Scalix Forums

I have Scalix 11.0.2.1 on a Ubuntu Dapper server and am trying to use OpenLDAP for user info for both Scalix and Samba. So far I have everything setup according to the how to in the wiki and it seems to be working.

But when I tried creating a new user in SAC, it added him to the Scalix LDAP and not the OpenLDAP. Can I get SAC to access the OpenLDAP instead, so when I make a new user this way, they will be setup in Samba also. That would give me one set of accounts to deal with, which is exactly what I want.

Or is there anyway to authenticate against Unix users? Currently all my user are Unix users with a smbpasswd and a home and all. I previously had them all using a maildir in the home with postfix. But AFAIK, Scalix can't use either of these so OpenLDAP would seem the way to go.

I give up with this OpenLDAP jazz. I'll just write a script later so adding new Unix/Samba users is easier and have two separate sets of users. Scalix ones in the default setup, and Unix/Samba ones.

I have no idea why a crippled version of slapd is used in Scalix, but it makes integration with other apps a total PITA. This seems to be true all over Scalix, which is a big bloated mess of apps setup to act as one. I would much prefer to deal with a compact Scalix app that I just integrate into my other apps, like postfix, mysql, openldap, and the linux system itself.

Anyway, thanks for the lack of help. Guess I'm suppose to pay gross amounts of money to get support, so I can get a simple question answered.

Couple of things here.

1. SAC does not manage accounts in OpenLDAP or anywhere external to Scalix. The idea of external LDAP integration for our installations mostly comes into play when someone has an existing LDAP with some admin tool they have used in the past and they don't want to change their habits.

2. Scalix can authenticate against almost anything as we use PAM. However, user accounts need to be created anyway within Scalix so that mailbox can be initialized. Short of doing this manually using either SAC or the command line, LDAP-based synchronization to an external directory using omldapsync is the only way to do this.

3. The Scalix slapd is just a frontend. Scalix relies on its own non-LDAP directory system (which, for our precedessor HP OpenMail product was written before the LDAP RFC even existed). Therefore, it's not crippled, but limited as a read-mostly interface by design. It has no control over its schema, etc. Having said that, we are working on a architectural change where we actually plan to replace our internal directory system with direct external LDAP access. This should become available late this year or early 2008. At that point, SAC will also be able to manage information in some external directories.

4. I think compared to most other Linux-based groupware/messaging products on the market, Scalix is probably the one that really acts as "one", based on the fact that between HP and us (and some of the same people still work for us), we have written most of our stuff ourselves instead of using all kinds of Linux/Unix components. This includes some good things (such as deep message store/protocol integraton with efficient storage) and some that are probably less meaningful today (like the above mentioned directory system). Certainly Scalix is a big app, and cannot really be compared in complexity to any of Postfix, MySQL or openLDAP - from a complexity perspective needed to do it's job, internally it's probably a bit larger than all of these combined.

Anyway, for your situation I would recommend an exernal LDAP (i.e. you can use the SAMBA one), managed through some tool of your choice and then Scalix integrated with it through omldapsync and PAM for integrated user management and authentication. This should work just fine and you will still be using SAC for managing other server functionality, just not the users.

And yes - if you require well-defined response times to your questions under an SLA, we do recommend to go for one of our commercial support options. The forum is best-effort and many Scalix people here do that in their spare time as they have day jobs in writing software and supporting paying customers; also we get many outside contributions here (thanks to all the community members who do) and I think for a completely free service, most things are responded to in a timely manner......

Cheers,
Florian.

Hi Crashmaxx,

Sorry I missed your post. Just noticed it now doing a search for something unrelated. I have just recently completed Scalix/OpenLDAP integration, and I think the savings in longterm administration time would be well worth your short term tim and effort. I think there needs to be a a guide in the wiki which walks people through the steps required to integrate Scalix with a Samba OpenLDAP schema. I will try to write one this week and post it before the end of the week.

In the meantime, if you have not given up on Scalix, then please feel free to post questions again. And if you feel ignored (perhaps the few people who know the answer to yoru question have just missed the post for whatever reason.), please feel free to PM me and I will do my best to help you (especially with Samba+LDAP+Scalix).

My best piece of advice is to start with the integration is to read

/var/opt/scalix/<something>/s/sys/ldapsync13.schema
/var/opt/scalix/<something>/s/sys/ldapsync13.cfg
and
man omldapsync

From there, also check out the wiki, www.scalix.com/wiki . There is useful information regarding scalix and openldap on there already, specifically about password management, which you will also need to know in your travels.

Something which I do notice about your post, is that you are already very negative about the product, so perhaps you should struggle to find another opensource groupware alternative which will give you the same seemless featureset, and then come back when you realise the currently unique potential of the scalix product.

Kindest Regards

Graham

We also have a working Scalix + OpenLDAP + Samba enviroment. It's been running for about 6 months now, we have about 200 users. Unlike the original poster we had already migrated our outdated samba + etc/passwd type enviroment over to OpenLDAP before looking into Scalix. And like Graham said, it is worth the effort. Even if you don't end up using scalix, Samba+LDAP is a great Domain Controller.

Crashmaxx: And I also would be glad to offer any help I can with this type of configuration. I would not have been able to make it work without these forums.

Graham: I agree that some more complete/accurate documentation on the wiki would be awesome, if you get something started let me know and I'll add where I can.

florian wrote:Having said that, we are working on a architectural change where we actually plan to replace our internal directory system with direct external LDAP access. This should become available late this year or early 2008. At that point, SAC will also be able to manage information in some external directories.

Sounds interesting......


David

I'm sorry I was rude in my reply. Everything is working great and has been no problem since I decided not to mess with LDAP.

The only real problem here is that I could not find out exactly what and how LDAP would be used with Scalix. I spent quite a while trying to make it work, when it wasn't what I wanted and wouldn't do what I wanted from the start. I'm sure you can see why that would be very frustrating.

My whole Scalix install and setup has been plagued with small problems that bring everything to a halt and waste a lot of my time. In fact this whole server install has had these sorts of issues constantly. Along with changing requirements and small catastrophic failures this server is now months behind. Everything needed to work and be in use a while ago so any new problems are killing me.

Thanks for the responses. I just wish that the LDAP feature was more clearly explained to begin with so I would have never messed with it. As far as problems actually caused by Scalix, there really hasn't been any, so its a shame things aren't going more smoothly.