AutoProv mode LAZY does not work

[DualBoot]

hello,

I have a problem to debug my situation with LAZY AutoProv. I set all the settings needs :

Code: Select all

zimbraAutoProvAuthMech: LDAP
zimbraAutoProvBatchSize: 20
zimbraAutoProvLdapAdminBindDn: cn=my_zimbra,dc=domain,dc=tld
zimbraAutoProvLdapAdminBindPassword: My_Really_Secret_Password
zimbraAutoProvLdapBindDn: uid=%u
zimbraAutoProvLdapSearchBase: ou=my_people,o=My_Company,dc=ext,dc=domain,dc=tld
zimbraAutoProvLdapSearchFilter: uid=%u
zimbraAutoProvLdapStartTlsEnabled: TRUE
zimbraAutoProvLdapURL: ldap://my_ldap_server:389
zimbraAutoProvMode: LAZY
zimbraAutoProvNotificationBody: Hello .  Your account has been auto provisioned.  Your email address is .
zimbraAutoProvNotificationFromAddress: no-reply@domain.tld
zimbraAutoProvNotificationSubject: New account auto provisioned

I checked my ldap connection, authentication et and search from my store to my LDAP server => OK, it returns expected result.
I checked the log => Nothing which make me think that authoProv do not do anything.
I tried to enabled DEBUG mode on the mailbox => nothing changed
I checked with a non existant user in the LDAP server => nothing happened, even at least an error.
My Zimbra is 8.7.11 OSE, so what I missed ?

Regards,

[DualBoot]

I think this is not a problem but related to Zimbra version : OSE Vs Network.
Anyone to confirm that ?
Regards,

[Jordack]

Take a look at this post, I posted my settings. These work with Network Edition.
viewtopic.php?f=15&t=66120

[DualBoot]

Thank you for the link, but I think my problem is related to OSE edition.
When reading Zimbra product comparison between OSE and Network, they said only Network support AD or LDAP integration but
they do not precise the scope. So I guess OSE version does not support AutoProv.

Regards,

[fs.schmidt]

Thank you for the link, but I think my problem is related to OSE edition.
When reading Zimbra product comparison between OSE and Network, they said only Network support AD or LDAP integration but
they do not precise the scope. So I guess OSE version does not support AutoProv.

Regards,

Hello,
Although there is no documentation about Autprov in Zimbra OSE I've always been able to use it.

I always needed to use the zimbraAutoProvAccountNameMap sAMAccountName parameter to specify which parameter should be used for the account name.

I hope this helps.

Best regards.
Fabio S. Schmidt

[DualBoot]

I just tried with zimbraAutoProvAccountNameMap uid
but it does not work too and as usual no error in the log.

Regards,

[DualBoot]

The only trace I got in the log are :

Code: Select all

2019-05-28 11:33:59,587 INFO  [qtp1798286609-6391] [] nginxlookup - missing header field Auth-User
2019-05-28 11:33:59,633 INFO  [qtp1798286609-6181] [] nginxlookup - user not found:user_I_want_to_create@domain.tld

Regards,

[DualBoot]

After digging deeper, my problem seems to be related to Split node architecture.
Mono server => AutoProv LAZY OK
Multi Server 1 Proxy/MTA + 1 Store/LDAP => AutoProv LAZY OK

My Configuration : 1 Proxy/MTA + 1 UI node + 1 Store + 1 LDAP => AutoProv LAZY KO
In fact my configuration is a bit tricky :

Code: Select all

1 Proxy/MTA + 1 UI node (classic one)------|
                                           |
                                           |--->1 Store + 1 LDAP
                                           | 
1 Proxy + 1 UI node (Universal UI )--------|

the 2 proxies do not communicate between each other.
One proxy show the classic UI and the other the Universal UI.

Regards,

[DualBoot]

Well, after digging and digging and digging, I found out the root cause :
I need to enable on my UI node the Zimbra service called service :

Code: Select all

zmprov ms $(zmhostname) +zimbraServiceEnabled service
zmcontrol restart

Enjoy,

[DualBoot]

In fact not enjoyed
I realized that accounts which were created before the modification have lost their root folders (Contacts, Calendar ...) in the web UI.
I could done a roll back with zmprov luckily.