Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » OpenLdap Integration with Kerio Mail Server (OpenLdap Integration with Kerio Mail Server)
  •  
venjulla

Messages: 3
Karma: 0
Send a private message to this user
I want to integrate OpenLdap with Kerio mail server. I have followed the instruction given at http://support.kerio.com/index.php?_m=knowledgebase&_a=v iewarticle&kbarticleid=409

But I am unable to see OpenLdap users in kerio administrator console. I am getting following error in console

config.cpp: Could not load user LDAP map from file /opt/kerio/ldapmap/apple.map for domain test.com

I am using suse 10.0.

Can anybody help me to fix this issue?
  •  
wdobbe

Messages: 4
Karma: 0
Send a private message to this user
Also trying to sync with openldap and I get the same error.

In the LDAP server logs I can see that Kerio does a user search and gets an entry in return....

Any help would be appreciated.
  •  
wdobbe

Messages: 4
Karma: 0
Send a private message to this user
After many hours of trying I got Kerio synced to my OpenLDAP directory (both running on OpenSuse 11.2, but not on same machine).
Corrections I made with reference to the article:

- rfc2307bis.schema is a standardised schema, modifying it is not a good idea. Instead I added the groupMemberShip and apple-generateduid to kerio-mailserver.schema and included these attributes to objectClass kerio-Mail-User
- In apple.map instead of <value><GroupMemberShip></value> I used <value><attribute>groupMemberShip</attribute></value>
- In apple.map in <map table="User"> change the filter entry to <filter>objectclass=kerio-Mail-User</filter>
- I had to change the other apple*.map and gal_apple*.map files accordingly.
  •  
wdobbe

Messages: 4
Karma: 0
Send a private message to this user
My apple.map file.

  • Attachment: apple.map
    (Size: 3.25KB, Downloaded 476 times)
  •  
TeraxIT

Messages: 4

Karma: 0
Send a private message to this user
I had to remove fallowing lines from yours apple.map file, because I got "GuidXQueryAlias::createCondition: Invalid item guid" error (User/group doesn't exist), when I tried to open/edit user or group I created using tutorial mentioned above.

    <variable>
		<name>Guid</name>
		<value><attribute>apple-generateduid</attribute></value>
    </variable>

    <variable>
       <name>Guid</name>
       <value><attribute>apple-generateduid</attribute></value>
    </variable>


System: CentOS 5.4 x86_64.

Thank You!
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Actually, you have to add the apple-generateduid attribute to the OpenLDAP schema. Otherwise you will not be able to administer Kerio Connect (MailServer) and it will not work properly. Read http://support.kerio.com/kb/409
  •  
TeraxIT

Messages: 4

Karma: 0
Send a private message to this user
Yes, you're right. Now I can see (always could) and open user and group, but can't to update them. I'm getting fallowing errors on screen:

Failed to update group with GUID, the group doesn't exist.
Failed to update user, the user doesn't exist.

In Kerio warnings:

[28/Feb/2010 19:23:51] GuidXQueryAlias::createCondition: Invalid item guid
[28/Feb/2010 19:23:52] GroupNameQueryAlias::createCondition: Invalid group guid
[28/Feb/2010 19:23:55] GroupManFacade::updateGroups: Invalid group guid
[28/Feb/2010 19:23:55] GuidXQueryAlias::createCondition: Invalid item guid
[28/Feb/2010 19:23:55] GuidQueryAlias::createCondition: Invalid guid
[28/Feb/2010 19:23:55] Cannot update group , group not found.
[28/Feb/2010 19:25:41] GuidXQueryAlias::createCondition: Invalid item guid
[28/Feb/2010 19:25:45] GuidXQueryAlias::createCondition: Invalid item guid
[28/Feb/2010 19:25:49] UserManFacade::updateUsers: Invalid user guid

And in OpenLDAP logs these lines looks suspicious:

slapd[11532]: <= bdb_equality_candidates: (groupMemberShip) not indexed
slapd[11532]: <= bdb_equality_candidates: (groupMemberShip) not indexed

slapd[11532]: <= bdb_equality_candidates: (kerio-Mail-Address) not indexed

Let's keep trying Smile
  •  
wdobbe

Messages: 4
Karma: 0
Send a private message to this user
I had no problems with the kerioadmin tool, but I use it only to change a user's mail quota. All other user/group stuff is managed from the Yast User/Group GUI or directly in the LDAP tree via an LDAP editor.
  •  
TeraxIT

Messages: 4

Karma: 0
Send a private message to this user
I prefer not to use GUI tools until I don't understand system enough Wink I migrated all system accounts and groups and some other information to LDAP database, so it's a bit different system from described in tutorial. Anyway, I deleted test user and test group I've created before and now I'm going to try to modify some imported users and groups. System is running fine, LDAP server is configured properly and Kerio is connecting to LDAP, so I think there could be problems only on Kerio side.
I'll definitely inform when things will come right.

Thanks again.
  •  
bugbeta

Messages: 2
Karma: 0
Send a private message to this user
i cant download the schema file over there( http://support.kerio.com/index.php?_m=downloads&_a=view& amp;parentcategoryid=5&pcid=0&nav=0), who can send it to me by email to:bugbeta#foxmail.com


thank you very much!!
  •  
TeraxIT

Messages: 4

Karma: 0
Send a private message to this user
Schemas were sent.
  •  
bugbeta

Messages: 2
Karma: 0
Send a private message to this user
thanks Laughing i have received.
  •  
mh

Messages: 16
Karma: -5
Send a private message to this user
Hi,

I've setup KC7 with openLDAP too. Everything seems to work but when I try to add a user I get the message: Failed to activate user, teh user does not exist. Well, the user was displayed in advance, so it does exist Rolling Eyes

When I look at the debug output of my LDAP server I only see two additional identical searches, no modification request. I'm confused Confused

Here is a short overview of what I've done:

http://wiki.mhcsoftware.de/Kerio

Perhaps this may help others as the support download pages are mostly down.

Here is what openldap logs when the user list is displayed:

conn=72 op=52 SRCH base="ou=user,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-User)(!(kerio-Mail-Active=*)))"
conn=72 op=52 SRCH attr=kerio-Mail-AccountEnabled description cn apple-generateduid kerio-Mail-Address uid kerio-Mail-Active
conn=72 op=52 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=73 op=23 SRCH base="ou=group,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-Group)(kerio-Mail-Active=*))"
conn=73 op=23 SRCH attr=description apple-generateduid cn
conn=73 op=23 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=72 op=53 SRCH base="ou=user,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-User)(&(|(kerio-Mail-Address=matthias)(uid=matthias)))(kerio-Mail-Active=*))"
conn=72 op=53 SRCH attr=uid
<= bdb_equality_candidates: (kerio-Mail-Address) not indexed
<= bdb_equality_candidates: (uid) not indexed
conn=72 op=53 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=73 op=24 SRCH base="ou=group,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-Group)(&(kerio-Mail-Address=matthias))(kerio-Mail-Active=*))"
conn=73 op=24 SRCH attr=cn
conn=73 op=24 SEARCH RESULT tag=101 err=0 nentries=0 text=


And this is logged when I ty to add a user by checking it an clicking OK:

conn=72 op=54 SRCH base="ou=user,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-User)(kerio-Mail-Active=*))"
conn=72 op=54 SRCH attr=uid kerio-Mail-AccountEnabled apple-generateduid kerio-User-AuthPIN kerio-Mail-AdminRights kerio-Mail-Authorization GroupMemberShip kerio-Mail-Address kerio-Mail-ForwardMode kerio-Mail-ForwardAddress kerio-Mail-HomeServer kerio-Mail-QuotaStorage kerio-Mail-QuotaMessage kerio-Mail-MaxOutgoingMessageSize kerio-Mail-Preferred-Address kerio-Mail-WebReplyToAddress cn description
conn=72 op=54 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=72 op=55 SRCH base="ou=user,dc=mhc,dc=loc" scope=2 deref=0 filter="(&(objectClass=kerio-Mail-User)(kerio-Mail-Active=*))"
conn=72 op=55 SRCH attr=uid kerio-Mail-AccountEnabled apple-generateduid kerio-User-AuthPIN kerio-Mail-AdminRights kerio-Mail-Authorization GroupMemberShip kerio-Mail-Address kerio-Mail-ForwardMode kerio-Mail-ForwardAddress kerio-Mail-HomeServer kerio-Mail-QuotaStorage kerio-Mail-QuotaMessage kerio-Mail-MaxOutgoingMessageSize kerio-Mail-Preferred-Address kerio-Mail-WebReplyToAddress cn description
conn=72 op=55 SEARCH RESULT tag=101 err=0 nentries=0 text=


Can some one help ?

[Updated on: Sat, 06 March 2010 23:25]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
What does Directory Service Lookup debug messages in the Kerio Connect debug log say?
Did you add all necessary attributes to the openLDAP schema?
mh

Messages: 16
Karma: -5
Send a private message to this user
Kerio_pdobry wrote on Sat, 06 March 2010 23:20
What does Directory Service Lookup debug messages in the Kerio Connect debug log say?


Well nothing else than reflecting what you can read in the openldap log, see: http://nopaste.info/d1a32fa7cd.html

Quote:

Did you add all necessary attributes to the openLDAP schema?


Yes, i think so, I've modified my previous post to point to my wiki. You can see there what I did:

http://wiki.mhcsoftware.de/Kerio

[Updated on: Sat, 06 March 2010 23:42]

Previous Topic: Removing Sent/Deleted Items and Junk E-mail
Next Topic: iChat Sharing with Sonicwall
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 18:53:59 CEST 2017

Total time taken to generate the page: 0.00515 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.