LDAP Migration issue - Existing Scalix user accounts

[lowey71]

We are in the process of migrating all of users to LDAP based syncing and auth.

Both components are working quite successfully with ldapsync and PAM. New accounts, deletions, modification are all fine within our Ldap tree -> Scalix.

The issue for us, is that we have a collection of large existing user accounts within Scalix that we would like to migrate to being managed by LDAP. (Centralise eveything)

We have already migrated a few accounts using 'omcpoutu/omcpinu' but this causes issues at the client end with smartcache and basically a new profile being required to be created for the user in Outlook (solutions welcome!). Also, as some of our accounts our over 1GB each, this is quite time consuming for us and also for the clients when they are running over slow WAN links.

By modifying our LDAP entries to match our existing Scalix entries we hit issues (of course) when the users are attempted to be added by ldapsync as they already exist. Within Scalix, we have already added with omldapmod the attributes 'omForeignAddr' and 'omAdministeredBy' as well as matching CN,mail etc entries that match each directory.

If we 'Accept' these errors when syncing, modifying something in LDAP eg 'title' and trying syncing again, we receive a failure due to the 'GLOBAL-UNIQUE-ID' being incorrect within Scalix:

....
<entity name="GLOBAL-UNIQUE-ID" value="7bde35f8-a0c0-102a-9b9b-a8642f9f8993"/>
...
<message>Failed to locate or retrieve information in LDAP for id 7bde35f8-a0c0-102a-9b9b-a8642f9f8993</message>
......

Both omldapmodify/ommodent/ommodu all report success when we change this value to match the Scalix user. omldapsearch will report the new value as well but omshowu NEVER reports the new 'Global ID'

eg

[root@scalix ~]# omldapsearch "mail=csmds*" omGlobalUniqueId
cn=CSM - DS, o=Scalix
omGlobalUniqueId=075000008b67c244-42.0.861.291

[root@scalix ~]# ommodent -e "CN=CSM - DS" -n GLOBAL-UNIQUE-ID=7bde35f8-a0c0-102a-9b9b-a8642f9f8993
[OM 16961] Modified 1 entry in the Directory

[root@scalix ~]# omldapsearch "mail=csmds*" omGlobalUniqueId
cn=CSM - DS, o=Scalix
omGlobalUniqueId=7bde35f8-a0c0-102a-9b9b-a8642f9f8993

Ah hah! All good..... but....

[root@scalix ~]# omshowu -n csmds | grep Glo
Globally Unique ID: 075000008b67c244-42.0.861.291

doh!

Anyhow, omldapsync will work!! ONCE!! Entries are propogated etc... Then the GLobal ID reverts back to its initial value in the Scalix LDAP directory and further syncs fail due to the mismatch again...


The question is:

Is there an easy way to migrate existing Scalix accounts to LDAP?

or

Can the Global ID be modified to match? Either within Scalix or Ldapsync etc? Or is this just crazy talk...

or

Stuck with importing/exporting 10G+ of email..

[chris]

Hi Lowey,

don't know how good you are with the unix shell. Can you understand the following?

omsearch -e "GLOBAL-UNIQUE-ID=*$scalix_guid_suffix" -m ia-formal | sed -e 's/IA-FORMAL=//g' | while read ia; do ldapsearch -h $ldap_server -D "cn=admin,dc=ldap,dc=domain" -w $password -x -b "dc=ldap,dc=domain" -s sub "mail=$ia" entryUUID | grep "entryUUID:" | sed -e 's/entryUUID\:\ //g' | while read uuid; do echo $ia; ommodent -e "ia-formal=$ia" -n GLOBAL-UNIQUE-ID=$uuid; ommodent -e "ia-formal=$ia" -n GLOBAL-UNIQUE-ID=$uuid -t h -d userlist; done; done

That will read the GUID's from LDAP and change the Scalix GUID to the master LDAP guid.

After that, assuming you're using 11.0.4, you shouldn't have any problems.

Chris

[lowey71]

Thanks Chris. We were running 11.0.2.

Upgrade to 11.1 this morning, added the extra '-t h -d userlist' options to our ommodent commands and all now looks fine.

What does the '-t h' option do as it does not appear in the man page