Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Open Directory Extension Issues (the open directory extension installer totally DESTROYS slapd when there are pre-existing LDAP extensions installed.a)
  •  
syntaxcollector

Messages: 7

Karma: 0
Send a private message to this user
this is basically not a call for help but a heads up to Kerio and any fine people wanting to install the Kerio extensions into their OD master that already has a custom LDAP schema extension installed.

In one word, dont.

The kerio open directory extension installer totally DESTROYS slapd when there are pre-existing LDAP extensions installed. Slapd crashes and can't restart, spewing errors like:

6/27/08 10:49:07 AM org.openldap.slapd[1354] /etc/openldap/slapd.d: line 1: Duplicate attributeType: "1.3.6.1.4.1.*****.2.1.101" 


After installing and destroying my test server I demoted and repromoted, installed the kerio extensions first and then my custom extensions after. This work but was obviously not what I want considering it would kill my password server and users. Or force me to do massive LDIF exports and password server merges. Not fun...

Instead!! You can do this:

- Copy the kerio-mailserver.schema file (that you can get from their installer, or email them for a copy) into /etc/openldap/schema
- edit the file /etc/openldap/slapd.conf and add the following line at the end first group of include statements
include     /etc/openldap/schema/kerio-mailserver.schema

- use launch control to unload slapd
launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

- then use slapd to import the text based conf file into the slapd.d folder
/usr/libexec/slapd -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d -d 99

- once the terminal has finished spewing output Control-C the process and reload slapd
-
launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist


and that's it!

The kerio extensions are installed, your extensions are not destroyed and all the users live happily ever after.

Using a mac is a little different then using a pc. Its not so much operating a computer as it is tricking it, fooling it into what you want it to do. You kinda have to sneak up on a mac.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
The main problem is that other custom OD extensions installed before ODExt could be duplicated in the slapd.d folder. OD cannot start when the schema in slapd.d contains duplicated items.

The correct solution is:

1. Stop OD with 'slapconfig -stopldapserver'. It's more elegant way than using launchctl.
2. rm -rfv /private/etc/openldap/slapd.d/*
3. Install the Kerio OD Extension. The content of slapd.d directory will be recreated from slapd.conf file during the installation.
4. Start OD with 'slapconfig -startldapserver'

  •  
syntaxcollector

Messages: 7

Karma: 0
Send a private message to this user
actually the real correct solution is for kerio to check for pre-existing LDAP schema extensions and deal with them properly instead of destroying my slapd!

Smile

Using a mac is a little different then using a pc. Its not so much operating a computer as it is tricking it, fooling it into what you want it to do. You kinda have to sneak up on a mac.
Previous Topic: Kerio With Apple Open Directory
Next Topic: How do I rename default Deleted, Junk, and Sent Folders
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 14:19:04 CET 2017

Total time taken to generate the page: 0.00367 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.