Hi,
I just installed zimbra & integrated it with Fedora-Directory-Server (FDS). It works great. Only problem is, the part about having to provision an account *manually* after creating it in FDS!!
I mean, the whole point of FDS is centralized management. I was wondering, why is it so difficult for Zimbra to 'auto-provision' an account if it authenticates successfuly over ldap! Other groupware suites has these features.
Is there anyway (even if not staright-forward) to get this going?
Thanks
Auto-provision accounts
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
Auto-provision accounts
What we've done with other LDAP deployments is just scripting a import from the other LDAP, then use a lastchanged or createdate and a cron job to auto-add new entries. zmprov command line tool makes this easy.
The auto-provision is a good idea and is in bugzilla. You can vote for it here:
http://bugzilla.zimbra.com/show_bug.cgi?id=7235
The auto-provision is a good idea and is in bugzilla. You can vote for it here:
http://bugzilla.zimbra.com/show_bug.cgi?id=7235
Auto-provision accounts
Ok, thanks for the reply. I really wish this feature gets implemented.
In the mean time, What would happen if I re-zmprov an account?? I'm just thinking about zmprov'ing all user accounts every 30 minutes (just to simplify my script, I have no idea what you mean about 'lastchanged' attributes)
On the other hand, if you can post any sample cron-job script, it would be really helpful
Thanks
In the mean time, What would happen if I re-zmprov an account?? I'm just thinking about zmprov'ing all user accounts every 30 minutes (just to simplify my script, I have no idea what you mean about 'lastchanged' attributes)
On the other hand, if you can post any sample cron-job script, it would be really helpful
Thanks
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
Auto-provision accounts
I'd probably error. Almost all LDAP directories have the idea of last change or create date. So you can query with ldapsearch just for new accounts. Calling zmprov for accounts that already exists seems like a waste of resources.
Don't have any scripts to post. They are written by our PS group for specfic Network customers. The basic idea is do an LDAP search for *new* accounts and zmprov them.
Don't have any scripts to post. They are written by our PS group for specfic Network customers. The basic idea is do an LDAP search for *new* accounts and zmprov them.
Auto-provision accounts
ok .. thanks for the prompt reply BTW 
You rock
One last thing ... Would the cleanest solution be, to use my FDS as the main directory server for Zimbra as well?? (after I transfer all needed schemas ... etc)
Would this work, and be recommended?
Thanks again
You rockOne last thing ... Would the cleanest solution be, to use my FDS as the main directory server for Zimbra as well?? (after I transfer all needed schemas ... etc)
Would this work, and be recommended?
Thanks again
-
daniellawson
- Posts: 16
- Joined: Fri Sep 12, 2014 10:05 pm
Auto-provision accounts
[QUOTE]One last thing ... Would the cleanest solution be, to use my FDS as the main directory server for Zimbra as well?? (after I transfer all needed schemas ... etc)
Would this work, and be recommended?[/QUOTE]
From what I've seen, this isn't the best way to do this. You can configure Zimbra to use an external GAL and external LDAP authentication, and point both of these at your FDS server.
This is the cleanest approach, and works the best in terms of tying other systems in (eg, samba authentication via the same LDAP tree). Having tried it the other way, I wouldn't bother going ahead with it.
Would this work, and be recommended?[/QUOTE]
From what I've seen, this isn't the best way to do this. You can configure Zimbra to use an external GAL and external LDAP authentication, and point both of these at your FDS server.
This is the cleanest approach, and works the best in terms of tying other systems in (eg, samba authentication via the same LDAP tree). Having tried it the other way, I wouldn't bother going ahead with it.