External Ldap Integration

[davidz]

I am planning on setting up Scalix with our current LDAP server. Upon investigation I've noticed that our current directory does not have the attribute "mail" for any of the users. Is it necessary to have this? Or can I map the users email address to something else like "uid"? Thanks for the information!

[Valerion]

You can map from any attribute, but you'll need to modify the mappings in the ldap sync config file manually.

[ScalixSupport]

What is the point in integrating if the users on the LDAP side have no email address?

What is the LDAP system ?

Cheers,

Sascha.

[davidz]

It's an OpenLDAP directory. And when it was setup it was only going to be used for our Domain Controller (Samba) logins. But now that we want to upgrade our email system we want to use the LDAP directory. I'd rather not mess with the default mappings so I can add the mail attribute to all the users. One last quesiton I have is should the mail value be the full email address with domain for just the username? Ex. foo@domain.com or just foo?

[Valerion]

One last quesiton I have is should the mail value be the full email address with domain for just the username? Ex. foo@domain.com or just foo?

Ideally it should be

Code: Select all

"User Name" <foo@domain.com>

to have a friendly outgoing address. Of course, you can use a rewrite and/or script to synthesize the address.

"man omldaputil" will point you in the right direction here.

[davidz]

Thanks for the info. Any other stuff you think I should make sure I have in my LDAP directory to make the sync go smoothly?

[rredman]

We are currently migrating an existing POP3 e-mail system with LDAP to Scalix. The company does not want to mess with existing LDAP, but incorporate it with Scalix. This is probably documented somewhere in the manuals, but could you please give me some pointers on the best way to to this?

Cheers,

Rob

[davidz]

The question is if you want to use your current LDAP system as your administration point or if you just want to import your users. See link below:

http://www.scalix.com/community/viewtopic.php?t=2703&highlight=

[vlaurenz]

One last quesiton I have is should the mail value be the full email address with domain for just the username? Ex. foo@domain.com or just foo?

Ideally it should be

Code: Select all

"User Name" <foo@domain.com>

to have a friendly outgoing address. Of course, you can use a rewrite and/or script to synthesize the address.

"man omldaputil" will point you in the right direction here.

I find the info in omldaputil cryptic at best. Does anyone have an example of a mapping config which will take

Code: Select all

foo@domain.com

and map it to something like

Code: Select all

"User Name" <foo@domain.com>

?

[davidz]

In my situation I had no email addresses in my OpenLDAP directory so when I created them I just used:
"User Name" <foo@domain.com>
That way when I setup my omldapsync stuff I didn't have to worry about any sort of extra stuff needing to happen. So, I did not use any sort of script to "sythesize" the complete address. It sounded too complicated, when I could just type it in at the time I create a new user.

[vlaurenz]

In my situation I had no email addresses in my OpenLDAP directory so when I created them I just used:
"User Name" <foo@domain.com>
That way when I setup my omldapsync stuff I didn't have to worry about any sort of extra stuff needing to happen. So, I did not use any sort of script to "sythesize" the complete address. It sounded too complicated, when I could just type it in at the time I create a new user.

Unfortunately that is not that case for me.

[davidz]

Good luck then.

[Valerion]

I used the following for a client using eDirectory:

sync.cfg:

Code: Select all

mail|INTERNET-ADDR|*,1,512|!SCRIPT=email.map --ldifrec sourcefile

email.map (This is a modified version of a Scalix example file):

Code: Select all

#!/bin/sh

##########################################################################
# Template/Example script - protocols definition copied from OM Tech Guide
##########################################################################

#
# for latest protocols, see OM Tech Guide
#

##########################################################################
#             Scalix Server Router Subject Mapping Protocols             #
##########################################################################
#
# PROTOCOLS SYNTAX:
# The following table outlines the possible commands sent by Scalix Server
# and the expected replies sent by the Mapper. Note:
#   1) each command/reply must end with a new line (\n) character
#   2) the Mapper must NOT buffer its output, each reply must be flushed
#   3) the Mapper must reply to each command
#
# COMMAND           REPLY           REPLY COMMENTS
# ================= =============== ======================================
# <start>           220<SP><text>   Mapper must output this when starts up
# HELO<SP><text>    250<SP><text>   Mapper accepts Scalix Server session
# SUBJECT:<text>    251<SP><text>   Subject does not match requirement
# SUBJECT:<text>    252<SP><text>   Subject matches requirement
# QUIT<SP><text>    221<SP><text>   Mapper terminates session
# <others>          500<SP><text>   Unexpected command/syntax
##########################################################################

# handle "<start>"
# return ready status
rep="220 Email Address Mapper Ready"
echo "$rep"
displayname=`grep displayName sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

# loop to process commands
Quit="FALSE"
while read cmd
do
    case "$cmd" in
    "HELO"*)
        # handle "HELO<SP><text>"
                # return ok status
        rep="250 Ok"
        ;;
    "SUBJECT:"*)
        # handle "SUBJECT:<text>"
                # subject matches requirement, strip off "SUBJECT:"
        input=`echo $cmd | sed -e "s/SUBJECT://"`
        email="\"$displayname\" <$input>"
        rep="252 $email"
        ;;
    "QUIT"*)
                # handle "QUIT<SP><text>"
        # return status, set flag to exit loop
        rep="221 Subject Mapper Close"; Quit="TRUE"
        ;;
    *)
        # handle "<others>"
                # return error status
        rep="500 Unrecognised Command or Syntax Error"
        ;;
    esac

    # must reply to each command
    echo "$rep"
    if [ "X$Quit" != "XTRUE" ]
    then
        continue
    else
        break
    fi
done

exit 0

###########################################################################
# End of script
###########################################################################

[vlaurenz]

Thanks for the reply Valerion. I'm a bit confused about that email.map file. Could you give me a brief explanation of what it does and how it does it?

[Valerion]

The email.map file must be in the same directory as the ldapsync config file. It uses the Subject Mapper from the Service Router.

The important lines are

Code: Select all

displayname=`grep displayName sourcefile | cut -f 2 -d ":" | sed -e "s/^ //"`

email="\"$displayname\" <$input>"

This takes the Display Name from LDAP, as well as the email address and formats it as

Code: Select all

Display Name <email>

and then returns the value. I needed to extract the value from the displayName, hence the cut and sed.

The rest of the script is just wrapping around it, to get the data from the Subject Mapper and to return various result values to it.

Credit here must go to Florian, he showed me the ropes in the beginning