Scalix Forums

Skip to content

omldapsync

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

Post Reply
chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Mon Oct 23, 2006 3:20 pm

Hi Chris,

what are you using as an argument to sxpamauth? This test command has a bug in v10 - it only accepts the user's last name as as argument - not the auth id. (This problem is fixed in v11)

What you can also try is omlogon (also with last name) or just try SWA as normal.

Let me know what you get out of it,

Chris
Top
cswihart
Posts: 58
Joined: Tue Oct 03, 2006 10:18 am

Postby cswihart » Mon Oct 23, 2006 4:15 pm

Hey Chris

When I use the users last name I'm able to execute the sxpamauth argument and change passwords in eDirectory. However I'm still unable to login via SWA. If I execute omshowu -n username. password is listed as unset. If i change the password via ommodu to the password of the user I'm able to login without problem.


Chris
Top
chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Mon Oct 23, 2006 5:49 pm

Can you post the contents of your /var/opt/scalix/sys/pam.d/ual.remote?

Thanks,

Chris
Top
cswihart
Posts: 58
Joined: Tue Oct 03, 2006 10:18 am

Postby cswihart » Wed Oct 25, 2006 11:54 am

Hey Chris,

Your post encouraged me to examine my ual.remote file a little closer. Although I had all the correct lines added to the end of the file I had failed to comment out the

Code: Select all

auth required om_auth nullok


at the beginning of the file. I'm now able to authenticate directly against eDirectory. Thanks for pointing me in the right direction.


-Chris
Top
chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Wed Oct 25, 2006 2:05 pm

Excellent!

I'll update the wiki to reflect the fact that the files should contain nothing other than the lines I quoted.

Let me know if anything else comes up.

Chris
Top
cswihart
Posts: 58
Joined: Tue Oct 03, 2006 10:18 am

Postby cswihart » Wed Oct 25, 2006 4:05 pm

One thing I've noticed that I haven't had much time to look into yet is that all the users I import from eDirectory are imported as Premium Users. I see in the Active Directory sync instruction there is a scalixMailboxClass attribute to desiginate a user as having either FULL or LIMITED access. However I do not see this in my current sync agreement. I'm assuming that I'll have to extend my eDirectory schema to include this attribute and then make the proper attribute mappings in Scalix. Is this correct?

-Chris
Top
chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Thu Oct 26, 2006 5:27 pm

Hi Chris,

you are correct - you would need to update your scheme in order to set this attribute in eDirectory.

The relevant lines in the sync.cfg then need to be updated to reflect the value you used.

Chris
Top
Post Reply

Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Limited
 

 

cron