Sync openLDAP / Zimbra LDAP after account provisioning

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
gerardsd
Posts: 6
Joined: Sat Sep 13, 2014 3:04 am

Sync openLDAP / Zimbra LDAP after account provisioning

Post by gerardsd »

Hi there,
I am using ZCS 8.0.2 with external LDAP connection which is working fine.

When I login to ZCS with an existing openLDAP account, ZCS is getting all configured information via zimbraAutoProvAttrMap from openLDAP.
But if I change anything in openLDAP after the account is provisioned to ZCS, ZCS is not getting the changes from openLDAP until I delete this existing account in ZCS and use the autoprov-mech again.
Is there a way to sync account information from openLDAP->Zimbra for existing accounts?
When I do a "zmprov syg xyz.com" zimbra is getting the new information, but doesn't update the account.
Thanks in advance,
rg Dom
gerardsd
Posts: 6
Joined: Sat Sep 13, 2014 3:04 am

Sync openLDAP / Zimbra LDAP after account provisioning

Post by gerardsd »

Good morning,
anyone? :(
GlobalAdvisorsIT
Posts: 11
Joined: Sat Sep 13, 2014 3:18 am

Sync openLDAP / Zimbra LDAP after account provisioning

Post by GlobalAdvisorsIT »

Hi Dom
You wrote:
gerardsd wrote:Hi there,
I am using ZCS 8.0.2 with external LDAP connection which is working fine.

When I login to ZCS with an existing openLDAP account, ZCS is getting all configured information via zimbraAutoProvAttrMap from openLDAP.
But if I change anything in openLDAP after the account is provisioned to ZCS, ZCS is not getting the changes from openLDAP until I delete this existing account in ZCS and use the autoprov-mech again.
Is there a way to sync account information from openLDAP->Zimbra for existing accounts?
When I do a "zmprov syg xyz.com" zimbra is getting the new information, but doesn't update the account.
Thanks in advance,
rg Dom
I am on ZCS 8.0.6 FOSS and my accounts auto provision, but attribute changes do not.
Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition.
Regards
Marc
User avatar
jorgemop
Posts: 20
Joined: Sat Sep 13, 2014 3:27 am
Location: Venezuela

Sync openLDAP / Zimbra LDAP after account provisioning

Post by jorgemop »

i'm on the same path, openldap/samba server fully functional and a new server Zimbra, configure the authentication method to external ldap, (the bind test works fine), but my users account are on openldap/samba server. according understand is necessary:
1- create the accounts on zimbra server

2- establish some kind of synchronization
the first topic i think that make it by creation a file with all accounts and later "zmprov ca
the second topic i don't know how to make it. A key functionality of zimbra should be "integration" and i dont see it.
thanks for all your opinions and corrections
User avatar
jorgemop
Posts: 20
Joined: Sat Sep 13, 2014 3:27 am
Location: Venezuela

Sync openLDAP / Zimbra LDAP after account provisioning

Post by jorgemop »

hi, you wrote "I am using ZCS 8.0.2 with external LDAP connection which is working fine."
how do you that please, my hair is falling. A key functionality of zimbra should be "integration" but i don't find the path.
I configure the authentication method to external ldap and works fine, but my user still in the openldap/samba server. you know how to do this first syncro?...
the next step its manage the mailbox / account on the zimbra server from openldap/samba server, but one step at time.
thanks for help, greetings



PD: excuse my English, my natal language is Spanish
JOvalles P.
Posts: 27
Joined: Thu Jun 18, 2015 3:00 pm

Sync openLDAP / Zimbra LDAP after account provisioning

Post by JOvalles P. »

you can did the AutoProv with zimbra and openldap in eager mode, like this:
First External auth:
zimbraAdminConsoleLDAPAuthEnabled: FALSE
zimbraAuthFallbackToLocal: FALSE
zimbraAuthLdapSearchBase: ou=Personas,ou=Usuarios,dc=mydomain.com,dc=com
zimbraAuthLdapSearchBindDn: cn=Admin,dc=mydomain.com,dc=com
zimbraAuthLdapSearchBindPassword: 123456
zimbraAuthLdapSearchFilter: (&(uid=%u)(objectClass=OrganizationalPerson))
zimbraAuthLdapStartTlsEnabled: FALSE
zimbraAuthLdapURL: ldap://10.5.5.4:389
zimbraAuthMech: ldap

Second AutoProv:  example: 
zmprov md mydomain.com zimbraAutoProvAccountNameMap uid
zmprov md mydomain.com zimbraAutoProvLdapBindDn %u@mydomain.com
zmprov md mydomain.com zimbraAutoProvLdapSearchFilter "(&(|(objectclass=inetOrgPerson)))"
zmprov md mydomain.com zimbraAutoProvBatchSize 500
zmprov md mydomain.com zimbraAutoProvLastPolledTimestamp 20150702100000Z
zmprov md mydomain.com zimbraAutoProvLdapAdminBindDn "cn=Admin,dc=mydomain.com,dc=com"
zmprov md mydomain.com zimbraAutoProvLdapAdminBindPassword "123456"
zmprov md mydomain.com zimbraAutoProvLdapSearchBase "dc=mydomain,dc=com"
zmprov md mydomain.com zimbraAutoProvLdapURL "ldap://10.5.5.4:389"
zmprov md mydomain.com zimbraAutoProvMode EAGER
zmprov md mydomain.com zimbraAutoProvAuthMech LDAP
zmprov ms zimbrapro.innotech.com zimbraAutoProvPollingInterval 5 minutes
zmprov ms zimbrapro.innotech.com +zimbraAutoProvScheduledDomains mydomain.com
zmprov md mydomain.com zimbraAutoProvAttrMap cn=displayName
zmprov md mydomain.com +zimbraAutoProvAttrMap sn=sn
zmprov md mydomain.com +zimbraAutoProvAttrMap title=description
zmprov md mydomain.com +zimbraAutoProvAttrMap givenName=givenName

Now, the sync post AutoProv process is a mystery. 
Is really useful when i did a delete / create / modify a user of my external ldap automatically been deletes in zimbra
Anyone know how did this? 
daniele.antolini
Posts: 36
Joined: Fri Jul 08, 2016 7:41 am

Re: Sync openLDAP / Zimbra LDAP after account provisioning

Post by daniele.antolini »

Hello,

I need a sync post-provisioning too. I am on ZIMBRA NE 8.8.8
daniele.antolini
Posts: 36
Joined: Fri Jul 08, 2016 7:41 am

Re: Sync openLDAP / Zimbra LDAP after account provisioning

Post by daniele.antolini »

Hello,

check my topic "Sync from external ldap attribute to zimbra attribute after auto-provisioning".
I've just written a bash script to do this job. Please, test it

On the script, on commented lines, there is only a function to automatically delete Zimbra User when you delete from LDAP. Check it!
Post Reply