Page 1 of 1
Users in AD and OpenLDAP
Posted: Thu Nov 24, 2005 4:30 pm
by gribbler
I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?
Users in AD and OpenLDAP
Posted: Thu Nov 24, 2005 7:28 pm
by gribbler
[quote user="gribbler"]I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?[/QUOTE]
Is that correct that user accounts need to be in both the AD and the OpenLDAP?
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 3:33 am
by marcmac
It is necessary to create the users in ldap, but you don't have to use the web UI.
You can create users from the command line with zmprov:
zmprov ca etc...
So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.
So you'll have a file with zmprov commands on the lines:
ca
user@domain.com passwd1
ca
user2@domain.com passwd2
Then -
zmprov
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 2:24 pm
by gribbler
[quote user="marcmac"]It is necessary to create the users in ldap, but you don't have to use the web UI.
You can create users from the command line with zmprov:
zmprov ca etc...
So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.
So you'll have a file with zmprov commands on the lines:
ca
user@domain.com passwd1
ca
user2@domain.com passwd2
Then -
zmprov
Then whats the point of using AD? I was hoping to pul a username and password out of the AD...
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 2:42 pm
by marcmac
You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 2:44 pm
by gribbler
[quote user="marcmac"]You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.[/QUOTE]
Does it use the AD password? Do I need to set one in the LDAP DB?
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 2:51 pm
by marcmac
Yes, we auth with the password set in AD, so you don't have to set one in LDAP - except, I think there's a bug that requires a password be set in order to create the account, so you can set it to anything at account creation, and the AD password will be used.
Users in AD and OpenLDAP
Posted: Fri Nov 25, 2005 2:53 pm
by gribbler
Much appreciated. Now at least I feel like I've got a grasp on everything. Well. Sort of. you know.