Dropping Scalix Server into existing OpenLDAP environment

[elstevedre]

I'm setting up a Scalix server and I need it to authenticate users against the existing OpenLDAP directory. I've done some reading through these forums, and I think I basically know how to procede, but I wanted to post my plan here and see if it makes sense or if there are any "gotchas" that I should look out for.

I've already set up the Scalix server. It's running and I can log in via SWA.

The next steps as I see it are going to be:

1. Shut down the OpenLDAP server.

2. Copy ldapsync13.schema into the OpenLDAP schema directory.

3. Add the include line for the new schema into slapd.conf.

4. Restart OpenLDAP slapd.

5. Create a script to add the necessary scalix attributes to the ldap accounts that will need access to scalix. As I understand it, these attributes are:

objectClass: exScalixClass
exScalixObject: TRUE
exScalixMailnode: ou1,ou2
exScalixMsglang: ENGLISH
exScalixAdmin: TRUE
exScalixMboxadmin: FALSE

6. Edit ~scalix/sys/ldapsync13.cfg for my environment.

7. Run omldapsync to import the data from OpenLDAP into Scalix.

8. Edit my user creation utilities to create Scalix attributes in new OpenLDAP accounts.

9. Create a cronjob to run omldapsync every 30 minutes or whatever.

Am I forgetting anything?

How do I control which accounts get imported as premium users?

Thanks, -Steve

[davidz]

Here is my take on your setup:

1-4: No problems here, pretty obvious
5: Are these the only attributes your are planning on using? I would suggest using the more expaned schema file that includes the attributes for Premium/Standard user, mailbox size limits, etc.
6: OK
7: OK
8: By this do you mean the smbldap-tools scripts?
9: OK

How do I control which accounts get imported as premium users?

See number 5 above.

--David

[elstevedre]

Thanks for responding David.

5: Are these the only attributes your are planning on using? I would suggest using the more expaned schema file that includes the attributes for Premium/Standard user, mailbox size limits, etc.
--David

Yes, sort of. We're essentially only going to be using Scalix for it's calendaring functionality via the outlook plugin. So all the users I'm going to import are going to be premium users.

Do I need to add anything to the schema to accomplish that, or can I just add the attribute; "omUlClass=Full" when I modify their ldap accounts?

Thanks, -Steve

[davidz]

Look at this post http://www.scalix.com/community/viewtopic.php?t=2232&highlight= and get the whole new schema file from about half way down. Be careful though, because they have renamed some of the attributes which requires modification of your sync.cfg and also modify your smbldap-useradd script to include the new attributes (if you are doing it this way). If you look through the new schema file you will see that there are attributes to control all portions of the Scalix user. I would also suggest to add all of the Scalix attributes found in the new schema file where you are going to use them or not. That way your LDAP directory will be a complete picture of what your user really is.