Full LDAP synchro for Zimbra OSE

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Full LDAP synchro for Zimbra OSE

Post by danielb »

Hi there.

I needed to have complete sync from an LDAP server to Zimbra. Zimbra itself supports external authentication, but it still requires accounts to be provisioned. There's the native autoProv feature, but it's lacking several features to be useful to me (I want users attributes like name, title, phone etc...) to be updated from LDAP, and not just copied once when account is provisionned. I also wanted to sync LDAP groups as distribution lists. And while at it, I wanted to sync email aliases defined in LDAP as aliases in Zimbra.

After checking a few existing scripts, none of them supported the features I wanted, so I wrote my own. Here it is : https://git.fws.fr/dani/zimbra/ (in the zmldapsync dir). It has the following features

Supports AD or more standard LDAP (should work with any LDAP server but has been tested against samba4 and OpenLDAP)
Supports several LDAP servers
Users can be selected with LDAP filters (of course ;-) )
Groups can be synchronized as distribution lists in Zimbra
Groups -> distribution lists supports sync of membership, including nested membership (groups which are part of another group)
Attributes (name, phone, title etc.) are synced for users and groups
Common default values are provided for attribute mapping, depending on the schema you use, but you can set a custom mapping, so it should work with any LDAP server
Aliases defined in LDAP are synced as aliases in Zimbra. But you can still define aliases directly in Zimbra, and they won't be touched by the script
Sync includes handling when the object is not found anymore in LDAP (user accounts are locked, distribution list and aliases are removed)

Please, give it a try if you're interested, and let me know. Caution : it's beta for now, try it first on a test system
Post Reply