Zimbra auto-provisioining (autoprov) with multi-server environment

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
486dx
Posts: 2
Joined: Sat Dec 08, 2018 8:39 am

Zimbra auto-provisioining (autoprov) with multi-server environment

Post by 486dx »

Hello Zimbra Community,

I'm new to the community. Although I'm new to the forum, i have been reading for a long time this forum without registration. So now i have a one node Zimbra server that works smootly, this forum has been very helpful on every problem that i have experienced about zimbra.

Before i talk about my Zimbra questions, let me tell you about my current zimbra infrastructure.

What have I got?
- I have one node Zimbra 8.8.8_GA_2009 that has 40.000(!) user. Although the number of users too big, the number of our concurrent users is maximum 250-300. The majority of the accounts is student account that has no heavy traffic and all account has mailbox quota.
- As you can see the following topology, the Zimbra server connected to AD Domain Controller that has about 40.000 users by using "Secure Authentication between zimbra and AD" option to authentication for users. Everyting works smootly.
- To "Auto-Provisioning" for accounts on Domain Controller, I used "Autoprov" script. I set "zimbraAutoProvLdapSearchBase" to an Active Directory OU which is "OU=organization,dc=example,dc=com" . The script looks into the contents in "Organization OU" and then creates a newly user account. So far it is working efficiently.
- All auto-provisioned accounts has "Default Class of Service"


Image

What do I plan?

Also as you can see the below design, i wanted to set up a multi-server zimbra infrastructure. This is not a migration project. This is an new zimbra organization project.

This infrastructure will contain;
- 1 Active Directory Domain Controller for secure authentication and auto-provision
- 2 MTA/PROX/LDAP server which has LDAP MMR between LDAPS.
- 2 MX record for redundancy with DNS
- 2 Student Mailbox for Student accounts and 2 Staff Mailbox Server which is connected to Active Directory Domain Controller by using Secure Authentication and also set up Auto-Provision accounts from Active Directory Domain Controller.
- I panned Two "COS" for accounts. "StudentCOS" for Student account policies and "StaffCOS" for Staff account policies. So i can create accounts in seperate mailbox database by using COS.
- Also planned (probably last job) a "mailman" server which will manage distribution groups that has more than 10.000 accounts.
- All mailbox and other servers will (mta, proxy, zmstore) use same replicated one LDAP.



Image



My questions:
- Is this possible to use auto-provision script to provision all "OU=students,OU=organization,dc=example,dc=com" users to "Student Mailbox01" and "Student Mailbox01"?
And same time is this possible to use auto-provision script to provision all "OU=staff,OU=organization,dc=example,dc=com" users to "Staff Mailbox01 and 02"

If I speak more clearly, I want to use auto-provision script to provision from 2 different OU. As you can see the multi-server picture, I want to provision Student Accounts to Student Mailbox Servers with "Student COS" automatically and provision to Staff Accounts to Staff Mailbox Servers with "Staff COS".



- My other question is, "Zimbra auto-provisioining" script doesn't contain "COS" value to set cos parameter. Is there any way to set "COS" parameter during auto-provisioning time. To create student and staff account in -seperate- mailbox database, i will use this parameter. I planned student account to student mailbox database, and staff accounts staff databases -automatically-


- I had experienced an odd situation about zimbra auto-provision on my one-node zimbra. When i had installed first one-node zimbra, i connectected the server to active directory and configure auto-provision script successfully. The script did their job without any problems. But the script called only accounts that newly created on the domain controller. Didn't call already existing accounts. Despite my research, I didn't handle this problem.


Thank you so much for reading patiently and any help and guidance would be greatly appreciated. ;)

Hakan ORCAN
Post Reply