How to work auto-provision in Zimbra 8.8.15

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Posts: 1
Joined: Fri Sep 06, 2019 10:49 am

How to work auto-provision in Zimbra 8.8.15

Postby alren » Wed Sep 11, 2019 1:11 pm

Hi everyone,
I'm using zimbra 8.8.15 version. The admin gui and user gui is working. I configured the Active directory connection from admin gui -> configuration ->Domains and checked is succes. And I added new user to zimbra also exist Active directory user,
that user login with active directory user password with user gui at zimbra. And I want to use auto-provising eager mode because I have 2000 user in active directory and I can't create all user at zimbra by manuel.

So I create the file /srv/autoprovision.zmp

md zimbraAutoProvAccountNameMap sAMAccountName
md zimbraAutoProvBatchSize 20
md zimbraAutoProvLdapAdminBindDn "CN=Administrator,OU=Birimler,DC=domain,DC=name"
md zimbraAutoProvLdapAdminBindPassword "password"
md zimbraAutoProvLdapBindDn "dc=domain,dc=name"
md zimbraAutoProvLdapSearchBase "dc=domain,dc=name"
md zimbraAutoProvLdapSearchFilter (&(sAMAccountName=%u))
md zimbraAutoProvLdapStartTlsEnabled FALSE
md zimbraAutoProvLdapURL "ldap://dc_ip:389"
md zimbraAutoProvMode EAGER
md zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md zimbraAutoProvNotificationSubject "New account auto provisioned"
ms zimbraAutoProvPollingInterval 1m
ms zimbraAutoProvScheduledDomains ""

then I ran this command
zmprov < /srv/autoprovision.zmp
It successed.

When I checked /opt/zimbra/log/mailbox.log file , I saw this lines

2019-09-11 16:02:00,618 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:02:07,783 INFO [MailboxPurge] [;mid=7;] purge - Purging messages.
2019-09-11 16:03:00,620 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain
2019-09-11 16:03:00,635 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain
com.zimbra.cs.ldap.LdapException: LDAP error: - unable to get connection: ldap host=: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.<init>(
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.getExternalContextImpl(
at com.zimbra.cs.ldap.LdapClient.getExternalContext(
at com.zimbra.cs.account.ldap.AutoProvision.searchAutoProvDirectory(
at com.zimbra.cs.account.ldap.AutoProvisionEager.searchAccounts(
at com.zimbra.cs.account.ldap.AutoProvisionEager.createAccountBatch(
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleBatch(
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleScheduledDomains(
at com.zimbra.cs.account.ldap.LdapProvisioning.autoProvAccountEager(
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment:$
at com.unboundid.ldap.sdk.LDAPConnection.bind(
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(
at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(
at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$GetConnection.execute(
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(
... 10 more
2019-09-11 16:03:00,636 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:03:07,800 INFO [MailboxPurge] [;mid=2;] purge - Purging messages.
2019-09-11 16:03:31,759 INFO [qtp1010670443-6043:] [;mid=2;ip=;port=52339;ua=ZimbraWebClient - GC76 (Win);soapId=525b32bb;] soap - NoOpReques$

I didn't found the solve . I tried many many method.

*I tried this commands but not work
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmcontrol restart

*I tried ldap port number change 389 to 3268 but not work.

Return to “Administrators”

Who is online

Users browsing this forum: zimico and 15 guests