| Multiple domains and directory servers [message #130461] |
Tue, 21 June 2016 11:48  |
 |
Mika-SIN
Messages: 11
Registered: November 2007
Location: France
|
|
|
|
Hello everyone!
We have a Kerio Connect Multiserver with 300 users and 4 backends.
Actually we have only one domain (primary) which is bound to an Active Directory server, let's say domain.com. Our goal is to add another domain ext.domaine.com which will be bound to Directory Server VM (from KC Multiserver).
We have created the new domain with the help of this topic:
http://forums.kerio.com/t/29953//
We met an issue with the script, it didn't want to create the domain ext.domain.com because the domain domain.com (primary) already existed on the Directory Server which was pushed by the puppetmaster.
On the puppet we did this:
# apt-get purge slapd ldap-utils (delete all LDAP)
# vi /etc/hosts (to create the line : 127.0.1.1 directory-proxy.ext.domain.com)
# /etc/init.d/hostname.sh start (apply the modification)
# hostname --fqdn (to verify that the local domain is ext.domain.com)
# apt-get install slapd ldap-utils (reinstall ldap, by default the domain is 'olcSuffix: dc=ext,dc=domain,dc=com')
# puppet agent -t (synchronize)
# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config objectClass=olcHdbConfig (to see our db ldap)
# cd /opt/kerio/openLdapExtension/
# create_default_ou.sh ext.domain.com MyPassword (retrieve missing OU)
# install_schema.sh
# create_indices.sh 1
Now we can correctly create the new domain with ./create_ldap_db.sh script.
Everything is working fine except one thing! We cannot change the password of "ext.domain.com" users from admin console. Only the users from their webmail can achieve this.
When we try from console we got this error (log):
[20/Jun/2016 12:00:03] Built-in administrator: admin - Update User {Name="test_pass", DomainName="ext.domain.com", emailAddresses={}, description="39b6deHw5", password="*****"}
20/Jun/2016 16:49:29] Built-in administrator: admin - Failed to set password to user test_pass<_at_>ext.domain.com. The directory service or its configuration is not supported.
Is there something wrong?
Help! 
[Updated on: Tue, 21 June 2016 11:50] Report message to a moderator |
|
|
|
| Re: Multiple domains and directory servers [message #130506 is a reply to message #130461] |
Thu, 23 June 2016 15:12  |
Otakar Leopold (Kerio)
Messages: 3
Registered: February 2012
|
|
|
|
Hi,
please check value of "isLdapManagementAllowed" property for domain ext.domain.com in file mailserver.cfg. It should be set to 1 to allow password changing in directory services.
If it is 0 you have to stop server change the value and start server. Do not forget repeat this for all Connect servers where are you using domain ext.domain.com.
If it does not help I need to know which ldap mapping file are you using. It is saved in mailserver.cfg as "MapFile" for domain ext.domain.com. And if you are using Web administration or direct api call.
|
|
|
|
| Re: Multiple domains and directory servers [message #130589 is a reply to message #130461] |
Tue, 28 June 2016 10:19 |
|
Mika-SIN
Messages: 11
Registered: November 2007
Location: France
|
|
|
|
Hi Otakar,
Thank you for your help!
We just set the value "isLdapManagementAllowed" to 1 for all backend. Of course we stop the server before the modification. At first only backend1 was set to 1 as you thought.
But sadly we have the same issue.
[28/Jun/2016 09:31:25] Built-in administrator: admin - Update User {Name="test_pass", DomainName="ext.lepoint.fr", emailAddresses={}, password="*****"}
[28/Jun/2016 09:31:25] Built-in administrator: admin - Failed to set password to user test_pass<_at_>ext.lepoint.fr. The directory service or its configuration is not supported.
For the "MapFile" we set it to "openldap.map" and we are using Web administration.
Any advice?
|
|
|
|
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
