otherwise
# primary internet address for non-scalix user
mail|INTERNET-ADDR|*,1,512!ISMISSING=scalixEmailAddress|!CUSTOM=TX_IA_TO_QP_IA
mail||*|#suppress it otherwise
# all internet addresses for scalix user
scalixEmailAddress|INTERNET-ADDR|*,1,512|!CUSTOM=TX_IA_TO_QP_IA
# the DN of the entry
dn|FOREIGN-ADDR|*,1,512|*
# the DN of the group members
member|omMemberForeignAddr|*|*
# authentication id
uid|UL-AUTHID|*|*
# informational attributes
facsimileTelephoneNumber|FAX|*,1,32|!CUSTOM=TO_PS_STR
homephone|HOME-PHONE|*,1,32|!CUSTOM=TO_PS_STR
street|STREET-ADDRESS|*,1,128|!REPLACE=\033J|\012
st|STATE-OR-PROVINCE|*,1,128|*
telephoneNumber|PHONE-1|*,1,32|!CUSTOM=TO_PS_STR
title|TITLE|*,1,128|*
c|CNTRY|*,1,2|*
company|EMPL-ORG|*,1,64|*
departmentNumber|EMPL-DEPT|*,1,32|*
description|ENTRY-DESC|*,1,1024|!REPLACE=\033J|\012
l|L|*,1,128|*
mobile|MOBILE-PHONE|*,1,32|!CUSTOM=TO_PS_STR
pager|PAGER-PHONE|*,1,32|!CUSTOM=TO_PS_STR
physicalDeliveryOfficeName|PD-OFFICE-NAME|*,1,128|*
postalCode|POSTAL-CODE|*,1,40|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#IM_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# PART 2.2 for EXPORT - mapping tables
######################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
#
#####################################
# primary mapping table
EX_MAPPING_TABLE=
*|*|*|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#EX_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# END
#################################################################
And the /var/opt/scalix/co/s/sys/om_ldap.conf file
host=ldap-cluster.in.at4.net
search=subtree
base=ou=accounts,ou=Samba,dc=in,dc=at4,dc=net
filter=uid=%s
tls=on
debug=3
It's a critical path for us to take this integration OK to use Scalix.
Thanks in advance.