Hello all,
following example:
I have tree sync-agreements:
1. for all internet adresses. (Filter: !exScalixClass)
2. for all scalix user (Filter: exScalixClass)
3. for all PDLs (Filter: groupOfNames)
I have one entry (say User1) as an internet user, synced by agreement 1.
This entry is also a member in some PDLs.
Now i modify User1 to an Scalix-user by setting the exScalixClass and all mandatory attributes. Than i run Sync 1. The entry will be deleted from Scalix and from the PDL.
Now i run Sync2 and the user will be added to Scalix as an MBox-account.
Now i run Sync3, this happens without errors, but User1 any longer exists in the PDLs.
What can i do, to bring the user back to all PDLs.
Thanks for an idea.
Holger
Btw. Why is omldapsync working with external DIFF-files instead comparing the two ldapservers one by one ???
omldapsync Public Distribution lists
Moderators: ScalixSupport, admin
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
Holger,
why do you run these as three different agreements in the first place? I believe the fact that Agreement 3 is not run as part of the deletion might be the cause of all trouble here. Keeping the stuff together more nicely in one or two agreements should make life easier.
Please explain your last statement about the internal implementation of the omldapsync tool - what do you mean by
Thx,
Florian.
why do you run these as three different agreements in the first place? I believe the fact that Agreement 3 is not run as part of the deletion might be the cause of all trouble here. Keeping the stuff together more nicely in one or two agreements should make life easier.
Please explain your last statement about the internal implementation of the omldapsync tool - what do you mean by
?comparing the two ldapservers one by one ???
Thx,
Florian.
Florian von Kurnatowski, Die Harder!
-
operator
- Posts: 26
- Joined: Tue Oct 11, 2005 6:18 am
Hello Florian,
the idea of splitting the sync into multiple agreements is for an bether error-handling. But, you are rigth, this brings more trouble in this special case.
What is scalix recommending ? Only one agreement for all, the internet adresses, the sclaix users and the pdls - or different one ?
My last question:
why does the ldap-sync script working with ldiff files instead of comparing the external ldap-server directly whit the scalix-server. For my opinion i should be easier in case of errors (for example the user is logon while the sync tries to modify them). In this case the omldapsync of today reports an error and you have to sync with -A. This is realy difficult to handle. In my proposal the script should compare both entries one-by-one and so, the user will be modified during next run.
Regards
Holger
the idea of splitting the sync into multiple agreements is for an bether error-handling. But, you are rigth, this brings more trouble in this special case.
What is scalix recommending ? Only one agreement for all, the internet adresses, the sclaix users and the pdls - or different one ?
My last question:
why does the ldap-sync script working with ldiff files instead of comparing the external ldap-server directly whit the scalix-server. For my opinion i should be easier in case of errors (for example the user is logon while the sync tries to modify them). In this case the omldapsync of today reports an error and you have to sync with -A. This is realy difficult to handle. In my proposal the script should compare both entries one-by-one and so, the user will be modified during next run.
Regards
Holger
SCHMIEDER it-solutions GmbH
Scalix certified partner
Carl-Zeiss-Strasse 5
72124 Pliezhausen
Scalix certified partner
Carl-Zeiss-Strasse 5
72124 Pliezhausen
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
I would only go with two agreements if the attribute mappings are very different for user and group objects; this is basically the only situation where omldapsync does not do a good job as there are not object-class conditional mappings. In all other cases I would go with one.
The error handling has dramatically changed with Scalix 10 and works now on a per-record level - I don't really see anythng wrong with this anymore. true, a diff-based mechanism is used to find the changes (which is pretty performant by the way), but in case of error, only the record in question will remain.
I haven't used the -A option since moving to 10. I actually just do every sync run with a -u -S combination of options (so that even if there was an error omldapsync will go to the source directory in any case). That works very well.
cheers from canada,
Florian.
The error handling has dramatically changed with Scalix 10 and works now on a per-record level - I don't really see anythng wrong with this anymore. true, a diff-based mechanism is used to find the changes (which is pretty performant by the way), but in case of error, only the record in question will remain.
I haven't used the -A option since moving to 10. I actually just do every sync run with a -u -S combination of options (so that even if there was an error omldapsync will go to the source directory in any case). That works very well.
cheers from canada,
Florian.
Florian von Kurnatowski, Die Harder!
Who is online
Users browsing this forum: No registered users and 13 guests