Author Topic: Cannot enable openchange account for users outside the default user container  (Read 9150 times)

koendb

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
When I try to enable openchange account for users in other containers but the default container I get following message:
Quote
This addon applies only to users in the default 'Users' container

This does not make much sense to me :-)

StuartNaylor

  • Guest
I know, I said it before as its a McEnroe moment 'You can not be serious'

Means only a single group policy which negates the use of different group policies because your users cant have mail.

Daftest thing ever.

I have been saying this since 3.4 or was it 3.3. I just can't believe this is not seen as a priority!!!?

disinfector

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Is there a workaround for this problem ?

koendb

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Still not fixed in 4.0!

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
This is a known issue, which I would not expect to see fixed in 4.0

ff8jake

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +4/-0
    • View Profile
This is a known issue, which I would not expect to see fixed in 4.0
So basically:

Quote from: Zentyal.org Web Page
Zentyal is a drop-in replacement for Microsoft Small Business Server and Microsoft Exchange Server, that you can set up in less than 30 minutes.*

(*) Assuming you won't have to restructure your entire Active Directory to ensure all users are under the "Users" container.

challpagal

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Is there a workaround for this problem ??

vasanth

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Any updates on this?

This is a key thing to be resolved and should be in the highest priority.

Also, there is no option to move users between containers.!!

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Hello:

In order to move users between containers, use RSAT. I don't think openchange software will be modified so it can be used with users from non-default OU's in short time

seteq

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +3/-0
    • View Profile
If you look at the view counter on that forum's topic list page, this issue is really popular.

If you plan to use group policies (as almost every Windows admin does) you have to move your user and computer objects into organizational units, because linking a GPO to a container (like CN=Users) is not possible.
If you want to use openchange on Zentyal you are forced to put your users into that CN=Users container which in turn does not allow you to use group policies for your users at all.

So you must decide if you want to have group policies OR openchange... This is completely crazy!

Why isn't anyone of the development staff answering this topic?
If this restriction is not removed soon, openchange is completely useless as a Microsoft Exchange replacement!

Just my opinion :(

EDIT: Can you please explain in detail where the TECHNICAL limitation is?
« Last Edit: July 31, 2015, 01:21:27 pm by seteq »

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Hello:

I've heard of people which have successfully created groups under a specific OU, and created users on default container..
Moreover, Groups Polcies can be set up to apply to all domain but filter (security Filter) them using groups or even accounts



seteq

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +3/-0
    • View Profile
Your suggestion is nice - for tiny environments where you have users and OUs which you can count on one hand.

In bigger environments where you have hundreds of users and dozens of OUs - each with different GPO settings it's just not possible to put every user into the same container.
GPO processing is also becoming awfully slow when using your approach in bigger environments.

Can you explain whether that's a specific technical limitation by Openexchange/SoGo or it's just a Zentyal restriction?

If it's possible to redirect that to just ONE primary OU where all the users and sub-OUs are residing - that would be really great.

Thank you

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Hello:

this is a restriction imposed by current OpenChange code. I'm not sure how complex would it be to change to a specific OU

seteq

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +3/-0
    • View Profile
I'm still not sure if that's really the truth.

I searched all config files in /etc for "CN=Users" and modified:
/etc/sogo/sogo.conf
/etc/ocsmanager/ocsmanager.ini
and replaced CN=Users,DC=domain,DC=tld with DC=domain,DC=tld

After that I moved one of my test-environment-OU-users into the users-container and after sucessfully openchange-account-activation on the Zentyal webgui I moved that user back to another OU.
Everything is still working as expected so I doubt it's just a dumb restriction on the Zentyal WebGUI...

EDIT: I even restarted all services and the zentyal-server and it still works...

gabriel.gheorghiu@abt.ro

  • Guest
Good work seteq!

I'm using Zentyal for multidomain e-mail server only, in DMZ.
It' a mess to have all users from different domains in the same OU -> Users!
Now, thanks to you, maybe I will can create OU for each domain and move users accordingly.

I hope that these changes will be maintained in the event of changed files by updates.

I have a question for you, if you don't mind: my working version is 4.0.9.
Do you know if there are issues if I make upgrade to 4.1 from GUI (UPGRADE NOW button)?

Thank you in advance!

Gabriel