Issue - stop working AutoProvision with MS AD (mode EAGER) if zimbraAutoProvBatchSize > 200 (Zimbra 8.6.0_GA_1182) CentOS 7

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Sergey Tarasov
Posts: 1
Joined: Fri Oct 23, 2015 6:27 am

Issue - stop working AutoProvision with MS AD (mode EAGER) if zimbraAutoProvBatchSize > 200 (Zimbra 8.6.0_GA_1182) CentOS 7

Post by Sergey Tarasov »

1. Config domain autoprovision:
[zimbra@mail1 root]$ zmprov gd domain.local | grep AutoP
zimbraAutoProvAccountNameMap: samAccountName
zimbraAutoProvAttrMap: description=description
zimbraAutoProvAttrMap: cn=cn
zimbraAutoProvAttrMap: givenName=givenName
zimbraAutoProvAttrMap: displayName=displayName
zimbraAutoProvAttrMap: sn=sn
zimbraAutoProvAuthMech: LDAP
zimbraAutoProvBatchSize: 300
zimbraAutoProvLdapAdminBindDn: cn=zimbra,cn=users,dc=domain,dc=local
zimbraAutoProvLdapAdminBindPassword: *********
zimbraAutoProvLdapSearchBase: dc=domain,dc=local
zimbraAutoProvLdapSearchFilter: (&(objectClass=user)(memberOf=cn=mail,cn=users,dc=domain,dc=local))
zimbraAutoProvLdapURL: ldap://192.168.x.x:389
zimbraAutoProvMode: EAGER
zimbraAutoProvNotificationBody: Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}.
zimbraAutoProvNotificationFromAddress: admin@domain.local
zimbraAutoProvNotificationSubject: New account auto provisioned

2. Log error:
2015-10-23 14:14:01,609 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: Balykov@domain.local, dn="CN=Balykov,OU=otk,DC=domain,DC=local"
2015-10-23 14:14:01,615 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: Kovalenko@domain.local, dn="CN=Kovalenko,OU=vipiska,OU=stroy,DC=domain,DC=local"
2015-10-23 14:14:01,617 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: Olifirov@domain.local, dn="CN=Olifirov,OU=vipiska,OU=metall,DC=domain,DC=local"
2015-10-23 14:14:01,621 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: Chernenko@domain.local, dn="CN=Chernenko,OU=otk,DC=domain,DC=local"
2015-10-23 14:14:01,625 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: Alexs@domain.local, dn="CN=Alexs,OU=prog,OU=asu,DC=domain,DC=local"
2015-10-23 14:14:01,629 INFO [AutoProvision] [] autoprov - search result contains unsuccessful external entries, increasing batch size by 200
2015-10-23 14:14:01,633 INFO [AutoProvision] [] autoprov - batch size is 400 now
2015-10-23 14:14:01,638 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2015-10-23 14:15:01,642 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain domain.local
2015-10-23 14:15:01,713 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain domain.local
com.zimbra.cs.ldap.LdapException: LDAP error: - unable to search ldap: referral
ExceptionId:AutoProvision:1445595301708:547a35c22e0afdd7
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(UBIDLdapException.java:84)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:229)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.searchPaged(UBIDLdapContext.java:549)
at com.zimbra.cs.account.ldap.AutoProvision.searchAutoProvDirectory(AutoProvision.java:672)
at com.zimbra.cs.account.ldap.AutoProvisionEager.searchAccounts(AutoProvisionEager.java:250)
at com.zimbra.cs.account.ldap.AutoProvisionEager.createAccountBatch(AutoProvisionEager.java:152)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleBatch(AutoProvisionEager.java:132)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleScheduledDomains(AutoProvisionEager.java:103)
at com.zimbra.cs.account.ldap.LdapProvisioning.autoProvAccountEager(LdapProvisioning.java:1049)
at com.zimbra.cs.account.AutoProvisionThread.run(AutoProvisionThread.java:150)
Caused by: LDAPSearchException(resultCode=10 (referral), numEntries=222, numReferences=3, errorMessage='referral', responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3310)
at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$Search.execute(UBIDLdapOperation.java:287)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.searchPaged(UBIDLdapContext.java:507)
... 7 more
2015-10-23 14:15:01,715 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2015-10-23 14:16:01,718 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain domain.local
2015-10-23 14:16:01,778 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain domain.local
com.zimbra.cs.ldap.LdapException: LDAP error: - unable to search ldap: referral
ExceptionId:AutoProvision:1445595361773:547a35c22e0afdd7
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(UBIDLdapException.java:84)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:229)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.searchPaged(UBIDLdapContext.java:549)
at com.zimbra.cs.account.ldap.AutoProvision.searchAutoProvDirectory(AutoProvision.java:672)
at com.zimbra.cs.account.ldap.AutoProvisionEager.searchAccounts(AutoProvisionEager.java:250)
at com.zimbra.cs.account.ldap.AutoProvisionEager.createAccountBatch(AutoProvisionEager.java:152)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleBatch(AutoProvisionEager.java:132)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleScheduledDomains(AutoProvisionEager.java:103)
at com.zimbra.cs.account.ldap.LdapProvisioning.autoProvAccountEager(LdapProvisioning.java:1049)
at com.zimbra.cs.account.AutoProvisionThread.run(AutoProvisionThread.java:150)
Caused by: LDAPSearchException(resultCode=10 (referral), numEntries=222, numReferences=3, errorMessage='referral', responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3310)
at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$Search.execute(UBIDLdapOperation.java:287)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.searchPaged(UBIDLdapContext.java:507)
... 7 more
2015-10-23 14:16:01,779 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.

Please help me to solve this problem.
Top
JOvalles P.
Posts: 27
Joined: Thu Jun 18, 2015 3:00 pm

Issue - stop working AutoProvision with MS AD (mode EAGER) if zimbraAutoProvBatchSize > 200 (Zimbra 8.6.0_GA_1182) CentOS 7

Post by JOvalles P. »

Hi, Check this entry, may refers to a change on external ldap.



The base distinguished name of the operation is not in this directory, but the domain controller has knowledge of another LDAP directory where it might be found (an "external referral").



https://technet.microsoft.com/en-us/lib ... 2147217396
Top
Post Reply

Return to “Administrators”