Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Updating Open Directory Extensions - Mac 10.5.4
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user
Hello,

I just noticed that I did not upgrade the OD extension in July when I upgraded to the mailserver to 6.4.2.

I would like to upgrade the OD extension but am hesitant to do so until I have all the facts.

1. Do I need to reconfigure the kerio in anyway after upgrading
2. Should Kerio be offline while I upgrade?
3. Do I need to reboot?

Thanks,

Nigel

Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
FROM: http://www.kerio.com/kms_history.html
----------
Version 6.4.2:

Kerio Open Directory Extension:
+ Added support for Mac OS X Leopard Server.
----------
Version 6.5.0:

Kerio Open Directory Extension:
* Default From address used in WebMail and Kerio Outlook Connector is synchronized to Open Directory.
----------
Version 6.6.0 rc1:

Kerio OpenDirectory Extension:
* Added support for automatic migration of extensions from master to new replicas in Mac OS X 10.5.4 and later.
- OpenDirectory Extension changes were removed from slapd.conf file on every OpenDirectory change (replica creation, server promotion).
----------

Based on the above notes, I'd say don't bother upgrading the OD extension unless you're OD is on a 10.5.x server. I'm guessing you're not on 10.5, or you would likely be having some sort of issue.

Version 6.6 is on track to be a very solid update. This is especially true for 10.5.4 and up OD users who would like to have an OD replica. If I were in your position, and everything was working, I'd not mess with anything until 6.6 was ready and then put all the pieces in place.

To answer your questions...

1. I've never had to change any configuration in Kerio after updating OD. Still, it doesn't hurt to browse the inspector in Workgroup Manager to make sure the Kerio fields look as they should.
2. I've typically stopped KMS. However,the documentation, nor the installer specify a need to do that, or reboot.
3. I use the opportunity to install any pending OS updates and reboot. However, see 2 above.

Kerio's manual section on OD Extension:

http://www.kerio.com/manual/kms/en/chap-ode.html

Also...

The manual entry for KMS upgrades...
To upgrade this product, the Kerio Administration Console must first be closed. The other components (Kerio MailServer Engine and Kerio MailServer Monitor) will be automatically closed by Kerio MailServer installation program. The installation program will detect the directory where the older version is installed and replace appropriate files with new ones automatically. All settings and all stored messages will be available in the new version. We recommend not changing the installation directory!

The inference is that if the installer needs to stop something, it will.

Cheers,
Lyle Millander
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user

Very helpful, Thank you for this Lyle.

I am using 10.5.4 server. In fact, I Initially installed Kerio 6.5.1 on 10.5 and the OD extension seemed to work. I updated the mailserver to 6.5.2 but forgot to update the OD extension. All seems to work but I am now getting strange items in the log which is why I am looking into this.

I will shutdown Kerio, update the extension and report back here.

Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
You're welcome.

I'm interested in seeing the strange items in your log.

Also, It might be a good idea to check the slapd.log on the Open Directory server.

Check this thread for info on the slapd index messages:

http://forums.kerio.com/index.php?t=msg&th=12248&sta rt=0&S=726259ac272430469baf68d3447c1bf2&SQ=3e052237c 267f232c960ba65685d64c4&

Cheers,
Lyle
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user
I just updated the OD extension and there appears to be no issues.



However, I am still getting this message repeating for all users in the Kerio warning log.

Rejecting record with mismatching usernames: nige vs nhudson



And I am still getting this repeating message in the slapd.log

Sep 19 09:06:38 xserve slapd[3935]: <= bdb_equality_candidates: (kerio-Mail-Address) index_param failed (18)

[Updated on: Fri, 19 September 2008 16:33]


Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
Your slapd error is only indirectly related to the Kerio OD extension. The link in my previous post will explain this and offer a solution.

For the mismatching user name, I'm going to guess that this is a female user who changed her last name. Correct?

I've been looking for the best workflow for changing user short names/email addresses. Although I've encouraged our female employees to stop getting married/divorced and/or changing their names - they just don't listen. Wink

This is the approach I take: (note that this was only tested for full OD accounts, not for local Kerio accounts that simply use OD for authentication)

1. Record the user's OD info for re-entry and backup the user ID photo (we store contact info and jpg photos in the OD account).
2. Delete the user's account in OD.
3. As root (sudo -s in terminal or logged into Finder as root) change the name of the user's folder in /usr/local/kerio/mailserver/store/mail/yourdomain.xxx/ (or wherever you have your mail store located).
4. Create new OD account with user's new name. The account short name must match the folder name from 3 above.
5. Activate the "new" user in OD via the Kerio Admin Console user list.
6. Create an alias on the user account for the previous name.
7. Clean up your Kerio public contact folder if applicable.

Note that I am pulling this from memory vs. my notes, so be careful - test this on a sample account first. It' also possible that Kerio has a documented/approved workflow that I've just been too lazy to locate.

Cheers,
Lyle
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user
I followed the instructions in the other post and the slapd error went away. Awesome! Thank you.

The other error in the Kerio warning log is still around. This is not happening for one user but all users. Nobody has changed their names either.

For example;

OD info for one user:
Name: Bob Jones
User ID: 1053
ShortNames:
bjones
bob

Kerio Info pulled from OD for user:
Login Name: bjones
Full Name: Bob Jones

Will produce the error:
Rejecting record with mismatching usernames: bob vs bjones


As I write this, perhaps it is a conflict with have more than one short name in the WorkGroup Manager?

I'll remove the extra short name and see the if error persists.


[Updated on: Fri, 19 September 2008 15:43]


Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user
I believe i confirmed the error is tied to multiple short names in Workgroup Manager.

I removed all the alternate shortnames from one user. That user is not showing up in the logs with the above error.

That said, I don't want to remove all the user alternate shortnames.

I wonder if kerio can fix this on their end.


Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
Are your users using the alternate short names for OD authentication, or simply as email aliases?

I tried additional short names for email a while ago and recall a similar error. Instead, we add the alternate email addresses via Kerio admin. No one is allowed an OD login alias.

Cheers,
-Lyle
  •  
NigelH

Messages: 78
Karma: 0
Send a private message to this user

Thanks again for your help today.

Currently, some alternate shortnames are used to authenticate to non kerio services such as AFP or SMB.

The default shortnames are used when authentication to Kerio.

For example, a user may user "firstname" (an alternate shortname) as a login name when connecting to an AFP share point however, his email client would be using "firstnamelastname" (default shortname/kerio login name) when connecting to Kerio.

I don't user alternate shortnames as emails, or rather I set up email alias in kerio if an alternate is required.

Do think connecting to both services using different shortnames is the cause for the warning in Kerio?



[Updated on: Fri, 19 September 2008 21:56]


Kerio Mail Server 6.7.2 Build 7821
Mac OS X Server 10.5.8
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
NigelH wrote on Fri, 19 September 2008 15:55

Do think connecting to both services using different shortnames is the cause for the warning in Kerio?


I'm fairly sure of it at this point. I added a second short name to my account many months ago. This is what I culled from my Kerio warning log...

Rejecting record with mismatching usernames: lyle.millander vs lmillander

What is interesting to note is that the error only occurred when I tried to use lyle.millander (the added short name) to log into Kerio web mail.

The following error immediately followed the first:

HTTP/WebMail: User lyle.millander<_a.t_>newspost.com doesn't exist. Attempt from IP address x.x.x.x

I don't think there is any harm in having the additional short names in OD, so long as they are not used to log into KMS.

Cheers,
Lyle
Previous Topic: Notify
Next Topic: Subject: Message Delivered: EST
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:41:00 CET 2017

Total time taken to generate the page: 0.00589 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.