Novell GroupWise 2012 SP2
Microsoft Exchange Server 2010
You have installed Exchange system on non-English Windows server. Once you configured MTA at GroupWise site to sync GroupWise and Exchange users, it works only in one way, i.e. only Exchange users are created in a GroupWise system.
When checking MTA log in Verbose mode, you will see similar complain like:
Error: Domain <gw iDomain> not synchronized, Default Global Address List attribute not found in Exchange.
A reason behind is that in non-English Exchange systems objects in AD have different names. For instance, on German Exchange server English "Default Global Address List" is called "Globale Standardadressliste" and therefore LDAP sync cannot place GroupWise objects correctly as such object indeed does not exist.
The best way to find out system objects names in your AD site is to use any LDAP browser, like Softera for instance, and view properties of existing Exchange users. At user details site will be a line like, for example:
CN=Globale Standardadressliste,CN=All Global Address Lists,CN=Address Lists Container,CN=<your Exchange domain>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,dc=<com>
Now open MTA details in C1 and go into GroupWise | Exchange Synchronization tab. Highlight your active profile and Edit it. If you scroll down to a bottom, there is a section called Global Address List DN. Type (note do not copy and paste above string since this can cause white spaces being added in a domain database) the same string that you found out in your AD site about a location of your Global Address List. Save changes.
Next you can check how it works when you access MTA via HTTP interface:
1. Authenticate to HTTP interface of your MTA.
2. Go into Configuration tab.
3. Find and click on Exchange Configuration Settings.
4. Activate Perform Exchange Synchronization radio-button and click on Submit.
5. Check MTA log file how a sync worked this time. If all is OK, you shall see GroupWise Contacts created at AD site in a specified container.
If you still keep failing and getting error "Constraint violation" to create user, there there was probably some typos in the MTA configuration string for Global Address Book DN.
You can also test if you can create GroupWise like contact manually via LDIF import. Here is a way how to create your LDIF import file example:
dn: cn=Skippy,ou=myou,dc=<domain>,dc=<com> - (change dn to match what user you want to create and in which organizational Unit)
displayName: Skippy Jones (first last of your user)
sn: Jones (last name of the user)
legacyExchangeDN: /o=First Organization/ou=Exchange Administrative Group FYDIBOHF23SPDLT)/cn=Recipients/cn=Skippy
(You'll have to get the correct LegacyExchangeDN for your system, you can get it from ldap browser for an existing users,
just be sure to change the cn=user part at the end.)
(the users GW smtp addr)
mailNickname: skippy (mail nickname of user)
name: Skippy (this is the AD contact object name, we use the GW Object ID for this)
proxyAddresses: SMTP:email@example.com (be sure the SMTP part is UpperCase)
targetAddress: SMTP:firstname.lastname@example.org (same here, be sure the SMTP part is UpperCase)
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,dc=com
Here is a full example of a test ldif file:
displayName: ldif-user ldif-user
sn: Jones ldif-user
legacyExchangeDN: /o=Tomy Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=ldif-user
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Tomy Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=tomy,dc=com
Since Windows server by default does not come with ldapadd command, you will need to use, for instance, your Linux server to run following command:
ldapadd -h <Exchange LDAP IP> -D email@example.com
-W -f ldifFile (use your admin email address and ldif file name)
Example of a result:
oes11-gw2012:~/Desktop # ldapadd -h 188.8.131.52 -D firstname.lastname@example.org -W -f /media/nss/DATA/my-ldif.txt
Enter LDAP Password:
adding new entry "cn=ldif-user,ou=PO1,ou=Dom1,ou=GroupWise,dc=tomy,dc=com"
Shall you see errors "Constraint violation" still in MTA log files despite of all tests you do, then you might open and SR with Novell Technical Support. There was a defect in C1 code causing extra "white" characters being written in a domain database for any of CN configuration statements you use to specify a location of Global Address Lists.
This has been fixed and you can request newer build after NTS verifies this is also your case.