Ommigu Problem

Discuss installation of Scalix software

Moderators: ScalixSupport, admin

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Ommigu Problem

Postby davidz » Fri Apr 21, 2006 10:19 am

I'm working on integrating my current LDAP directory with Scalix. So far I've got Scalix communicating with my LDAP server and I've done omldapsync successfully. If I go into SAC it lists all my users but they are not mailboxes. So as I understand it I need to run ommigu to provision them with mailboxes on my mail store. When I run the command:

Code: Select all

ommigu -n "User Name" -m "mailstore" -a uid -p Password


I get the follow error message

Code: Select all

ommigu: CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com migration state is unexpected ["error" not "started"]

ommigu: Summary of the results of this run.

CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com skipped because migration state is unexpected ["error" not "started"]


Any variation of ommigu I try ends with this same result. Any suggestions would be very appreciated

ScalixSupport
Scalix
Scalix
Posts: 5500
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Fri Apr 21, 2006 9:23 pm

I'll point you to the knowledge base:

http://scalix.com/support/knowledgebase.html

select the solutions tab and search on ommigu. Have a look through those solutions to get a hint on something that you need to have configured correctly. They don't cover your error specifically but could be a contributing factor.

I'm curious about what might not be started. Please provide the output of

omstat -a

and

omstat -s

Thanks,
Don

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Mon Apr 24, 2006 9:28 am

I've tried everything in the solutions center on the knowledge base. I always get the same resulting error message. Here is the output you requested:

Code: Select all

[root@hermes ~]# omstat -a
PC Monitor                    Started        NON-STOP       0
Directory Relay Server        Started        04.21.06
Notification Server           Started        04.21.06       0
Shared memory daemon          Started        NON-STOP
Notification Monitor          Started        NON-STOP
Session Monitor               Started        NON-STOP
Container Access Monitor      Started        NON-STOP
Item Structure Server         Stopped
Database Monitor              Started        04.21.06
Licence Monitor Daemon        Started        NON-STOP
LDAP Daemon                   Started        04.21.06
Queue Manager                 Started        NON-STOP
Item Delete Daemon            Started        NON-STOP
IMAP Server Daemon            Started        04.21.06
SMTP Relay                    Started        04.21.06
Mime Browser Controller       Started        04.21.06


and ....

Code: Select all

[root@hermes ~]# omstat -s
Service Router                Started        04.21.06       0
Local Delivery                Started        04.21.06       0
Internet Mail Gateway         Started        04.21.06       0
Local Client Interface        Enabled        04.21.06       0
Remote Client Interface       Enabled        04.21.06       0
Test Server                   Started        04.21.06       0
Request Server                Started        04.21.06       0
Print Server                  Started        04.21.06       0
Bulletin Board Server         Started        04.21.06       0
Background Search Service     Started        04.21.06       0
CDA Server                    Started        04.21.06       0
POP3 interface                Started        04.21.06       0
Omscan Server                 Started        04.21.06       0
Archiver                      Started        04.21.06       0


I have also tried various options of ommigu. Like manually marking the entry in different states such as provisioned, configured, etc. Each option ends up with error messages. The import from my existing LDAP directory seemed to go great, all my users show up correctly in SAC. I just can't find what I'm missing.

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Wed Apr 26, 2006 12:47 pm

This is getting frustrating. I've tried everything I can think of to make this work, with no success. I even reformatted the machine and started from scratch again and now I get the exact same error message. Here is another version of the error message I get:

Code: Select all

[root@hermes ~]# ommigu -n "David Zollinger" -m hermes,sutc -a davidz -123456
Wed, 26 Apr 2006 10:44:52 -0600: STATUS: ompremigu CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com started #####
Wed, 26 Apr 2006 10:44:52 -0600: INFO: work dir is /var/opt/scalix/tmp/migu.7869
Wed, 26 Apr 2006 10:44:52 -0600: INFO: search filter is (CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com)&(ENTRY-TYPE=/(LDAP-OBJECT-CLASS=*|ADMINISTERED-BY=*)/INTERNET-ADDR=*) ...
[OM 16954] Entry not in the Directory

Wed, 26 Apr 2006 10:44:52 -0600: ERROR: omsearch failed to find exactly 1 matching entry
Wed, 26 Apr 2006 10:44:52 -0600: STATUS: ompremigu CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com failed, error 100 #####
[OM 16961] Modified 1 entry in the Directory

ommigu: Summary of the results of this run.

Error attempting to provision mailbox for CN=David Zollinger/FOREIGN-ADDR=uid\=davidz,ou\=Users,dc\=sutc,dc\=com [ompremigu exit code 100]



Any help would be great because if I can't get this to work my boss is going to make me install an Exchange Server.

ScalixSupport
Scalix
Scalix
Posts: 5500
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 26, 2006 1:39 pm

Hi,

which sync agreement have you used?

What version of OpenLDAP is this?

Cheers,

Sascha.

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Wed Apr 26, 2006 2:51 pm

I used sync agreement 13 and my OpenLDAP server is running version 2.2.29

Thanks for the reply, I really want to make this work.

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Apr 27, 2006 12:27 pm

when you use sync agreement type 13, you will not need to use ommigu. Ommigu was originally built for situations where sync agreement type 00 (for Exchange 5.5 migrations) is being used for migrating from Exchange 5.5 and against their ldap.

please check this forum for posts on openldap, omldapsync, check the omldapsync man page and the /var/opt/scalix/sys/ldapsync13.schema config file.

-- Florian.
Florian von Kurnatowski, Die Harder!

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Thu Apr 27, 2006 2:46 pm

This gets more confusing every time I get a response. Is there no up to date documentation on this? Every thing I get from the forum is contrary to documentation. So I'm going to try this one more time.

I want to use my current LDAP directory for user authentication. I don't know if I need to add schema to my current directory to do this. I have pieced together that if you want to use your existing LDAP directory you don't get to use SAC for anything because all the users are greyed out. For example if you need to add an email alias for a user you add it to your ldap directory and use omldapsync to update scalix. Is this correct?

My current issue is that my imported users are not showing up in SAC at all. Here is the status of my omldapsync. I have the search limited to just one user while testing.

Code: Select all

[root@hermes ~]# omldapsync -u hermesNEW
INPUT: please enter password for EX_PASS=
INPUT: please enter password for IM_CAA_PASS=
2006-04-27 12:31:57 STATUS: LDAP dir sync import hermesNEW started ###############
2006-04-27 12:31:57 INFO: work dir is /var/opt/scalix/ldapsync/hermesNEW/import
2006-04-27 12:31:57 STATUS: search source directory on zeus.sutc.com ...
2006-04-27 12:31:57 INFO: search base is uid=davidz,ou=Users,dc=SUTC,dc=COM
2006-04-27 12:31:57 INFO: ... 1 entries to check
2006-04-27 12:31:57 STATUS: find delta and perform mapping ...
2006-04-27 12:31:57 INFO: ... 0 entries to delete
2006-04-27 12:31:57 INFO: ... 0 entries to add
2006-04-27 12:31:57 INFO: ... 0 entries to modify
2006-04-27 12:31:57 STATUS: apply membdelete data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for member.curr
2006-04-27 12:31:58 STATUS: apply delete data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for delete.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for delete.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for delete.curr
2006-04-27 12:31:58 STATUS: apply add data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for add.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for add.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for add.curr
2006-04-27 12:31:58 STATUS: apply limit data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for add.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for add.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for add.curr
2006-04-27 12:31:58 STATUS: apply modify data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for modify.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for modify.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for modify.curr
2006-04-27 12:31:58 STATUS: apply limit data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for modify.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for modify.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for modify.curr
2006-04-27 12:31:58 STATUS: apply membadd data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for member.curr
2006-04-27 12:31:58 STATUS: apply membmodify data against Scalix ...
2006-04-27 12:31:58 INFO: ... 0 entries passed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries failed for member.curr
2006-04-27 12:31:58 INFO: ... 0 entries warned for member.curr
2006-04-27 12:31:58 STATUS: LDAP dir sync import hermesNEW completed #############
2006-04-27 12:31:58 STATUS: LDAP dir sync export hermesNEW started ###############
2006-04-27 12:31:58 INFO: agreement type 13 only supports import operation
2006-04-27 12:31:58 STATUS: LDAP dir sync export hermesNEW completed #############



Here is my sync.cfg:

Code: Select all

##################################################################
#
# Scalix LDAP Directory Synchronization configuration
# NOTE: this file must be edited with care before use
# Interactively editable fields are controlled by the following:
EDIT_PROMPT=JAVA_HOME EX_HOST EX_LOGON EX_PASS IM_HOST IM_CAA_URL IM_CAA_KEYSTORE IM_CAA_NAME IM_CAA_PASS EX_BASE1 EX_BASE2 EX_BASE3 IM_OMADDRESS
# Sync agreement type - see omldapsync man page
TYPE_ID=13
# Sync agreement id - set by argument
SYNC_ID=hermesNEW
# JAVA_HOME: home directory of java installation
# e.g. "/usr/java/j2sdk1.4.2_02"
JAVA_HOME=/usr/java/jre1.5.0_04
# The class path required by omldapagent java application (under
# /opt/scalix/svr/java/bin) is setup automatically by omldapsync to
# access dependent java libraries (under /opt/scalix/svr/java/lib)
##################################################################
#
# PART 1 General Configuration
##################################################################
# This section covers the settings required for tools to access
# both the remote and local systems for import or export.
# The general format is one or more line of <tag>=<value>
# Line starts with '#' is treated as comment
# When edited using omldaputil, do one of the followings:
#       -presss <enter> to accept the default offered inside []
#       -type in alternative <value> and press <enter>
#       -do not quote the value with "" or ''
#
# PART 1.1 for IMPORT - remote host
##########################################
# EX_HOST: remote LDAP directory server name or IP address
# e.g. "remote_server.your_domain.com" or "192.168.1.216"
EX_HOST=zeus.sutc.com
# EX_PORT: LDAP server port number
# e.g. "389" is normally used
EX_PORT=389
# EX_LOGON: user that can search/delete/add/modify directory
# your adminstrator or migration account is often used
# e.g. "cn=Export Admin,cn=users,dc=your_org,dc=com"
EX_LOGON=uid=root,ou=Users,dc=SUTC,dc=COM
# EX_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
EX_PASS=
#
# PART 1.2 for IMPORT - local host
#########################################
# IM_HOST: local Scalix directory server name
# must specify FQDN where internet and user group will be imported
# e.g. "local_server.your_domain.com"
IM_HOST=hermes.sutc.com
# IM_PORT: LDAP server port number
# e.g. "389" is normally used
#<na>IM_PORT=389
# IM_LOGON: user that can search/delete/add/modify directory
# your Scalix administrator account is often used
# e.g. "Import Admin" for user with this common name
#<na>IM_LOGON=Import Admin
# IM_PASS: user password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
#<na>IM_PASS=
# IM_CAA_URL: Scalix CAA service url - must end with "/"
# e.g. "http://local_server.your_domain.com:8080/caa/"
IM_CAA_URL=http://hermes.sutc.com/caa/
# IM_CAA_KEYSTORE: Scalix CAA service keystore for HTTPS only
# e.g "/var/opt/scalix/ldapsync/keystore"
IM_CAA_KEYSTORE=
# IM_CAA_ID: service login session-id
# e.g. "12345"
IM_CAA_ID=12345
# IM_CAA_NAME: service login auth-id, must have Scalix admin capability
# e.g. "user_name@your_domain.com"
IM_CAA_NAME=sxadmin@hermes.sutc.com
# IM_CAA_PASS: service login password, or leave it blank so that omldapsync
# will prompt for it when executing import or export agreement
# NOTE: the prompt will prevent complete automation of sync process
IM_CAA_PASS=
# IM_DELETE_MAILBOX: whether sync of mailbox delete will be applied to Scalix
# NOTE: set to "FALSE" to keep the mailbox and handle the deletion manually
IM_DELETE_MAILBOX=TRUE
#
# PART 1.3 for IMPORT - ldap parameters
#######################################
# EX_SCALIX_ATTRS: list of resersed Scalix attributes in external directory
# to administer Scalix user/group from this remote master source
# e.g. "EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG ..."
EX_SCALIX_ATTRS=EX_SCALIX_MAILBOX EX_SCALIX_MAILNODE EX_SCALIX_MSGLANG EX_SCALIX_ADMIN EX_SCALIX_MBOXADMIN
# EX_SCALIX_MAILBOX: name of attribute to specify whether Scalix object
# is required, yes if value is set to "TRUE"
# e.g. "exScalixObject"
EX_SCALIX_MAILBOX=exScalixObject
# EX_SCALIX_MAILNODE: name of attribute to specify which Scalix mailnode
# to add the mailbox, must use "<ou1>,<ou2>,<ou3>,<ou4>" format
# e.g. "exScalixMailnode"
EX_SCALIX_MAILNODE=exScalixMailnode
# EX_SCALIX_MSGLANG: name of attribute to specify which Scalix message
# catalog language to use for client, default to "C" if not set
# e.g. "exScalixMsglang"
EX_SCALIX_MSGLANG=exScalixMsglang
# EX_SCALIX_ADMIN: name of attribute to specify whether to give the user
# Scalix admin capability, yes if value is set to "TRUE"
# e.g. "exScalixAdmin"
EX_SCALIX_ADMIN=exScalixAdmin
# EX_SCALIX_MBOXADMIN: name of attribute to specify whether to give the user
# Scalix mailbox-admin capability, yes if value is set to "TRUE"
# e.g. "exScalixMboxadmin"
EX_SCALIX_MBOXADMIN=exScalixMboxadmin
# EX_ATTR: attributes to extract from remote system for import
# e.g. "member dn uid objectClass displayName sn givenname initials mail entryUUID cn <etc>"
EX_ATTR=exScalixObject exScalixMailnode exScalixMsglang exScalixAdmin exScalixMboxadmin member dn uid objectClass displayName sn givenname initials mail entryUUID cn facsimileTelephoneNumber homephone street st telephoneNumber title co company departmentNumber description l mobile pager physicalDeliveryOfficeName postalCode
# EX_BASEn: search base(s) to extract entries from remote system
# specify a container name and its full LDAP suffix
# e.g. "cn=users,dc=your_org,dc=com"
EX_BASE1=uid=davidz,ou=Users,dc=SUTC,dc=COM
EX_BASE2=
EX_BASE3=
EX_BASE4=
EX_BASE5=
EX_BASE6=
EX_BASE7=
EX_BASE8=
EX_BASE9=
# EX_FILTER: search filter to include/exclude entries to import
# e.g.   "(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))"
EX_FILTER=(|(&(objectclass=inetOrgPerson)(mail=*))(&(objectclass=groupOfNames)(mail=*)))
# IM_DN_SUFFIX: set the dn suffix (location) for the imported entries
# NOTE: by default all rdns from the remote dn will be retained & encoded
# for maximum uniqueness. To only use the first <N> rdns for this, specify
# the argument in the format "<N>|<suffix>" instead of "<suffix>".
# e.g. "o=Scalix" for all rdns, or "2|o=Scalix" for first 2 rdns.
#<na>IM_DN_SUFFIX=2|o=Scalix
# IM_OMADDRESS: Scalix address where where entries are imported
# NOTE: this is a route which you configure for coexistence
# e.g. "/internet" or "internet"
IM_OMADDRESS=/internet
# IM_MV_ATTR: mapped attributes that can be imported with multi values
# e.g. "objectClass INTERNET-ADDR omMemberForeignAddr"
IM_MV_ATTR=objectClass INTERNET-ADDR omMemberForeignAddr
# EX_GUID: the remote tag name for extracting Foreign GUID
# e.g. "entryUUID"
EX_GUID=entryUUID
# LDAPCT_BIN_ATT: must set value to EX_GUID if it is a binary attribute
# e.g. ""
LDAPCT_BIN_ATT=
# EX_PAGESIZE: use pagesize control extension to overcome search limit
# e.g. "100"
EX_PAGESIZE=1000
#
# PART 1.4 for EXPORT - ldap parameters
#######################################
# NOTE: export is not supported for this agreement type
#
# PART 2 Mapping Configuration
#################################################################
# WARNING: refer to documentation before editing the tables.
# This section defines the mappings required in order to map data
# between the remote and local LDAP systems for import or export.
# The general format is <lines of value> enclosed by markers.
# When edited using omldaputil, do one of the followings:
#       -presss <enter> to accept the default offered inside []
#       -type in alternative value and press <enter>
#       -type in '-' to remove the line offered
#       -type in '+<value> to insert it before current line
# For more details on all mapping rules see omldaputil man page.
#
# PART 2.1 for IMPORT - mapping table
#####################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in IM_MV_ATTR, only keep first instances
#####################################
# primary mapping table
IM_MAPPING_TABLE=
# scalix reserved attributes
exScalixObject|omMailbox|*|*
exScalixMailnode|omMailnode|*|*
exScalixMsglang|UL-IL|*|*
exScalixAdmin|ADMIN|*|*
exScalixMboxadmin|MBOXADMIN|*|*
# scalix object classes
objectClass|*|groupOfNames|distributionList
objectClass|*|inetOrgPerson|organizationalPerson
objectClass||*|#ignore others
# distinguished name
dn|*|*|*
# global unique id
entryUUID|GLOBAL-UNIQUE-ID|*|*
# common name
displayName|CN|*,1,64|*
# use cn for common name if displayName is missing
cn|CN|*,1,64!ISMISSING=displayName|*
cn||*|#suppress it otherwise
# initial
initials|I|*,1,5|*
# surname
sn|S|*,1,40|*
# use cn for surname if sn is missing
cn|S|*,1,40!ISMISSING=sn|*
# given name is mapped if surname is present
givenName|G|*,1,16!ISPRESENT=sn|*
givenName||*|#suppress it otherwise
# internet addresses
mail|INTERNET-ADDR|*,1,512|*
# no mapping for ALIAS
# the DN of the entry
dn|FOREIGN-ADDR|*,1,512|*
# the DN of the group members
member|omMemberForeignAddr|*|*
# authentication id
uid|UL-AUTHID|*|*
# informational attributes
facsimileTelephoneNumber|FAX|*,1,32|!CUSTOM=TO_PS_STR
homephone|HOME-PHONE|*,1,32|!CUSTOM=TO_PS_STR
street|STREET-ADDRESS|*,1,128|!REPLACE=\033J|\012
st|STATE-OR-PROVINCE|*,1,128|*
telephoneNumber|PHONE-1|*,1,32|!CUSTOM=TO_PS_STR
title|TITLE|*,1,128|*
co|CNTRY|*,1,2|*
company|EMPL-ORG|*,1,64|*
departmentNumber|EMPL-DEPT|*,1,32|*
description|ENTRY-DESC|*,1,1024|!REPLACE=\033J|\012
l|L|*,1,128|*
mobile|MOBILE-PHONE|*,1,32|!CUSTOM=TO_PS_STR
pager|PAGER-PHONE|*,1,32|!CUSTOM=TO_PS_STR
physicalDeliveryOfficeName|PD-OFFICE-NAME|*,1,128|*
postalCode|POSTAL-CODE|*,1,40|*
# no mapping for ASSISTANT-PHONE
# no mapping for PHONE-2
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#IM_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# PART 2.2 for EXPORT - mapping tables
######################################
# Table format/content/comment:
# <table begin marker>
# <table end marker>
# except those in EX_MV_ATTR, only keep first instances
#####################################
# primary mapping table
EX_MAPPING_TABLE=
*|*|*|*
=END_MAPPING_TABLE
#####################################
# secondary mapping table
#EX_MAPPING_TABLE2=
#*|*|*|*
#=END_MAPPING_TABLE
#
# END
#################################################################



Also after the so called successfull omldapsync if I do a search on the scalix ldap server the user exists and looks like this:

Code: Select all

# David Zollinger, Scalix
dn: cn=David Zollinger, o=Scalix
cn: David Zollinger
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: mhsUser
objectClass: scalixPerson
surname: davidz
description: David Zollinger
mhsORAddresses: S=davidz/OU1=internet/CN=David Zollinger
omInternetAddr: "David Zollinger" <davidz@sutc.com>
mail: davidz@sutc.com
rfc822Mailbox: davidz@sutc.com
omAddress: davidz /internet/CN=David Zollinger
omMailnode: internet
omCn: David Zollinger
omForeignAddr: uid=davidz,ou=Users,dc=sutc,dc=com
omGlobalUniqueId: 60073c8e-594a-102a-9931-c8862f133c18
omLocalUniqueId: 496


But the user does not show up with omshowu or in SAC.

I appreciate all the help very much, and I hope that you ScalixSupport guys know how important you are to poor guys like me.

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Apr 27, 2006 2:58 pm

Well,

I believe you're getting closer because all that you've been describing makes sense.

The problem is that what your script has done is not to create a user with a mailbox but a Contact entry - so actually the user should show up in SAC as a "Internet User" and should be in your address book, but you won't be able to login or authenticate as this is no account, only an address book entry.

You can also make the user visible with the omsearch command - which works against the directory - but not with omshowu which only shows real accounts.

The key to this is

Code: Select all

exScalixObject|omMailbox|*|*


You haven't extended your Schema on the OpenLDAP side, I assume (see ldapsync13.schema for instructions should you want to do this); therefore the exScalixObject attribute does not exist, therefore it is not mapped to the omMailbox attriubute in the Scalix side.

omldapsync defaults this to false, and that then means that a contact record is created.

So - so far everything is in order.

Your choices are:
* extend schema and set exScalixObject to TRUE
* don't extend schema and hardcode TRUE value for the attribute in sync.cfg - which then makes it impossible to also create contact records through LDAP.

I would, if you have control over schema and user record contents on the OpenLDAP side, go for the first option.

-- Florian.
Florian von Kurnatowski, Die Harder!

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Thu Apr 27, 2006 5:04 pm

Ok, it's all starting to come together at last. I created a test user in my LDAP directory and add the schema attributes then I ran my omldapsync filtered for that one user and it imported fine. If I do an omsearch it shows up. And I can login to SWA with the user. The only thing that is not working is the test user still does not show up in SAC. What can I do to make it show up?

And another thing I just thought of, if I have all my users (even the greyed out ones) in SAC can I still use that to create PDL's? I don't want to use my LDAP directory for that. I want to use SAC to maintain my PDL's. Is this going to work?

Thanks for the quick response!!!

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Apr 27, 2006 5:11 pm

well...

do ANY users (i.e. sxadmin) show up in your sac?

in addition, what does
hostname --fqdn
return.

What do you see in your /opt/scalix/global/config file

and last, maybe you want to post the output of
omsearch -s -m @ALL-ATTR@

if everythings works allright, you should actually be able to manage your PDLs in SAC - that's one of the reasons we made the imported entries show up in SAC as read-only entries.

Cheers,
Florian.
Florian von Kurnatowski, Die Harder!

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Thu Apr 27, 2006 5:52 pm

Thanks for the tips. After checking what was returned from hostname --fqdn it was only the host name not the FQDN so I check my hosts file and found that it was listed backwards.

<ipaddress> hostname hostname.domain
instead of
<ipaddress> hostname.domain hostname

now it returns:

Code: Select all

[root@hermes /]# hostname --fqdn
hermes.sutc.com



So after I fixed that I had to re-import my test user and it showed up in SAC and logs into SWA just fine.

Here is the contents of my /opt/scalix/global/config

Code: Select all

[root@hermes /]# cat /opt/scalix/global/config
OMNAME=hermes
OMHOSTNAME=hermes.sutc.com
OMDATADIR=/var/opt/scalix
OMAUTOSTART=TRUE


My understanding is that this file is ok. Part of the problem is that I imported the hosts file from another server after the initial installation and I entered it wrong the second time.

And here is the out put of omsearch -s -m @ALL-ATTR@


Code: Select all

[root@hermes /]# omsearch -s -m @ALL-ATTR@
S=sxadmin/OU1=hermes/OU2=sutc/CN=sxadmin/INTERNET-ADDR=techteam@hermes.sutc.com/ENTRY-TYPE=1/UL-AUTHID=sxadmin@hermes.sutc.com/UL-CAPS=7/UL-CLASS=Limited/UL-IL=C/IA-FORMAL=techteam@hermes.sutc.com/S-SDX=S355/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=15000000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=97/DBV-ID=33554433
S=ScalixUserAdmins/OU1=hermes/OU2=sutc/CN=ScalixUserAdmins/INTERNET-ADDR=ScalixUserAdmins@hermes.sutc.com/ENTRY-TYPE=4/DL-POLICY=0/IA-FORMAL=ScalixUserAdmins@hermes.sutc.com/S-SDX=S422/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=09000000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=160/DBV-ID=33554435
S=ScalixGroupAdmins/OU1=hermes/OU2=sutc/CN=ScalixGroupAdmins/INTERNET-ADDR=ScalixGroupAdmins@hermes.sutc.com/ENTRY-TYPE=4/DL-POLICY=0/IA-FORMAL=ScalixGroupAdmins@hermes.sutc.com/S-SDX=S426/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=0b000000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=192/DBV-ID=33554437
S=ScalixUserAttributesAdmins/OU1=hermes/OU2=sutc/CN=ScalixUserAttributesAdmins/INTERNET-ADDR=ScalixUserAttributesAdmins@hermes.sutc.com/ENTRY-TYPE=4/DL-POLICY=0/IA-FORMAL=ScalixUserAttributesAdmins@hermes.sutc.com/S-SDX=S422/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=0d000000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=224/DBV-ID=33554439
S=ScalixAdmins/OU1=hermes/OU2=sutc/CN=ScalixAdmins/INTERNET-ADDR=ScalixAdmins@hermes.sutc.com/ENTRY-TYPE=4/DL-POLICY=0/IA-FORMAL=ScalixAdmins@hermes.sutc.com/S-SDX=S423/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=0f000000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=256/DBV-ID=33554440
S=sxqueryadmin/OU1=hermes/OU2=sutc/CN=sxqueryadmin/INTERNET-ADDR=sxqueryadmin-hermes@hermes.sutc.com/ENTRY-TYPE=1/UL-AUTHID=sxqueryadmin@hermes.sutc.com/UL-CAPS=7/UL-CLASS=Limited/UL-IL=C/IA-FORMAL=sxqueryadmin-hermes@hermes.sutc.com/S-SDX=S635/HOST-FQDN=hermes.sutc.com/GLOBAL-UNIQUE-ID=11100000f127f444-05.001.861.291/LOCAL-UNIQUE-ID=289/DBV-ID=33554441
S=scalixtesting/OU1=hermes/OU2=sutc/CN=Test Scalix/INTERNET-ADDR="Scalix" <scalixtesting@sutc.com>="Bob and Jane" <scalix2@sutc.com>/ENTRY-TYPE=1/UL-AUTHID=scalixtesting/UL-CAPS=7/GLOBAL-UNIQUE-ID=5e7e5958-6a78-102a-8bef-897c35782faa/UL-CLASS=Limited/UL-IL=ENGLISH/HOST-FQDN=hermes.sutc.com/LOCAL-UNIQUE-ID=593/FOREIGN-ADDR=uid\=scalixtesting,ou\=Users,dc\=SUTC,dc\=COM/ENTRY-DESC=Test Scalix/IA-FORMAL=scalixtesting@sutc.com=scalix2@sutc.com/S-SDX=S423/DBV-ID=33554442


I don't think that I really needed to post this output since it seems to be working propery but it may shed some light on someone else's problem.

One side quesiton, I do understand that doing it this way I need to setup a cron job to run omldapsync in order to keep the two directories up to date. How resource intensive is omldapsync for about 200 entries? In other words can I run my cron job every 15 minutes without any adverse effects? Or should it be like once every couple hours?

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Apr 27, 2006 5:56 pm

Yes,

for SAC to display objects properly, it is imperative that the hostname in hostname --fqdn, the one in the global config file and the one in the HOST-FQDN attribute of the system directory entries are all the same.

You would schedule a cronjob that periodially executes omldapsync -u <name-of-agreement> -S, correct.

-- Florian.
Florian von Kurnatowski, Die Harder!

davidz
Posts: 129
Joined: Wed Apr 19, 2006 11:46 am

Postby davidz » Thu Apr 27, 2006 6:19 pm

Thanks again for all the help in getting this resolved. I'm excited to finally start deploying this system.


Return to “Installation”



Who is online

Users browsing this forum: No registered users and 1 guest

cron