Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: danscrima on January 18, 2010, 07:27:54 pm

Title: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 07:27:54 pm: Hey guys, I'm having a small issue with the new 1.3.15 release.
I have a Windows Server ready to go with the AD sync program, but the wiki for setting up my ebox slave is either out of date or I have my ebox setup wrong.. :(

http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync

That wiki is saying there should be Users > Mode but I do'nt see that in 3.1.15.
Instead I see Users and Groups and under that Slave Status and LDAP Info. I would think I could configure what I need there, but its acting as if its the master. I tried removing the usersAndGroups module and installing it as a slave according to http://trac.ebox-platform.com/wiki/Document/HowTo/EBoxMasterSlaveSetup?version=9 but that didn't work either.

Any help would be greatly appreciated!! I'm trying to convince my boss we need a beefy server for ebox, but he's hesitant! Let's change his mind cuz ebox could be so awesome for us.
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: J. A. Calvo on January 18, 2010, 07:45:44 pm: Hi,

During the eBox installation, did you select the "standalone" option? There is a "advanced" option that it says is for master/slave configurations or Windows AD Sync.

You can try to execute in the console "/usr/share/ebox/ebox-unconfigure-module users" and you should be able to see the "Mode" menu again.
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 07:49:37 pm: Quote from: J. A. Calvo on January 18, 2010, 07:45:44 pm
Hi,

During the eBox installation, did you select the "standalone" option? There is a "advanced" option that it says is for master/slave configurations or Windows AD Sync.

You can try to execute in the console "/usr/share/ebox/ebox-unconfigure-module users" and you should be able to see the "Mode" menu again.

I did see that option, but I selected the master/slave because my intention was to make this sync with my current Windows AD. When I selected that option, thought, the installer said that it had no current advanced installer function and that I should check http://trac.ebox-platform.com/wiki/Document/AdvancedSetup_1.3 which pointed me to those 2 wiki pages above. It then just continued to the next step and I wasn't able to set anything for the advanced option...
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 07:52:02 pm: Quote from: J. A. Calvo on January 18, 2010, 07:45:44 pm
Hi,

During the eBox installation, did you select the "standalone" option? There is a "advanced" option that it says is for master/slave configurations or Windows AD Sync.

You can try to execute in the console "/usr/share/ebox/ebox-unconfigure-module users" and you should be able to see the "Mode" menu again.

Oh that command did it! I hope the rest of the AD sync goes well but now I see the Mode option. Thanks so much!!
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: J. A. Calvo on January 18, 2010, 07:54:32 pm: The AD Sync hasn't been tested so much. So any feedback you can give us about it is really welcome.
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 08:17:44 pm: Quote from: J. A. Calvo on January 18, 2010, 07:54:32 pm
The AD Sync hasn't been tested so much. So any feedback you can give us about it is really welcome.

Well, I might have messed things up myself when I did a manual install of the usersAndGroups when it wasn't working.. I removed the usersAndGroups from the interface under software management. Then I went to my shell and did apt-get update and apt-get autoremove... Probably not a goog idea since it removes a ton of stuff, but I figured doing apt-get install ebox-usersAndGroups would reinstall what it needed.

When I put my LDAP properties in and tried to activate the UsersAndGroups module, I got this:

Quote
A really nasty bug has occurred
Exception
Failed to enable: root command ldapadd -H 'ldapi://' -Y EXTERNAL -c -f /var/lib/ebox/tmp/slapd-master.ldif failed. Error output: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Command output: . Exit value: 255
Trace
Failed to enable: root command ldapadd -H 'ldapi://' -Y EXTERNAL -c -f /var/lib/ebox/tmp/slapd-master.ldif failed.
Error output: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Command output: .
Exit value: 255 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74

It looks like my ldap credentials couldn't bind but maybe a nicer message was supposed to display? My DN has dc=mycompany,dc=com
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 08:32:16 pm: Is it maybe something to do with the fact that UsersAndGroups were enabled and then disabled before I unconfigured users and set it for AD Sync? There still exists a file /var/lib/ebox/config/ebox-ldap.passwd? Just shootin in the dark at this point.
Title: Re: 1.3.15 ActiveDirectorySync Wiki out of date, how can I configure?
Post by: danscrima on January 18, 2010, 09:14:19 pm: Whoa ok I got past that step now! I kept getting random errors about ldap not being able to bind, so I ended up doing a dpkg-reconfigure slapd and overwriting the db and purging after complete. Then I did the ./ebox-unconfigure-module users again because I thought that might clean the slate. When I then tried to save the usersAndGroups module it went through and I can finally see the AD settings.

Now to try and sync users...