Cannot enable openchange account for users outside the default user container

[trysomething]

I think this thread has gone off the deep end.  Nobody has hundreds and thousands of users on SBS.  Unless you're using a pirated copy of the Enterprise Exchange server you're not over 100 users either.  In both cases your hardware overhead is going to be somewhere close to how much Money Bill Gates gives to charity every year to be able to handle that much processing.
Zentyal (community edition) is a free solution because we are in essence beta testing for the paid solution.  It is also a means of getting some folks with great minds together to play with what they have and find a means of expanding it.
In both SBS and Exchange you're going to have to create users and GPO's, why can't everyone just be inside the users group and you take a minute to create a couple of other security groups outside of it?  You've obviously all read about Zentyal's ability to bulk import from an existing A.D. right?  Probably not, but you can export your current A.D. to a CSV and import it right into Zentyal.
So, if you have hundreds and thousands of users inside a Microsoft A.D. a quick right click > Export List and then from your Zentyal box it's a tiny bit of scripting and done.
Nobody said that Zentyal is designed to digest an entire existing infrastructure, it's a replacement and I can set it up in 30 minutes.  Further to that point I'm legally blind with 20/450 in my good eye so it's me, a magnifying glass and a screen.  I've successfully moved 25 users from SBS 2008 to Zentyal 4.0.  Including setting up the Zentyal 4.0 box, doing the research on moving users, exporting mailboxes to PST's, importing, moving user accounts and mounting the old Windows NTFS drive on my Zentyal box with everyone's "Redirected Folders" took me two days.  Part of that time I was swimming with my kids, eating and sleeping so it's not really all that hard.
For the record, who in this thread got into their first SBS or Exchange box and had everything go the way they wanted it to?  How many countless hours did all of us spend on the stupid TechNet Blog reading article after article?  How many KB's have you had to install, revoe, patch, read, downgrade and most ways fight tooth and nail with?
I'm super happy with Zentyal and I've even been beating it up against ClearOS and Nethserver - I've gotta say that compared to all of the other options out there Zentyal is the best solution so far.

[seteq]

Who was talking about SBS? SBS is a totally different thing in my opinion. If you have been running a SBS server you'd better migrate to Office365 and save all that money instead of running your own servers. If you really need to run your servers by yourself Zentyal MAY be a possible solution.

I tried to evaluate Zentyal as an alternative for "real" exchange servers with 100+ users. Zentyal could really help to save a lot of costs for Exchange server licenses and CALs (Enterprise vs. Core CAL) and admins may reinvest that money to support open source software development. But in the current state Zentyal is not a Exchange server replacement in any way.

I'm glad that you are happy with it, but in my eyes Zentyal still doesn't deliver what it tries to promise...

[seteq]

I hope that these changes will be maintained in the event of changed files by updates.

I have a question for you, if you don't mind: my working version is 4.0.9.
Do you know if there are issues if I make upgrade to 4.1 from GUI (UPGRADE NOW button)?

Be warned: The modifications are for testing purposes only and not recommended for production environments.
Whenever you do domething on the GUI which forces a re-generation of your config files all your changes will be lost.

If you really need to make those change some sort of permanent, you'd better change the config file stubs:
/usr/share/zentyal/stubs/openchange/ocsmanager.ini.mas
/usr/share/zentyal/stubs/openchange/sogo.conf.mas
Then you may save your changes on the GUI and the config file regeneration will use the new values without CN=Users

But I think that these modifications may also be lost when you install the updates.

[gabriel.gheorghiu@abt.ro]

Thank you seteq for your reply.

Kind regards,
Gabriel

[trysomething]

@setiq - Zentyal is really meant for guys like me who maintain an in-house server for a small office.  Anything larger scale is going to have to be built from the ground up.  That being said I've been orking on doing my own "Ubuntu Business Box" for a lot of different reasons.
So far I've only lost some hair over the deal, but I just installed Ubuntu 14 on a VM and at the end I picked to install SSH, Mail Server, DNS and I'm pretty sure that's it.   Oh yeah I picked to install default LAMP too LoL.
Once it's all restarted I actually found a few pretty good tutorials on building Samba 4 from source to use it as a PDC with Bind9 DNS - so I got that most ways working.
Then you have to do some config changes to make all of your authentication stuff to use sassl (think I typed that right, pretty tired at present LoL).
Once that's all setup you can add a couple of test users into Samba and authenticate to the mail service (in theory).
Then you have to install SoGo and the Open Change Plug-in, both of which I haven't gotten to yet but it looks pretty in depth right now.
If you're interested in checking out more open source stuff there are ClearOS and Nethserver - both have free community editions.  To run an Exchange replacement you have to buy Zarafa (maybe it's Zarifa) but it's like $10 to buy a license for that and I think you just need the 1 license per box.  I liked ClearOS because it had a marketplace kind of deal but I had a rough go at using it because it's based on CentOS or Red Hat and I'm just learning Debian/Ubuntu so I had to walk away from it.

[mohscorpion]

I hope that these changes will be maintained in the event of changed files by updates.

I have a question for you, if you don't mind: my working version is 4.0.9.
Do you know if there are issues if I make upgrade to 4.1 from GUI (UPGRADE NOW button)?

Be warned: The modifications are for testing purposes only and not recommended for production environments.
Whenever you do domething on the GUI which forces a re-generation of your config files all your changes will be lost.

If you really need to make those change some sort of permanent, you'd better change the config file stubs:
/usr/share/zentyal/stubs/openchange/ocsmanager.ini.mas
/usr/share/zentyal/stubs/openchange/sogo.conf.mas
Then you may save your changes on the GUI and the config file regeneration will use the new values without CN=Users

But I think that these modifications may also be lost when you install the updates.

hi
i have tried this solution but no matter the changes i make to those files , values shown in UI are still the same and i can't activate openchange for my users inside OUs.
can you please provide more about your recommendation?

[trysomething]

This solution will not survive an upgrade from 4.1-4.2, it may not survive 4.1-4.1.4 either, but there is a solution!  Go check out the Appendix B of the Zentyal Wiki:

https://wiki.zentyal.org/wiki/En/4.1/Appendix_B:_Development_and_advanced_configuration

Sorry it's not an actual link but I'm blind and I can never find that stupid insert hyperlink button anymore.  It's actually a super cool setup that makes this much easier, you use Zentyal Stub Files to make the changes, which ironically have pretty much the same name.  The secret is creating a directory /etc/zentyals/stubs - if and when you upgrade and there is a conflict with your custom stub file you just compare files between the default and your custom one, make appropriate changes and restart whatever service/module you just changed.  It's actually pretty easy and survives - until Zentyals stops using stub files I guess LoL.

[mohscorpion]

it is a good idea but the file i need to change is not in the stubs. it is /etc/sogo directory.
which gets regenerated, i am checking to find the stub file responsible for this.
actually i searched all files in stubs directory but none of them had "cn=users".
thnx

[trysomething]

I'm guessing you'll at least get pointed in the right direction in:

/usr/share/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas

That has references to the sogo side of things in a few places.  I'd venture a guess that you'll find what you need inside the openchange directory.

What I did to figure out quite a bit of things was just drop a stub file in /etc/Zentyal/stubs/openchange (or whichever directory) and just start changing stuff.  If it screwed up then I just deleted the file and made a note of what not to do LoL.

Of course the DC side of things is supposed to be managed by Samba, so maybe in the Samba stubs would be something.  Now you've really got me thinking on this, so I'm going to tear some stuff apart in a minute here and see what I can figure out!

[jbahillo]

Perhaps:

https://github.com/zentyal/zentyal/blob/master/main/openchange/stubs/sogo.conf.mas


?

[scott_whalen]

Is this the solution to preventing virtual domains from seeing other virtual domain calendars? Right now (in webmail at least) when subscribe to calendars are searched, the users from other VD's are shown in the list.

[Gabriel GHEORGHIU]

Hi Scott,

I use Zentyal for multidomain email server and I have the same problem. How I solved:

Edit "sogo.conf.mas":

nano /usr/share/zentyal/stubs/openchange/sogo.conf.mas

Here, modify in "/* LDAP authentication */" from YES to NO, like here:

1. For ADRESSBOOK:

id = sambaShared;
            displayName = "Shared Addressbook";
            canAuthenticate = NO;
            isAddressBook = NO;

2. For CONTACTS:

 id = sambaContacts;
            displayName = "Shared Contacts";
            canAuthenticate = NO;
            isAddressBook = NO;

After modifications, you must restart the service or the entire system.

If there are updates/upgrades for SOGO or Openchange, after they are applied, you must modify again "sogo.conf.mas".

Unfortunately, I don't know how to do this to be permanent (I understand that can be copied "sogo.conf.mas" in a special location and the modifications will be permanent, but ...).

Kind regards,
Gabriel

[Gabriel GHEORGHIU]

Is this the solution to preventing virtual domains from seeing other virtual domain calendars? Right now (in webmail at least) when subscribe to calendars are searched, the users from other VD's are shown in the list.

Hi Scott,

Please read here: https://forum.zentyal.org/index.php/topic,24036.msg99630.html#msg99630 to make the modifications permanent, thanks to jbahillo.

[scott_whalen]

Thanks Gabriel, I made the changes, however in webmail the user still gets all of the users in the search box.

I've also made the changes in the stubs for sogo and ocsmanager, but CN=users is still showing on the GUI and I can't enable openchange for non default users group users.

I'm running 4.2 that I downloaded and installed about a week ago, were there changes to prevent these items in this release?

How is the paid ISP version configured? I would expect it to work this way.

[Gabriel GHEORGHIU]

Thanks Gabriel, I made the changes, however in webmail the user still gets all of the users in the search box.

Hi Scott! You're welcome!

I just verify in my email account on webmail and I don't get users from other email virtual domains that I have on the server.

After this modifications in "sogo.conf.mas", in email account user interface you must have:
1. in Address Book: only "Personal Address Book" and "Collected Address Book".
2. in Calendar: only "Personal Calendar"

If you don't have only those from above, I think you must restart the server. It should work.

I've also made the changes in the stubs for sogo and ocsmanager, but CN=users is still showing on the GUI and I can't enable openchange for non default users group users.

I haven't made yet the changes recommended by seteq to enable openchange for non default users group users.
Theoretically should work. I have read docs from Sogo site. Sogo is capable to manage separate domains but here, on Zentyal, I think must be related modifications on Sogo, Openchange and maybe on Samba and Apache. I really don't know, just guess.

I'm running 4.2 that I downloaded and installed about a week ago, were there changes to prevent these items in this release?

I'm also running 4.2 (upgrade from 4.1).

The default location for "sogo.conf.mas" is: /usr/share/zentyal/stubs/openchange/sogo.conf.mas

The custom stub will be here: /etc/zentyal/stubs/openchange/sogo.conf.mas

How is the paid ISP version configured? I would expect it to work this way.

If you refer to Zentyal Cloud version, is made for separate domains and should be work in this way.

Zentyal Cloud -> Technical Features -> Multitenant: Complete isolation of client companies ...