Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect Multi-Server » Multiple domains and directory servers
  •  
Mika-SIN

Messages: 27
Karma: 0
Send a private message to this user
Hello everyone!

We have a Kerio Connect Multiserver with 300 users and 4 backends.

Actually we have only one domain (primary) which is bound to an Active Directory server, let's say domain.com. Our goal is to add another domain ext.domaine.com which will be bound to Directory Server VM (from KC Multiserver).

We have created the new domain with the help of this topic:
http://forums.kerio.com/t/29953//

We met an issue with the script, it didn't want to create the domain ext.domain.com because the domain domain.com (primary) already existed on the Directory Server which was pushed by the puppetmaster.

On the puppet we did this:
# apt-get purge slapd ldap-utils (delete all LDAP)
# vi /etc/hosts (to create the line : 127.0.1.1 directory-proxy.ext.domain.com)
# /etc/init.d/hostname.sh start (apply the modification)
# hostname --fqdn (to verify that the local domain is ext.domain.com)
# apt-get install slapd ldap-utils (reinstall ldap, by default the domain is 'olcSuffix: dc=ext,dc=domain,dc=com')
# puppet agent -t (synchronize)
# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config objectClass=olcHdbConfig (to see our db ldap)
# cd /opt/kerio/openLdapExtension/
# create_default_ou.sh ext.domain.com MyPassword (retrieve missing OU)
# install_schema.sh
# create_indices.sh 1

Now we can correctly create the new domain with ./create_ldap_db.sh script.

Everything is working fine except one thing! We cannot change the password of "ext.domain.com" users from admin console. Only the users from their webmail can achieve this.

When we try from console we got this error (log):
[20/Jun/2016 12:00:03] Built-in administrator: admin - Update User {Name="test_pass", DomainName="ext.domain.com", emailAddresses={}, description="39b6deHw5", password="*****"}
20/Jun/2016 16:49:29] Built-in administrator: admin - Failed to set password to user test_pass<_at_>ext.domain.com. The directory service or its configuration is not supported.

Is there something wrong?
Help! Smile

[Updated on: Tue, 21 June 2016 11:50]

  •  
Otakar Leopold (Kerio)

Messages: 3
Karma: 2
Send a private message to this user
Hi,

please check value of "isLdapManagementAllowed" property for domain ext.domain.com in file mailserver.cfg. It should be set to 1 to allow password changing in directory services.
If it is 0 you have to stop server change the value and start server. Do not forget repeat this for all Connect servers where are you using domain ext.domain.com.

If it does not help I need to know which ldap mapping file are you using. It is saved in mailserver.cfg as "MapFile" for domain ext.domain.com. And if you are using Web administration or direct api call.
  •  
Mika-SIN

Messages: 27
Karma: 0
Send a private message to this user
Hi Otakar,

Thank you for your help!

We just set the value "isLdapManagementAllowed" to 1 for all backend. Of course we stop the server before the modification. At first only backend1 was set to 1 as you thought.
But sadly we have the same issue.

[28/Jun/2016 09:31:25] Built-in administrator: admin - Update User {Name="test_pass", DomainName="ext.lepoint.fr", emailAddresses={}, password="*****"}
[28/Jun/2016 09:31:25] Built-in administrator: admin - Failed to set password to user test_pass<_at_>ext.lepoint.fr. The directory service or its configuration is not supported.

For the "MapFile" we set it to "openldap.map" and we are using Web administration.

Any advice?
  •  
Otakar Leopold (Kerio)

Messages: 3
Karma: 2
Send a private message to this user
Hi,

I found a bug on our side, it is really not working. It will be fixed in Kerio Connect 9.1.1. Unfortunately it is too late for version 9.1.0.
  •  
Mika-SIN

Messages: 27
Karma: 0
Send a private message to this user
Thanks for your help!
We will keep you in touch when 9.1.1 is released Wink
Previous Topic: Migration from Singele Server with multiple local Domains
Next Topic: Kerio Connect public folders
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 11 14:46:42 CET 2016

Total time taken to generate the page: 0.00925 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.