[prev in list] [next in list] [prev in thread] [next in thread]
List: ngw
Subject: Re: [ngw] GW 2014 Testing
From: "Doug Ratz" <dratz () Lakeheadschools ! ca>
Date: 2014-04-17 15:54:07
Message-ID: 534FC0DF020000450004B6C7 () donald ! lakeheadschools ! ca
[Download RAW message or body]
That worked really well, thank you (though I'm sure I heard a maniacal laugh while \
running the command, must be my imagination!).
Now when I run it, I get 5 failures, rather than 2017. Where can I go to see a log \
file to tell me what the failures were?
Doug
Douglas Ratz
Lakehead Public Schools
(807) 625-5161
> > > On Wednesday, April 16, 2014 at 1:23 PM, "Morris Blackham" \
> > > <mblackham@gw.novell.com> wrote:
Instead of going thru the delegate wizard I had success doing it this way using \
dsacls.exe.
dsacls dc=evilempire,dc=com /I:S /G evilempire\gwadmin:RPWP;mail;user
dsacls dc=evilempire,dc=com /I:S /G evilempire\gwadmin:RPWP:proxyAddresses;user
and in you have associated groups:
dsacls dc=evilempire,dc=com /I:S /G evilempire\gwadmin:RPWP;mail;group
dsacls dc=evilempire,dc=com /I:S /G evilempire\gwadmin:RPWP:proxyAddresses;group
--Morris
> > > "Doug Ratz" <dratz@Lakeheadschools.ca> 4/16/2014 9:58 AM >>>
I see the "Appendix 1 LDAP Attributes Map" table on the last page of the upgrade \
guide. I'm not clear on how that helps me assign the rights in AD. Can you give me a \
bit more direction?
Am I on the right path using the Delegation of Control Wizard?
Or is there some other way to grant very specific rights in AD?
Thanks - Doug
Douglas Ratz
Lakehead Public Schools
(807) 625-5161
> > > On Wednesday, April 16, 2014 at 11:08 AM, "Paul Lamontagne" \
> > > <Paul.Lamontagne@lamtechconsulting.com> wrote:
At the End of Danita's book there is a table or Rights needed...:-)
It should be the mail attribute in AD that you would need to be able to write to and \
proxyaddress if you are using all allowed email addresses. If only using preferred \
than mail attribute shoudl be ok alone.
Paul Lamontagne
Become a GroupWise Power Admin
http://www.caledonia.net/register
> > > "Doug Ratz" <dratz@Lakeheadschools.ca> 4/16/2014 10:43 AM >>>
I set the LDAP user to be a domain admin account for testing, and the addresses \
synced properly, so it does appear to be a rights issue. So the question becomes, how \
do I assign rights to the LDAP user to update the email address?
I found these instructions:
http://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
So following them through I did the following:
- right click on the domain in ADUC (I want the ldap user to modify all users) and \
choose Delegation of Control Wizard
- choose my ldap user
- choose custom task to delegate
- choose User Objects
- Choose Property Specific permissions > Write E-Mail Address (Others)
- Finish
But the ldap user doesn't seem to be able to update the email. I still get a failure.
Any ideas on what to do to grant the necessary rights?
Doug
Douglas Ratz
Lakehead Public Schools
(807) 625-5161
> > > On Tuesday, April 15, 2014 at 10:48 AM, Joseph Marton <jmmarton@gmail.com> \
> > > wrote:
Does the LDAP user defined in the Directory source have rights to the email
attribute on the users?
Joe
On Tue, Apr 15, 2014 at 9:46 AM, Doug Ratz <dratz@lakeheadschools.ca> wrote:
> For the email address sync, I go into System > LDAP Servers and
> Directories, and choose my Directory Object. There is a check box at the
> bottom that says 'Enable Synchronization, and it is checked. When I click
> OK on that window, a pop up appears that says: "Publish Email. Do you want
> to update the directory Internet Email Addresses for all affected users?
> Yes/No". I click Yes, window says "Publish Email. Publishing email to the
> directory." Then it comes up with "Updated on LDAP Server 'my directory'
> with 2017 failures.
>
> What can be causing this failure? Where can I find a log file to tell me
> what the issue is? Where should I look to resolve this?
>
> Doug
>
>
> Douglas Ratz
> Lakehead Public Schools
> (807) 625-5161
>
> > > > On Monday, April 14, 2014 at 3:33 PM, "Morris Blackham" <
> mblackham@gw.novell.com> wrote:
>
> The email addr push to AD doesn't occur via the MTA sync. We wanted to
> make the MTA sync a pull-only process. To sync the email addr attribute,
> you can publish email addr per user, or just go to the directory
> configuration or internet address config, exit and you will get prompted to
> update/publish email addrs to the directory
>
> --Morris
> > > > "Doug Ratz" <dratz@Lakeheadschools.ca> 4/14/2014 12:52 PM >>>
> Windows 2008 R2. I am logged in as the Domain Admin, but did not
> right-click and runas administrator. I'll try that.
>
> I tried the sync and added the phone number for a user in AD, as the
> example in the guide, and I see the number sync-ing in the MTA log and it
> shows up in the GW admin console, so that's good. I deleted the email
> address in AD from the same user, but the sync-ing doesn't seem to take the
> email address from GW and put it back in AD. Would having the LDAP server
> setup allow the email address to be written from GW to AD ?
> Doug
>
>
>
> Douglas Ratz
> Lakehead Public Schools
> (807) 625-5161
>
> > > > On Monday, April 14, 2014 at 10:39 AM, "Morris Blackham" <
> mblackham@gw.novell.com> wrote:
>
> An LDAP server does NOT need to be configured if the directory object is
> created, which Doug says he already did.
>
> The MMC plugin issue sounds like a MMC issue. Are you installing it as
> Administrator? I have not run across this issue before. What Windows
> version are you installing to?
>
> --Morris
> > > > "Paul Lamontagne" <Paul.Lamontagne@lamtechconsulting.com> 4/14/2014
> 8:23 AM >>>
> LDAP can also be used for Synchronization, and not authentication. I woudl
> configure the LDAP server so that the User info is pulled form LDAP server
> into GroupWise and Email addresses published back to the LDAP server
>
> Have to be able to Read info from the directory and that is done with the
> LDAP server defined, so Yes in order fo the Plugins to work an LDAP server
> does need to be configured. It uses the credentials supplied with the LDAP
> server to provide the information teo the GroupWise admin account to update
> the objects in GroupWise.
>
>
> Paul Lamontagne
>
> Become a GroupWise Power Admin
> http://www.caledonia.net/register
> > > > "Doug Ratz" <dratz@Lakeheadschools.ca> 4/14/2014 10:13 AM >>>
> Next question is about LDAP servers.
>
> I've setup the connection to my test AD under System > LDAP Servers, and
> it seems OK. The upgrade guide says to create an LDAP server, though it
> isn't required. I'm not clear on why I would create an LDAP server, since I
> don't intend to use it to authenticate.
>
> A possibly related issue, when trying to install the MMC plugin for GW, I
> get an error, "An error occured while updating the DisplaySpecifiers in
> Active Directory. The error message is The LDAP server is unavailable." The
> test of the configuration is OK, but the error comes up when clicking OK to
> finish the install. Will I need the LDAP server setup to have the MMC
> plugin work?
>
> Doug
>
>
>
>
> Douglas Ratz
> Lakehead Public Schools
> (807) 625-5161
>
> > > > On Friday, April 11, 2014 at 9:26 AM, "Doug Ratz"
> <dratz@Lakeheadschools.ca> wrote:
>
> I am testing the upgrade from GW 8 on Windows 2008 R2 to GW 2014 on
> Windows 2008 R2 using AD.
>
> In the Caledonia Upgrade Guide for GroupWise 2014, it says that the GW
> object id must match the AD samAccountName for associating users En Masse.
> We have a few users with much longer names, longer than 20 characters. Can
> those users be associated individually? What about future users with long
> names? Is the samAccountName what GW hooks onto?
>
> Doug
>
>
> Douglas Ratz
> Lakehead Public Schools
> (807) 625-5161
>
>
> _______________________________________________
> ngw mailing list
> ngw@ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw
>
>
_______________________________________________
ngw mailing list
ngw@ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic