Users in AD and OpenLDAP

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
gribbler
Posts: 18
Joined: Fri Sep 12, 2014 9:58 pm

Users in AD and OpenLDAP

Post by gribbler »

I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?
gribbler
Posts: 18
Joined: Fri Sep 12, 2014 9:58 pm

Users in AD and OpenLDAP

Post by gribbler »

[quote user="gribbler"]I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?[/QUOTE]


Is that correct that user accounts need to be in both the AD and the OpenLDAP?
marcmac
Elite member
Elite member
Posts: 2091
Joined: Fri Sep 12, 2014 9:53 pm

Users in AD and OpenLDAP

Post by marcmac »

It is necessary to create the users in ldap, but you don't have to use the web UI.
You can create users from the command line with zmprov:

zmprov ca etc...
So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.
So you'll have a file with zmprov commands on the lines:
ca user@domain.com passwd1

ca user2@domain.com passwd2
Then -

zmprov
gribbler
Posts: 18
Joined: Fri Sep 12, 2014 9:58 pm

Users in AD and OpenLDAP

Post by gribbler »

[quote user="marcmac"]It is necessary to create the users in ldap, but you don't have to use the web UI.
You can create users from the command line with zmprov:

zmprov ca etc...
So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.
So you'll have a file with zmprov commands on the lines:
ca user@domain.com passwd1

ca user2@domain.com passwd2
Then -

zmprov
Then whats the point of using AD? I was hoping to pul a username and password out of the AD...
marcmac
Elite member
Elite member
Posts: 2091
Joined: Fri Sep 12, 2014 9:53 pm

Users in AD and OpenLDAP

Post by marcmac »

You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.
gribbler
Posts: 18
Joined: Fri Sep 12, 2014 9:58 pm

Users in AD and OpenLDAP

Post by gribbler »

[quote user="marcmac"]You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.[/QUOTE]
Does it use the AD password? Do I need to set one in the LDAP DB?
marcmac
Elite member
Elite member
Posts: 2091
Joined: Fri Sep 12, 2014 9:53 pm

Users in AD and OpenLDAP

Post by marcmac »

Yes, we auth with the password set in AD, so you don't have to set one in LDAP - except, I think there's a bug that requires a password be set in order to create the account, so you can set it to anything at account creation, and the AD password will be used.
gribbler
Posts: 18
Joined: Fri Sep 12, 2014 9:58 pm

Users in AD and OpenLDAP

Post by gribbler »

Much appreciated. Now at least I feel like I've got a grasp on everything. Well. Sort of. you know.
Post Reply