[SOLVED] Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Looking to migrate to ZCS? Ask here. Got a great tip or script that helped you migrate? Post it here.
Post Reply
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

[SOLVED] Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by ElClay »

My installation of Zimbra 8.7 is A single server and my infrastructure for mail is composed as follows:

Server A: Dns + OpenLdap v2.4 under Debian 6, with about 500 users.
Server B: Zimbra Collaboration 8.7.1 under Ubuntu 16.04.

I need to integrate or migrate my OpenLdap (server a) to Zimbra-ldap (server b) for what purpose ?, for use by existing users in my OpenLdap and that when creating a new user is automatically created in my Zimbra-ldap.

Is it currently possible to do this?
What alternatives do I have to do it?

regards
Last edited by ElClay on Fri Nov 25, 2016 8:10 pm, edited 1 time in total.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by phoenix »

How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
sensor
Posts: 38
Joined: Tue Apr 12, 2016 7:52 am

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by sensor »

Hi,

I would say that depends on what your future plans with that openldap server are. Basically you have 2 options: HTH,
Sensor
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by ElClay »

phoenix wrote:How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt
Ok I'm testing with the information they gave me, but now I have another problem I'm throwing the following error:

tail -f /opt/zimbra/log/mailbox.log
2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute


How do I clean this attribute? zimbraAutoProvAttrMap: sn=commonName

Try changing it with this command: zmprov md my.domain +zimbraAutoProvAttrMap sn=sn But I'm still throwing the same error

So I would like to know how to clean that attribute or what is the valid attribute for zimbra, (zimbraAutoProvAttrMap: sn=?)

S.O.S
User avatar
sensor
Posts: 38
Joined: Tue Apr 12, 2016 7:52 am

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by sensor »

Let's have a look at the definition for zimbraAutoProvAttrMap:

Code: Select all

<attr id="1231" name="zimbraAutoProvAttrMap" type="string" max="256" cardinality="multi" optionalIn="domain" since="8.0.0">
  <desc>
     EAGER mode: optional 
      LAZY mode: optional 
    MANUAL mode: optional  
  
    Attribute map for mapping attribute values from the external entry to Zimbra account attributes.
    Values are in the format of {external attribute}={zimbra attribute}.
    If not set, no attributes from the external directory will be populated in Zimbra directory.
    
    Invalid mapping configuration will cause the account creation to fail.
    Examples of bad mapping:
        - invalid external attribute name.
        - invalid Zimbra attribute name.
        - external attribute has multiple values but the zimbra attribute is single-valued.
        - syntax violation.  e.g. Value on the external attribute is a String but the Zimbra 
          attribute is declared an integer.
  </desc>
</attr>
so your problem is very obvious:
2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute
remove the configured mapping:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap sn=commonName
and set it up correctly:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap commonName=sn
check your settings:

Code: Select all

$ zmprov gd example.com md zimbraAutoProvAttrMap
and remove all unintended settings as described above.
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Post by ElClay »

Thank you very much for the information sensor and fenix that helped me a lot, I was able to implement the connection without any problem thanks to you.

I only have one last question, is it possible to enable the password change under this scheme ?, ie; That when changing the password in the Zimbra (server b) is changed in the OpenLdap (server a).

Since you try to change the password in the Zimbra and when entering the email account, it still uses the OpenLdap password, ie it does not take the password change.

regards
Post Reply