Kolab and ActiveDirectory
Stephan Buys
list at codefusion.co.za
Thu Aug 12 12:35:25 CEST 2004
Hi,
I am copying the list as this might be interesting to some other people in
the future...
There probably isn't a problem, the Kolab server will be in constant contact
with the AD server. We dont use a polling scheme, but the following:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/change_notifications_in_active_directory.asp
In other words:
1) Do an initial SYNC
2) Register with AD to receive notifications of changes to a certain DN.
3) AD coninuously notifies us of changes, for example: the AD is updated
whenever a user logs in... (on big systems this might be quite noticeable)
The time value we mention is for the case where AD closes the connection
and we are not able to detect it. We tear down the notification mechanism
and restart every X minutes. I think the conf value for this is:
conn_refresh_period : ...
Maybe you would want to increase this value...
What you should be worried about is if the Kolab server is continuously
doing a synchronization with AD. If you have a large AD user tree odds
are that you will see continuous activity.
Regards,
Stephan
On Thursday 12 August 2004 12:15, you wrote:
> When i start kolabd via '/kolab/etc/rc kolab start', it initializes fine so
> far, but then it seems to talk to the windows box every second, instead of
> every 120 seconds or 60 minutes as the debug-output says. It periodically
> says "Change notification received", even if i do not touch the windows
> machine. I'm curious if it has something to do with the windows server, or
> if it's an issue somewhere inside the kolab-code.
>
> I first installed kolab-20040217-2.0.0.src.rpm (and all dependend packages)
> and now already updated the kolab perl-modules to latest versions
> (1.01-1.03), as the source-rpm's are version 0.9 only, but that didn't do
> anything. I also took a little look at the code, but couldn't find anything
> either yet.
>
> The syslog looks as follows (locatest.de is my
> Windows/ActiveDirectory-domain) after running 'rc kolab start':
>
> Aug 12 11:52:43 debianmail C: Reloading configuration
> Aug 12 11:52:43 debianmail C: Finished reloading configuration
> Aug 12 11:52:45 debianmail kolabd[30623]: Kolab is starting up
> Aug 12 11:52:45 debianmail kolabd[30623]: L: Starting up
> Aug 12 11:52:45 debianmail kolabd[30623]: L: Opening mailbox uid cache DB
> Aug 12 11:52:45 debianmail kolabd[30623]: L: Opening graveyard uid/timestamp
> cache DB
> Aug 12 11:52:45 debianmail kolabd[30623]: K: Loading backends
> Aug 12 11:52:45 debianmail kolabd[30623]: B: Loading backend `slurpd'
> Aug 12 11:52:46 debianmail kolabd[30623]: B: Loading backend `ad'
> Aug 12 11:52:46 debianmail kolabd[30623]: B: Loading backend `dirservd'
> Aug 12 11:52:46 debianmail kolabd[30623]: K: Performing backend startup
> Aug 12 11:52:46 debianmail kolabd[30623]: K: Synchronising
> Aug 12 11:52:46 debianmail kolabd[30623]: L: Synchronising
> Aug 12 11:52:46 debianmail kolabd[30623]: Y: Connecting to local Cyrus admin
> interface
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Synchronising `user' objects
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Connecting to LDAP server
> `212.28.230.105:389'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Binding to
> `cn=Administrator,cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Synchronising `user' DN
> `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:47 debianmail kolabd[30623]: L Debug:
> Kolab::LDAP::createObject() called with obj uid field `mail' for obj type
> `user'
> Aug 12 11:52:47 debianmail kolabd[30623]: L Debug: Synchronising object
> `user1 at locatest.de'
> Aug 12 11:52:47 debianmail kolabd[30623]: L Debug: GUID attribute
> `objectGUID' is `^VvÈ«^[QíM\223;N²\233Áù\221'
> Aug 12 11:52:47 debianmail kolabd[30623]: L Warning: Object
> `user1 at locatest.de' already exists as `user1 at debianmail'; refusing to create
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Finished synchronising `user'
> DN `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Finished `user' object
> synchronisation
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Synchronising `sf' objects
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Connecting to LDAP server
> `127.0.0.1:389'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Binding to
> `cn=manager,dc=debianmail'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Synchronising `sf' DN
> `dc=debianmail'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Finished synchronising `sf' DN
> `dc=debianmail'
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Finished `sf' object
> synchronisation
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Synchronising mailboxes
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Gravekeeping (period = 10080
> minutes)
> Aug 12 11:52:47 debianmail kolabd[30623]: L: Finished synchronisation
> Aug 12 11:52:47 debianmail kolabd[30623]: K: Synchronisation complete,
> starting up daemon
> Aug 12 11:52:47 debianmail kolabd[30623]: K: Forking `ad' listener
> Aug 12 11:52:47 debianmail kolabd[30623]: K: Forking `dirservd' listener
> Aug 12 11:52:47 debianmail kolabd[30631]: AD: Listener starting up
> Aug 12 11:52:47 debianmail kolabd[30632]: DSd: Listener starting up, refresh
> is: 120 seconds
> Aug 12 11:52:47 debianmail kolabd[30631]: Y: Connecting to local Cyrus admin
> interface
> Aug 12 11:52:47 debianmail kolabd[30623]: K: Forking `slurpd' listener
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Cyrus connection
> established
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Creating LDAP connection
> to AD server
> Aug 12 11:52:48 debianmail kolabd[30631]: L: Connecting to LDAP server
> `212.28.230.105:389'
> Aug 12 11:52:48 debianmail kolabd[30633]: SD: Opening listen server on port
> 9999
> Aug 12 11:52:48 debianmail kolabd[30623]: K: Listeners spawned, wait()ing
> Aug 12 11:52:48 debianmail kolabd[30631]: L: Binding to
> `cn=Administrator,cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: LDAP connection
> established
> Aug 12 11:52:48 debianmail kolabd[30631]: L Debug: LDAP operations are
> asynchronous
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Async checked
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Control created
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: User DN list =
> cn=Users,dc=locatest,dc=de
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Registering change
> notification on DN `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Change notification registered
> on `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30633]: SD: Listen server opened, waiting
> for incoming connections
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Waiting for changes (refresh
> period = 60 minutes)...
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Change notification
> received
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: mesg is a search object,
> not testing code
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: changeCallback() called
> with a null entry
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Creating LDAP connection
> to AD server
> Aug 12 11:52:48 debianmail kolabd[30631]: L: Connecting to LDAP server
> `212.28.230.105:389'
> Aug 12 11:52:48 debianmail kolabd[30631]: L: Binding to
> `cn=Administrator,cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: LDAP connection
> established
> Aug 12 11:52:48 debianmail kolabd[30631]: L Debug: LDAP operations are
> asynchronous
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Async checked
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Control created
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: User DN list =
> cn=Users,dc=locatest,dc=de
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Registering change
> notification on DN `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Change notification registered
> on `cn=Users,dc=locatest,dc=de'
> Aug 12 11:52:48 debianmail kolabd[30631]: AD: Waiting for changes (refresh
> period = 60 minutes)...
> Aug 12 11:52:48 debianmail kolabd[30631]: AD Debug: Change notification
> received
>
> ... and so on.
>
> The /kolab/etc/kolab/kolab.conf:
>
> base_dn : dc=debianmail
> bind_dn : cn=manager,dc=debianmail
> bind_pw : ...
> ldap_uri : ldap://127.0.0.1:389
> php_dn : cn=nobody,dc=debianmail
> php_pw : ...
> user_directory_mode : ad
> user_ldap_uri : ldap://212.28.230.105
> user_dn_list : cn=Users,dc=locatest,dc=de
> user_bind_dn : cn=Administrator,cn=Users,dc=locatest,dc=de
> user_bind_pw : ...
> user_field_deleted : isDeleted
> user_field_modified : whenChanged
> user_field_guid : objectGUID
> user_field_quota : userquota
> user_object_class : organizationalPerson
> cyrus_admin_pw : ...
> log_level : 4
>
> Any help on where to start/look at would be nice. Thanks in advance.
>
> Regards,
> Daniel Scheller
>
> --
> LocaNet oHG - http://www.loca.net
> Lindemannstr. 81, D-44137 Dortmund
> tel +49 231 91596-21, fax +49 231 91596-55
>
>
>
>
>
--
Stephan Buys
Code Fusion cc.
Tel: +27 11 391 1412
Mobile: +27 83 294 1876
Email: s.buys at codefusion.co.za
E-mail Solutions, Kolab Specialists.
http://www.codefusion.co.za
More information about the users
mailing list