How can scalix be part of a samba domain?

[btorch]

Since scalix already comes with ldap and I would like it to be part of a samba domain which I already controls user authentication through an ldap server. how can I either make scalix use my curent ldap server or how can I make my samba use scalix ldap?

how would the schemes work though ? and what about the samba objects that are part of a user ldap account?

[Valerion]

If you're using OpenLDAP, have a look at /var/opt/scalix/sys/ldapsync13.schema, which is an OpenLDAP schema extension for Scalix. You can then set up a type 13 LDAP sync agreenment with omldapsync and get the details off the LDAP server.

[davidz]

One key part to this scenario that has not ever seemed to make it into the documentation is whether or not you want to just 'one time sync' the Scalix LDAP with the Samba LDAP or if you want to have a single point of administration for LDAP. For example, if you want to create a user in samba ldap and have it make your email address as well. Or if you change the spelling of a person's name in samba ldap it changes their email address as well.

Once you decide which scenario you want to do then you can begin to make Scalix work properly. For second scenario check out:

http://www.scalix.com/community/viewtopic.php?t=2226&highlight=
http://www.scalix.com/community/viewtopic.php?t=2163&highlight=

Also if you are opting for the single point of administration through your current LDAP directory you'll have to get a newer verion of the scalix.schema flie. The one included in the download is outdated. I can post it if needed.

[btisdall]

One key part to this scenario that has not ever seemed to make it into the documentation is whether or not you want to just 'one time sync' the Scalix LDAP with the Samba LDAP or if you want to have a single point of administration for LDAP. [...]

Also if you are opting for the single point of administration through your current LDAP directory you'll have to get a newer verion of the scalix.schema flie. The one included in the download is outdated. I can post it if needed.

I would be very interested in this David - I want to investigate managing Samba & Scalix though LDAP (the Fedora DS implementation).

[davidz]

I'm don't know a whole lot about Fedora Directory because I have never set it up before. But from what I've read it's similar to OpenLDAP (which is what I use along with phpLDAPadmin). Just let me know what I can do to help.

[btisdall]

Cheers! I have to admit that trying to get an LDAP address book going at home a few years back is the only thing that's had me throwing in the towel with a "life's too short for this!". But I'm wiser now & perhaps things have got a bit easier too.

I'm really hoping I can get Fedora-DS or something similar working well - I think that having a directory that's reasonably easy to set up & even easier to admininstrate is crucial to the adoption of Linux+Scalix+Samba by SMEs (particularly the Ss) that would otherwise be going for Windows SBS.

[davidz]

Here is a brief overview of how our system is currently configured (which I rather like).

We have a Samba and OpenLDAP domain controller that handles computer logins. We have modified the LDAP directory to contain the additional information needed by Scalix. (This information is found in the scalix schema files). We have also modified the smbldap tools useradd script so that when we create a new user for the domain it will automatically create the necessary Scalix options. (Like mailbox size limits, admin priveledges, etc.) We use phpLDAPAdmin for simple administration of the directory. (Like adding additional email addresses, name changes, etc.)

Our Scalix server is version 10.1 running on FC4. We use omldapsync in a cron job that runs every 30 minutes. Omldapsync takes care of user modifications that we make on our OpenLDAP/Samba system, and will add new users, and delete them as well. If I go into SAC I cannot manage any of my users here. They are all greyed out, this is becuase I have chosen to manage them from my current LDAP diretory and merely 'sync' them together. Users that I do not need in samba I create in SAC. This includes email users like support @domain.com, etc. For distribution lists we use GNU Mailman. See other posts by me for information on mailman.

Hope this helps you see the big picture of our setup so it can help you with yours.

[btisdall]

Thanks for that David, I think I'll look at your solution too.