Premium User or Standard User

[davidz]

I have a newly installed Scalix server that I finally have every aspect of it working with our current LDAP directory. My question is how do I change scalix specific options on one of my omldapsync'ed users? Example: All my users are greyed out in SAC because they were imported from my LDAP directory. They can all login to SWA/POP/IMAP etc just fine. But I need to make some of them Premium Users. How do I do this? Also how do I adjust mailbox limits?

[florian]

You're running in a master slave directory configuration, therefore user access in SAC is read mostly.

How to proceed depends on one very basic decision - do you want to keep managing your users in your external LDAP (what kind is it? AD? OpenLDAP?), then you would need to manage those attributes to your external LDAP as well - or: do you want to only provision the users through the external LDAP and then go to local Scalix user management - in this case you would want to remove the directory link and convert the user entries to local so that you can edit them through SAC...

Please advise,
Florian.

[davidz]

I would like to use my current directory for all management. (It's OpenLDAP). I've found that I can use ommodu to change the user from a standard to premium user but I haven't been able to find how do do it from my external LDAP directory. There are three thing I want to be able to control from my external LDAP: standard/premium user setting, mailbox limits, and whether or not the user is an administrator.

I've already found the setting in the scalix provided schema file to change the user to an administrator, but I don't know where to change mailbox limits and standard/premium user settings.

Thank you for your help.

[florian]

The schema attributes needed for that have been introduced in Scalix 10, however, the OpenLDAP sample schema file has not been updated. I'll post a schema file with all the stuff below.

This alone will not suffice, though, you'll need to modify your sync.cfg file as well. You will be able to use /var/opt/scalix/sys/ldapsync11.cfg as a example - this is for AD, so don't change the RFC-based attributes in your sync.cfg, only adapt the scalix-specific ones.

Hope this helps,
Florian.

Code: Select all

# Copyright (C) 2006 Scalix Corporation.  All rights reserved.

# OpenLDAP schema extension for Scalix omldapsync attributes
# For reference see OpenLDAP 2.1 Administrator's Guide

# Installation steps (requires root login):
#
# 1. Stop OpenLDAP slapd server (e.g. kill -INT `cat /var/run/slapd.pid`)
#
# 2. Copy this file to OpenLDAP schema sub directory (e.g. /etc/openldap/schema)
#
# 3. Edit OpenLDAP slapd.conf file (e.g. /etc/openldap/slapd.conf) to:
#
#    a. Extend the schema by appending reference to the 'include' section,
#       something like the following lines:
#
#       # include schema extension for Scalix omldapsync attributes
#       include /etc/openldap/schema/scalix-10.0.0.schema
#
#    b. Ensure Scalix omldapsync has sufficient read access to all the data,
#       usually determined by the type of bind and the dn used.
#
#    c. Ensure Scalix omldapsync has sufficient search limit to return all the
#       matching entries, usually determined by the 'sizelimit' setting used.
#
# 4. Start OpenLDAP slapd server (e.g. /usr/sbin/slapd)
#
# 5. Fix any error, repeat steps 1 to 4 as necessary.
#
# 6. Test add (e.g. /usr/bin/ldapadd -D "cn=Manager,dc=my-domain,dc=com") using
#    something like the following LDIF lines:
#
#    dn: cn=testuser scalix,dc=my-domain,dc=com
#    objectClass: inetOrgPerson
#    cn: testuser scalix
#    displayName: Testuser Scalix
#    sn: Scalix
#    mail: testuser@test.scalix.com
#    objectClass: scalixUserClass
#    scalixScalixObject: TRUE
#    scalixMailnode: ou1,ou2
#    scalixServerLanguage: ENGLISH
#    scalixAdministrator: TRUE
#    scalixMailboxAdministrator: FALSE
#    scalixEmailAddress: testuser@my-domain.com
#    scalixEmailAddress: testuser@my-domain.de
#    scalixLimitMailboxSize: 1024000
#    scalixLimitOutboundMail: TRUE
#    scalixLimitInboundMail: FALSE
#    scalixLimitNotifyUser: TRUE
#    scalixHideUserEntry: FALSE
#    scalixMailboxClass: FULL
#
#    dn: cn=testgroup scalix,dc=my-domain,dc=com
#    objectClass: groupOfNames
#    cn: testgroup scalix
#    member: cn=testuser scalix,dc=my-domain,dc=com
#    objectClass: scalixGroupClass
#    scalixScalixObject: TRUE
#    scalixMailnode: ou1,ou2
#    displayName: Testgroup Scalix
#    scalixEmailAddress: testgroup@test.scalix.com
#    scalixHideUserEntry: TRUE
#   
# 7. Test search (e.g. /usr/bin/ldapsearch -b "dc=my-domain,dc=com" -x -D ""
#    -w "" cn=*scalix) to check for read access and correct entries were added.

# define macro for Scalix root OID
objectIdentifier scalixOID 1.3.6.1.4.1.19049

# new attributes to describe an Scalix user or group object
# use 1.1.x from Scalix root OID
attributetype ( scalixOID:1.1.10 NAME ( 'scalixScalixObject' )
        DESC 'boolean TRUE or FALSE for creating scalix mailbox/PDL object
              If this is set to FALSE and the object is matched by the omldapsync
              filter, a Contact entry/Internet user is created. If set to true, a
              mailbox is setup. For Group/PDL objects, this must always be set to true'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.11 NAME ( 'scalixMailnode' )
        DESC 'Comma-separated org units for object's mailnode. This is the
              Mailnode name as defined when the Scalix server was setup. In
              Multi-server environments, this is used to select on which server
              the object is to be created.'
        SINGLE-VALUE
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        ORDERING caseIgnoreOrderingMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

attributetype ( scalixOID:1.1.12 NAME ( 'scalixAdministrator' )
        DESC 'Boolean TRUE or FALSE for admin capability. If set to TRUE,
              the user created will have full Scalix admin capabilites.'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.13 NAME ( 'scalixMailboxAdministrator' )
        DESC 'Boolean TRUE or FALSE for Mailbox Admin capability. A user with
              this flag set to TRUE can access ANY mailbox on a server through
              mboxadmin signon. This is usually only used for migration tools and
              typically not exposed through LDAP'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.14 NAME ( 'scalixServerLanguage' )
        DESC 'Message catalog language for client. This is one of the Scalix-supported
              languages found in /var/opt/scalix/nls/om_langs'
        SINGLE-VALUE
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        ORDERING caseIgnoreOrderingMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

attributetype ( scalixOID:1.1.15 NAME ( 'scalixEmailAddress' )
        DESC 'List of SMTP addresses of user. This is a multi-valued attribute. The
              order is important as the first of these values is used as the outgoing
              from address of the user.'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        ORDERING caseIgnoreOrderingMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

attributetype ( scalixOID:1.1.16 NAME ( 'scalixLimitMailboxSize' )
        DESC 'mailbox size limit for the user in MB'
         SINGLE-VALUE
        EQUALITY integerMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

attributetype ( scalixOID:1.1.17 NAME ( 'scalixLimitOutboundMail' )
        DESC 'As Sanction on Mailbox quota overuse, stop user from sending mail.
              Set to TRUE or FALSE'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.18 NAME ( 'scalixLimitInboundMail' )
        DESC 'As Sanction on Mailbox quota overuse, stop user from receiving mail.
              Set to TRUE or FALSE'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.19 NAME ( 'scalixLimitNotifyUser' )
        DESC 'As Sanction on Mailbox quota overuse, notify the User by eMail.
              Set to TRUE or FALSE'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.20 NAME ( 'scalixHideUserEntry' )
        DESC 'Hide User Entry from Addressbook. Set to TRUE or FALSE'
        SINGLE-VALUE
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( scalixOID:1.1.21 NAME ( 'scalixMailboxClass' )
        DESC 'Class of User Mailbox FULL or LIMITED. This maps to
              Premium or Standard users as defined by Scalix User licensing policy'
   SINGLE-VALUE
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        ORDERING caseIgnoreOrderingMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

# auxiliary classes for scalix User and group
# use 1.2.x from Scalix root OID
objectclass ( scalixOID:1.2.10 NAME 'scalixUserClass'
        DESC 'Supplemental class containing the Scalix User-related attributes'
        AUXILIARY
        MUST ( scalixScalixObject     $ scalixMailnode
        )
        MAY  ( scalixAdministrator    $ scalixMailboxAdministrator $
                scalixServerLanguage   $ scalixEmailAddress $
                scalixLimitMailboxSize $ scalixLimitOutboundMail $
                scalixLimitInboundMail $ scalixLimitNotifyUser $
                scalixHideUserEntry    $ scalixMailboxClass
   ) )

objectclass ( scalixOID:1.2.11 NAME 'scalixGroupClass'
        DESC 'Supplemental class containing the Scalix Group-related attributes'
        AUXILIARY
        MUST ( scalixScalixObject $ scalixMailnode
        )
        MAY  ( scalixEmailAddress $ scalixHideUserEntry
   ) )



[davidz]

Ok I think I've got it all ready to go. It imports the user fine, but it's not creating the mailbox. I was wondering if you could take a look at my sync file and see if anything is out of place. Here it is:

Code: Select all

##################################################################
#
# Scalix LDAP Directory Synchronization configuration
# NOTE: this file must be edited with care before use
# Interactively editable fields are controlled by the following:
EDIT_PROMPT=JAVA_HOME EX_HOST EX_LOGON EX_PASS IM_HOST IM_CAA_URL IM_CAA_KEYSTORE IM_CAA_NAME IM_CAA_PASS EX_BASE1 EX_BASE2 EX_BASE3 IM_OMADDRESS
# Sync agreement type - see omldapsync man page
TYPE_ID=13
# Sync agreement id - set by argument
SYNC_ID=hermesNEW
# JAVA_HOME: home directory of java installation
# e.g. "/usr/java/j2sdk1.4.2_02"
JAVA_HOME=/usr/java/jre1.5.0_04
# The class path required by omldapagent java application (under
# /opt/scalix/svr/java/bin) is setup automatically by omldapsync to
# access dependent java libraries (under /opt/scalix/svr/java/lib)
##################################################################
#
# PART 1 General Configuration
##################################################################
# This section covers the settings required for tools to access
# both the remote and local systems for import or export.
# The general format is one or more line of <tag>=<value>
# Line starts with '#' is treated as comment
# When edited using omldaputil, do one of the followings:
#    -presss <enter> to accept the default offered inside []
#    -type in alternative <value> and press <enter>
#    -do not quote the value with "" or ''
#
# PART 1.1 for IMPORT - remote host
##########################################
# EX_HOST: remote LDAP directory server name or IP address
# e.g. "remote_server.your_domain.com" or "192.168.1.216"
EX_HOST=foo.com
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Export Admin,cn=users,dc=your_org,dc=com"
EX_LOGON=uid=root,ou=Users,dc=foo,dc=com
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=
#
# PART 1.2 for IMPORT - local host
#########################################
# IM_HOST: local Scalix directory server name
# must specify FQDN where internet and user group will be imported
# e.g. "local_server.your_domain.com"
IM_HOST=foo.com
# IM_PORT: LDAP server port number
# e.g. "389" is normally used
#<na>IM_PORT=389
# IM_LOGON: user that can search/delete/add/modify directory
# your Scalix administrator account is often used
# e.g. "Import Admin" for user with this common name
#<na>IM_LOGON=Import Admin
# IM_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
#<na>IM_PASS=
# IM_CAA_URL: Scalix CAA service url - must end with "/"
# e.g. "http://local_server.your_domain.com:8080/caa/"
IM_CAA_URL=http://foo.com/caa/
# IM_CAA_KEYSTORE: Scalix CAA service keystore for HTTPS only
# e.g "/var/opt/scalix/ldapsync/keystore"
IM_CAA_KEYSTORE=
# IM_CAA_ID: service login session-id
# e.g. "12345"
IM_CAA_ID=12345
# IM_CAA_NAME: service login auth-id, must have Scalix admin capability
# e.g. "user_name@your_domain.com"
IM_CAA_NAME=sxadmin@mail.foo.com
# IM_CAA_PASS: service login password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
IM_CAA_PASS=
# IM_DELETE_MAILBOX: whether sync of mailbox delete will be applied to Scalix
# NOTE: set to "FALSE" to keep the mailbox and handle the deletion manually
IM_DELETE_MAILBOX=TRUE
#
# PART 1.3 for IMPORT - ldap parameters
#######################################
# EX_SCALIX_ATTRS: list of resersed Scalix attributes in external directory
# to administer Scalix user/group from this remote master source
# e.g. "EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG ..."
#EX_SCALIX_ATTRS=EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG EX_SCALIX_ADMIN EX_SCALIX_MBOXADMIN
EX_SCALIX_ATTRS=SCALIXHIDEUSERENTRY SCALIXMAILBOXCLASS SCALIXLIMITMAILBOXSIZE SCALIXLIMITOUTBOUNDMAIL SCALIXLIMITINBOUNDMAIL SCALIXLIMITNOTIFYUSER EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG EX_SCALIX_ADMIN EX_SCALIX_MBOXADMIN
# SCALIXHIDEUSERENTRY: name of attribute to specify whether the user entry
# should be hidden from Outlook address book
# e.g. "scalixHideUserEntry"
SCALIXHIDEUSERENTRY=scalixHideUserEntry
# SCALIXMAILBOXCLASS: name of attribute to specify whether the mailbox class
# should have full or limited features
# e.g. "scalixMailboxClass"
SCALIXMAILBOXCLASS=scalixMailboxClass
# SCALIXLIMITMAILBOXSIZE: name of attribute to specify whether Scalix limit
# on mailbox size is required, must use a numerical value >= zero
# e.g. "scalixLimitMailboxSize"
SCALIXLIMITMAILBOXSIZE=scalixLimitMailboxSize
# SCALIXLIMITOUTBOUNDMAIL: name of attribute to specify whether Scalix limit
# on outbound mail is required, must use a boolean value "true" or "false"
# e.g. "scalixLimitOutboundMail"
SCALIXLIMITOUTBOUNDMAIL=scalixLimitOutboundMail
# SCALIXLIMITINBOUNDMAIL: name of attribute to specify whether Scalix limit
# on inbound mail is required, must use a boolean value "true" or "false"
# e.g. "scalixLimitInboundMail"
SCALIXLIMITINBOUNDMAIL=scalixLimitInboundMail
# SCALIXLIMITNOTIFYUSER: name of attribute to specify whether Scalix limit
# on notify user is required, must use a boolean value "true" or "false"
# e.g. "scalixLimitNotifyUser"
SCALIXLIMITNOTIFYUSER=scalixLimitNotifyUser
# EX_SCALIX_MAILBOX: name of attribute to specify whether Scalix object
# is required, yes if value is set to "TRUE"
# e.g. "exScalixObject"
EX_SCALIX_MAILBOX=scalixScalixObject
# EX_SCALIX_MAILNODE: name of attribute to specify which Scalix mailnode
# to add the mailbox, must use "<ou1>,<ou2>,<ou3>,<ou4>" format
# e.g. "exScalixMailnode"
EX_SCALIX_MAILNODE=scalixMailnode
# EX_SCALIX_MSGLANG: name of attribute to specify which Scalix message
# catalog language to use for client, default to "C" if not set
# e.g. "exScalixMsglang"
EX_SCALIX_MSGLANG=scalixServerLanguage
# EX_SCALIX_ADMIN: name of attribute to specify whether to give the user
# Scalix admin capability, yes if value is set to "TRUE"
# e.g. "exScalixAdmin"
EX_SCALIX_ADMIN=scalixAdministrator
# EX_SCALIX_MBOXADMIN: name of attribute to specify whether to give the user
# Scalix mailbox-admin capability, yes if value is set to "TRUE"
# e.g. "exScalixMboxadmin"
EX_SCALIX_MBOXADMIN=scalixMailboxAdministrator
# EX_ATTR: attributes to extract from remote system for import
# e.g. "member dn uid objectClass displayName sn givenname initials mail entryUUID cn <etc>"
#EX_ATTR=exScalixObject exScalixMailnode exScalixMsglang exScalixAdmin exScalixMboxadmin member dn uid objectClass displayName sn givenname initials mail entryUUID cn facsimileTelephoneNumber homephone street st telephoneNumber title co company departmentNumber description l mobile pager physicalDeliveryOfficeName postalCode
EX_ATTR={SCALIXHIDEUSERENTRY} ${SCALIXMAILBOXCLASS} ${SCALIXLIMITMAILBOXSIZE} ${SCALIXLIMITOUTBOUNDMAIL} ${SCALIXLIMITINBOUNDMAIL} ${SCALIXLIMITNOTIFYUSER} ${EX_SCALIX_MAILBOX} ${EX_SCALIX_MAILNODE} ${EX_SCALIX_MSGLANG} ${EX_SCALIX_ADMIN} ${EX_SCALIX_MBOXADMIN} member dn uid objectClass displayName sn givenname initials mail entryUUID cn scalixEmailAddress facsimileTelephoneNumber homephone streetAddress st telephoneNumber title company department description  mobile pager physicalDeliveryOfficeName postalCode secretary
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1=uid=scalix1,ou=Users,dc=foo,dc=com
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# EX_FILTER: search filter to include/exclude entries to import
# e.g.   "(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))"
EX_FILTER=(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))
# IM_DN_SUFFIX: set the dn suffix (location) for the imported entries
# NOTE: by default all rdns from the remote dn will be retained & encoded
# for maximum uniqueness. To only use the first <N> rdns for this, specify
# the argument in the format "<N>|<suffix>" instead of "<suffix>".
# e.g. "o=Scalix" for all rdns, or "2|o=Scalix" for first 2 rdns.
#<na>IM_DN_SUFFIX=2|o=Scalix
# IM_OMADDRESS: Scalix address where where entries are imported
# NOTE: this is a route which you configure for coexistence
# e.g. "/internet" or "internet"
IM_OMADDRESS=/internet
# IM_MV_ATTR: mapped attributes that can be imported with multi values
# e.g. "objectClass INTERNET-ADDR omMemberForeignAddr"
IM_MV_ATTR=objectClass INTERNET-ADDR omMemberForeignAddr
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "entryUUID"
EX_GUID=entryUUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. ""
LDAPCT_BIN_ATT=
# EX_PAGESIZE: use pagesize control extension to overcome search limit
# e.g. "100"
EX_PAGESIZE=1000
#
# PART 1.4 for EXPORT - ldap parameters
#######################################
# NOTE: export is not supported for this agreement type
#
# PART 2 Mapping Configuration
#################################################################
# WARNING: refer to documentation before editing the tables.
# This section defines the mappings required in order to map data
# between the remote and local LDAP systems for import or export.
# The general format is <lines of value> enclosed by markers.
# When edited using omldaputil, do one of the followings:
#    -presss <enter> to accept the default offered inside []
#    -type in alternative value and press <enter>
#    -type in '-' to remove the line offered
#    -type in '+<value> to insert it before current line
# For more details on all mapping rules see omldaputil man page.
#
# PART 2.1 for IMPORT - mapping table
#####################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in IM_MV_ATTR, only keep first instances
#####################################
# primary mapping table
IM_MAPPING_TABLE=
# scalix reserved attributes
${SCALIXHIDEUSERENTRY}|EX-CDA-DIRECTORY|TRUE|1
${SCALIXHIDEUSERENTRY}|EX-CDA-DIRECTORY|FALSE|
${SCALIXMAILBOXCLASS}|UL-CLASS|*|*
${SCALIXLIMITMAILBOXSIZE}|scalixLimitMailboxSize|*|*
${SCALIXLIMITOUTBOUNDMAIL}|scalixLimitOutboundMail|*|*
${SCALIXLIMITINBOUNDMAIL}|scalixLimitInboundMail|*|*
${SCALIXLIMITNOTIFYUSER}|scalixLimitNotifyUser|*|*
${EX_SCALIX_MAILBOX}|omMailbox|*|*
${EX_SCALIX_MAILNODE}|omMailnode|*|*
${EX_SCALIX_MSGLANG}|UL-IL|*|*
${EX_SCALIX_ADMIN}|ADMIN|*|*
${EX_SCALIX_MBOXADMIN}|MBOXADMIN|*|*
# scalix object classes
objectClass|*|groupOfNames|distributionList
objectClass|*|inetOrgPerson|organizationalPerson
objectClass||*|#ignore others
# distinguished name
dn|*|*|*
# global unique id
entryUUID|GLOBAL-UNIQUE-ID|*|*
# common name
displayName|CN|*,1,64|*
# use cn for common name if displayName is missing
cn|CN|*,1,64!ISMISSING=displayName|*
cn||*|#suppress it otherwise
# initial
initials|I|*,1,5|*
# surname
sn|S|*,1,40|*
# use cn for surname if sn is missing
cn|S|*,1,40!ISMISSING=sn|*
# given name is mapped if surname is present
givenName|G|*,1,16!ISPRESENT=sn|*
givenName||*|#suppress it otherwise
# internet addresses
mail|INTERNET-ADDR|*,1,512|*
# no mapping for ALIAS
# the DN of the entry
dn|FOREIGN-ADDR|*,1,512|*
# the DN of the group members
member|omMemberForeignAddr|*|*
# authentication id
uid|UL-AUTHID|*|*
# informational attributes
facsimileTelephoneNumber|FAX|*,1,32|!CUSTOM=TO_PS_STR
homephone|HOME-PHONE|*,1,32|!CUSTOM=TO_PS_STR
street|STREET-ADDRESS|*,1,128|!REPLACE=\033J|\012
st|STATE-OR-PROVINCE|*,1,128|*
telephoneNumber|PHONE-1|*,1,32|!CUSTOM=TO_PS_STR
title|TITLE|*,1,128|*
co|CNTRY|*,1,2|*
company|EMPL-ORG|*,1,64|*
departmentNumber|EMPL-DEPT|*,1,32|*
description|ENTRY-DESC|*,1,1024|!REPLACE=\033J|\012
l|L|*,1,128|*
mobile|MOBILE-PHONE|*,1,32|!CUSTOM=TO_PS_STR
pager|PAGER-PHONE|*,1,32|!CUSTOM=TO_PS_STR
physicalDeliveryOfficeName|PD-OFFICE-NAME|*,1,128|*
postalCode|POSTAL-CODE|*,1,40|*
# no mapping for ASSISTANT-PHONE
# no mapping for PHONE-2
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#IM_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# PART 2.2 for EXPORT - mapping tables
######################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in EX_MV_ATTR, only keep first instances
#####################################
# primary mapping table
EX_MAPPING_TABLE=
*|*|*|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#EX_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# END
#################################################################


Here is the output of the user in my LDAP directory:

Code: Select all

# scalix1, Users, foo.COM
dn: uid=scalix1,ou=Users,dc=foo,dc=COM
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: inetLocalMailRecipient
objectClass: scalixUserClass
cn: Scalix1
sn: scalix1
uid: scalix1
uidNumber: 1133
gidNumber: 513
homeDirectory: /home/scalix1
loginShell: /bin/bash
gecos: Scalix1
description: Scalix1
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Scalix1
sambaSID: S-1-5-21-4205727931-4131263253-1851132061-3266
sambaLogonScript: logon.bat
sambaPrimaryGroupSID: S-1-5-21-4205727931-4131263253-1851132061-513
sambaHomeDrive: H:
mailLocalAddress: "Scalix1"
mail: "Scalix1" <scalix1@foo.com>
sambaAcctFlags: [U]
sambaPwdLastSet: 1146498500
sambaPwdMustChange: 1150386500
scalixScalixObject: TRUE
scalixMailnode: foo,com
scalixServerLanguage: ENGLISH
scalixAdministrator: FALSE
scalixMailboxAdministrator: FALSE
scalixMailboxClass: LIMITED
scalixLimitMailboxSize: 1024000
scalixLimitOutboundMail: FALSE
scalixLimitInboundMail: FALSE
scalixLimitNotifyUser: TRUE
scalixHideUserEntry: FALSE


I know it's something from the changes I've made to the schema/import mapping. Because before I added the new attributes it worked fine. But since you've renamed most of the attributes with the new sync file I think I've got them all correct but mabey you can see something I'm missing here. Thanks for your help!!

[cosmih]

hi,
are news for your problem ? i'am asking because i'am interested by this solution.
thanks

[davidz]

I've got this system working now, but it's been a while since I dealt with this problem. Can you be more specific with the issue you are having as it relates to this post. That will help refresh my memory as to what I did to fix it. Thanks.

[dave-wilson]

Interesting !

I'm using "objectClass: exScalixClass" with "exScalixMailnode" etc attributes.
Does any one know if it's safe to convert all my users so that they use the new schema.
(objectClass: scalixUserClass)
Are the exScalix.... attributes not used anymore ?

I assume I can just do a ldapsearch > myfile.ldif and then do a search and replace to update all my users to the new attributes ?

Thanks in advance !

[davidz]

Here is my other post along these same lines with the script I used:
http://www.scalix.com/community/viewtopic.php?t=2226&highlight=

It's a litte incomplete though because I ended up adding to the attributes that were used to include mailbox limits and other features (see above). Also if you do this and use the new schema file you will have some extensive reworking to do with your omldapsync/agreement setups because they renamed all the attributes. Now when I did this I did not have Scalix in production yet so I don't know what messing with like this is going to do with existing accounts. In my limited understanding you should be fine to change the sync agreement / schema stuff and your existing LDAP directory without breaking everything. But like I said I have not tried it on a production system.

[dave-wilson]

Thanks David.

I've written a small script that adds the exScalix attributes to my OpenLDAP users. I guess the best thing is just to write a new one that updates all the Scalix attributes to the new ones shown in the updated schema file ?

[davidz]

I guess the best thing is just to write a new one that updates all the Scalix attributes to the new ones shown in the updated schema file ?

I agree. I doubt Scalix is going to go backwards, and if they have already changed it, it would probably be best to keep things as close to the same as what Scalix has already setup.

Do you use Samba+OpenLDAP? I modified my smbldap-useradd script so it automatically creates all the Scalix attributes when I create a new user. Just a suggestion.

[test]

...if you change "object's" in Line 91 to "objects".

ldap complains about the '

[davidz]

That's correct, I forgot about that.

[kurtbe]

I followed the instructions and have an openldap running with the new scalix schema and the Attributes.

Syncing works, BUT

The new user is always an Internet User and neither Premium or Standard, although the Option scalixScalixObject is set to TRUE in the LDAP.

on the logs I can't see errors, the user is just added as Internet.

Any hints, logfiles wanted?

thx4help
Kurt

[davidz]

Can youy please post sync file and sample of a user from your openldap directory?