8 Replies Latest reply: May 18, 2012 1:52 PM by rukbat RSS

    Using DSCC with Sieve Filters

    JimKlimov
      I was "playing" with a new installation of Messaging Suite with all the latest patches on, and found a few annoyances around LDAP modification.

      Many annoyances are that the end-products (such as Delegated Admin and UWC) seem to read their corresponding LDAP values not in real-time, but upon web-server restart (DA and service package definitions), or at least logout-login to the client Web-interface (UWC and many user settings, including the permitted services and Sieve filters in LDAP fields).

      However, one thing is worse than a mere annoyance: I defined a Sieve mail filter in a test user's profile and wanted to research it using the Directory Editor (DSCC component of the Sun Web Console on the LDAP host).

      The attribute "mailsieverulesource" is kept in DSEE as a base64 value (which is somehow different from being simply a base64 string, in that it is automatically converted to the binary contents on read perhaps?). When I do an ldapsearch or ldapmodify this is seen by double-colons:

      mailsieverulesource:: I1JVTEU6....

      However when the DSCC editor opens the entry in either "Entry overview" or "Text overview" modes, it reads the contained sieve script as a multiline value and either saves it as a dozen of "mailsieverulesource:" values (from Overview mode), or doesn't save them at all because no attribute is prepended to a line (Text view mode).

      In either case, creating a filter makes it nearly impossible to use the recommended and supported Web-GUI to edit other aspects of an LDAP entry.

      I understand that Sun Web Console is an offtopic in the Messaging Forum, but perhaps somebody who already faced this problem can suggest workarounds? For example, is there a way to reconfigure the DSCC Web-GUI so that it would keep the base64 lines as base64 chunks and not decode them in-line unless asked to?
        • 1. Re: Using DSCC with Sieve Filters
          807574
          JimKlimov wrote:
          Many annoyances are that the end-products (such as Delegated Admin and UWC) seem to read their corresponding LDAP values not in real-time, but upon web-server restart (DA and service package definitions), or at least logout-login to the client Web-interface (UWC and many user settings, including the permitted services and Sieve filters in LDAP fields).
          Delegated Administrator is theoretically meant to refresh its service package definitions based on the servicepackage-ttlhours and servicepackage-ttlminutes settings in the resources.properties file. By default this is set to 5 hours and 0 minutes respectively. Unfortunately due to a known bug (#6722606) modifying the settings doesn't cause the refresh period to change.

          On the UWC/CE interface side, having the LDAP values read in 'real-time' would be extremely load-intensive on the Directory Server. Communication Suite is designed to scale by default to 10K-100K's of accounts which is why the developers make decisions that may seem illogical to smaller sites.
          However, one thing is worse than a mere annoyance: I defined a Sieve mail filter in a test user's profile and wanted to research it using the Directory Editor (DSCC component of the Sun Web Console on the LDAP host).

          The attribute "mailsieverulesource" is kept in DSEE as a base64 value (which is somehow different from being simply a base64 string, in that it is automatically converted to the binary contents on read perhaps?).
          Actually the attribute is stored in UTF-8. It is ldapsearch which converts the data to base64 as the data contains information which could cause problem when printed (new line characters, spaces etc.).
          However when the DSCC editor opens the entry in either "Entry overview" or "Text overview" modes, it reads the contained sieve script as a multiline value and either saves it as a dozen of "mailsieverulesource:" values (from Overview mode), or doesn't save them at all because no attribute is prepended to a line (Text view mode).
          This is a known bug #6723208 - "DSCC corrupts mailSieveRuleSource when user is updated"
          I understand that Sun Web Console is an offtopic in the Messaging Forum, but perhaps somebody who already faced this problem can suggest workarounds?
          To edit sieve filters I use ldapsearch/ldapmodify. This is discussed in an older forum thread:

          http://forum.java.sun.com/thread.jspa?threadID=5295255

          Regards,

          Shane.
          • 2. Re: Using DSCC with Sieve Filters
            JimKlimov
            Hello Shane, thanks for clarification.
            shane_hjorth wrote:
            To edit sieve filters I use ldapsearch/ldapmodify. This is discussed in an older forum thread:
            http://forum.java.sun.com/thread.jspa?threadID=5295255
            I have previously read the thread you mention and used the samples, and want to thank you very much again, for your relevant replies all over this forum :)
            shane_hjorth wrote:
            On the UWC/CE interface side, having the LDAP values read in 'real-time' would be extremely load-intensive on the Directory Server. Communication Suite is designed to scale by default to 10K-100K's of accounts which is why the developers make decisions that may seem illogical to smaller sites.
            Is it possible, perhaps, to add some link or button to the UWC/CE user desktop called Refresh or likewise, which would actually do the re-login chores without the need to re-enter the password? I think it would simplify the helpdesk calls, i.e. "I have changed your profile settings, please press the Refresh button to update your CE tabs" :)
            shane_hjorth wrote:
            Jim Klimov wrote:
            However when the DSCC editor opens the entry in either "Entry overview" or "Text overview" modes, it reads the contained sieve script as a multiline value and either saves it as a dozen of "mailsieverulesource:" values (from Overview mode), or doesn't save them at all because no attribute is prepended to a line (Text view mode).
            This is a known bug #6723208 - "DSCC corrupts mailSieveRuleSource when user is updated"
            I hope the bug gets fixed soon, because it does render the DSCC Web-GUI to LDAP useless if a user entry has a mail filter, and using command-line clients like ldapmodify for everyday administration requires some skill and systems-access level :)

            (We plan to use this LDAP for a number of tasks, not only Comms suite but also Solaris and perhaps Samba/Windows authentication, so working direct administrative access to LDAP is a must).
            I understand that Sun Web Console is an offtopic in the Messaging Forum, but perhaps somebody who already faced this problem can suggest workarounds?
            Still, any suggestions on how to disable base64-decoding in DSCC? I'd rather see unreadable chunks of text in some attributes, than discard the whole tool :)

            TIA,
            //Jim Klimov

            Edited by: JimKlimov on Jul 15, 2008 10:48 AM
            typos :)
            • 3. Re: Using DSCC with Sieve Filters
              807574
              JimKlimov wrote:
              shane_hjorth wrote:
              On the UWC/CE interface side, having the LDAP values read in 'real-time' would be extremely load-intensive on the Directory Server. Communication Suite is designed to scale by default to 10K-100K's of accounts which is why the developers make decisions that may seem illogical to smaller sites.
              Is it possible, perhaps, to add some link or button to the UWC/CE user desktop called Refresh or likewise, which would actually do the re-login chores without the need to re-enter the password?
              Such functionality would require a reworking of the underlying authentication & session code. Whilst this may be "possible" I doubt the developers would consider it a high priority. You are welcome to log a support case to get an RFE (request for enhancement) created.
              I think it would simplify the helpdesk calls, i.e. "I have changed your profile settings, please press the Refresh button to update your CE tabs" :)
              "Please logout and login again.." seems pretty straight-forward to me.
              This is a known bug #6723208 - "DSCC corrupts mailSieveRuleSource when user is updated"
              I hope the bug gets fixed soon, because it does render the DSCC Web-GUI to LDAP useless if a user entry has a mail filter, and using command-line clients like ldapmodify for everyday administration requires some skill and systems-access level :)
              If you want the bug fixed (in a current release) you need to log a support case to have the bug escalated for a fix.
              I understand that Sun Web Console is an offtopic in the Messaging Forum, but perhaps somebody who already faced this problem can suggest workarounds?
              Still, any suggestions on how to disable base64-decoding in DSCC? I'd rather see unreadable chunks of text in some attributes, than discard the whole tool :)
              As I noted before the data is not stored in base64 format so if anything, you would need to enable base-64 encoding in DSCC. As for whether this is possible you would need to ask on the Directory Forum.

              http://forum.java.sun.com/forum.jspa?forumID=761

              Prior to your question I hadn't used the tool myself so I'm far from an expert on it.

              Regards,

              Shane.
              • 4. Re: Using DSCC with Sieve Filters
                JimKlimov
                Thank you for the replies Shane, I guess this matter is closed as far as the JCS forum goes.
                shane_hjorth wrote:
                JimKlimov wrote:
                Is it possible, perhaps, to add some link or button to the UWC/CE user desktop called Refresh or likewise, which would actually do the re-login chores without the need to re-enter the password?
                Such functionality would require a reworking of the underlying authentication & session code. Whilst this may be "possible" I doubt the developers would consider it a high priority. You are welcome to log a support case to get an RFE (request for enhancement) created.
                I think it would simplify the helpdesk calls, i.e. "I have changed your profile settings, please press the Refresh button to update your CE tabs" :)
                "Please logout and login again.." seems pretty straight-forward to me.
                If session re-init is such a core functionality, we'll stick with logout-login line then.

                I thought it could be done easily by JavaScript in the web-interface. Hope I'll have time to research this line as well.
                shane_hjorth wrote:
                JimKlimov wrote:
                shane_hjorth wrote:
                This is a known bug #6723208 - "DSCC corrupts mailSieveRuleSource when user is updated"
                I hope the bug gets fixed soon, because it does render the DSCC Web-GUI to LDAP useless if a user entry has a mail filter, and using command-line clients like ldapmodify for everyday administration requires some skill and systems-access level :)
                If you want the bug fixed (in a current release) you need to log a support case to have the bug escalated for a fix.
                Do our customers need a purchased support so we may request an RFE on their behalf, or can that be done by anybody?

                Can someone with a contract, or someone "inside" Sun, "sponsor" our request to log/escalate it?
                As I noted before the data is not stored in base64 format so if anything, you would need to enable base-64 encoding in DSCC. As for whether this is possible you would need to ask on the Directory Forum.

                http://forum.java.sun.com/forum.jspa?forumID=761
                I have asked on the Directory Server forum, for cross-reference the link is:
                [http://forums.sun.com/thread.jspa?threadID=5315186|http://forums.sun.com/thread.jspa?threadID=5315186]

                Edited by: JimKlimov on Jul 18, 2008 12:48 PM

                Forum preview mangled the message quotation markup. Definitely not my week :)
                • 5. Re: Using DSCC with Sieve Filters
                  807574
                  JimKlimov wrote:
                  If you want the bug fixed (in a current release) you need to log a support case to have the bug escalated for a fix.
                  Do our customers need a purchased support so we may request an RFE on their behalf, or can that be done by anybody?
                  Anybody who has a Sun support contract for the product can request that a bug be fixed.
                  Can someone with a contract, or someone "inside" Sun, "sponsor" our request to log/escalate it?
                  Somebody "inside" Sun cannot log/escalate a bug unless it has an actual customer (with a support contract) associated with the request. Whilst the development group may end up fixing the bug (if they get the time) it will only be in a future release and not an existing release/patch.

                  Regards,

                  Shane.
                  • 6. Re: Using DSCC with Sieve Filters
                    JGoubeaux
                    Hello,

                    I am trying to locate the info discussed in this thread from way back and am having trbl locating the document listed below, eg: http://forum.java.sun.com/thread.jspa?threadID=5295255
                    referenced below from a post Shane made

                    Is this older Sun Msg forum Data still available ?

                    -john


                    shane_hjorth wrote:
                    To edit sieve filters I use ldapsearch/ldapmodify. This is discussed in an older forum thread:
                    http://forum.java.sun.com/thread.jspa?threadID=5295255
                    • 7. Re: Using DSCC with Sieve Filters
                      JGoubeaux wrote:
                      Hello,

                      Is this older Sun Msg forum Data still available ?

                      -john
                      No.
                      It's all gone. At least all the URL references are gone.
                      It's been gone for more than two years, since most-but-not-all was migrated across and merged into the OTN forums.

                      The text might be in a thread somewhere but all links that include the old forum domain name are broken (non-existent).

                      You would serve yourself best by just initiating a new thread and hope for a new discussion on the subject.
                      • 8. Re: Using DSCC with Sieve Filters
                        Moderator Action:
                        This old residual example of merged information is now locked to prevent it being resurrected again. Notice the SunForumsGuest23 moniker in some of the posts? That is forum text from a Sun forum user that never re-registered to OTN.