[Solved] Autoprovision stoppped working
Posted: Fri Aug 18, 2017 12:21 pm
Hi,
I'm testing Eager autprovisioning mode for the first time (i always used Lazy). So I configured so it will only create users that are member of a specific AD group. For testing purposes, I created 2 AD users that are part of that group. One of the users is disabled in AD and other is enabled.
Right after enabling the autoprovisioing, it worked, it created the user in Zimbra as intended (while ignoring the AD disabled one). Then, for testing, I deleted that account in Zimbra to see if it was recreated, but that never happened. Then I tried enabling the second user in AD to see if Zimbra was able to provision that other account, but Zimbra did not provision that account either. I decided to create a 3rd account but Zimbra autoprovision script fails to detect any account. All of the accounts are in the same OU
zmcontrol -v
Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 NETWORK edition.
Extract from /opt/zimbra/log/mailbox.log that shows when the 1st user was succesfully created rigth after enabling the autoprovisioning.
2017-08-17 10:14:59,230 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-17 13:44:51,396 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 12:12:33,512 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 13:31:47,912 INFO [qtp127618319-563:https:https://localhost:7071/service/admin/soap/ModifyServerRequest] [name=zimbra;ua=zmprov/8.7.11_GA_1854;] autoprov - Starting auto provision thread with sleep interval 1m.
2017-08-18 13:31:47,931 INFO [AutoProvision] [] autoprov - Auto provision thread sleeping for 300000ms before doing work.
2017-08-18 13:36:47,963 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: ne1@example.com, dn="CN=ne1 ne1,OU=Pruebas Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=example,DC=com"
2017-08-18 13:36:48,001 INFO [AutoProvision] [] autoprov - auto provisioned account: ne1@example.com
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - auto provision notification sent rcpt='ne1@example.com' Message-ID=<1879425459.1.1503056208140.JavaMail.zimbra@srvzstore01.example.com>
2017-08-18 13:36:48,702 WARN [AutoProvision] [] autoprov - EAGER mode should configure zimbraAutoProvListenerClass
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20170818113647.967Z
2017-08-18 13:36:48,709 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
All I can see now in logs regarding autoprovision is just the message saying that it ran and found no new account to provision. Is like it only worked the first time...idk.
This is the configuration for the autoprovision.
zimbraAutoProvAccountNameMap "sAMAccountName"
zimbraAutoProvAttrMap "sn=sn"
+zimbraAutoProvAttrMap "description=description"
+zimbraAutoProvAttrMap "cn=displayName"
+zimbraAutoProvAttrMap "givenName=givenName"
zimbraAutoProvBatchSize "20"
zimbraAutoProvLdapAdminBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapAdminBindPassword "password"
zimbraAutoProvLdapBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchBase "OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchFilter "(&(&(objectclass=user)(objectcategory=person)(memberOf=cn=Zimbra NE,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org))(!(userAccountControl=514))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
zimbraAutoProvLdapURL "ldap://dominio.org:389"
zimbraAutoProvMode "EAGER"
zimbraAutoProvNotificationFromAddress "admin@dominio.org"
zimbraAutoProvNotificationSubject "Nueva cuenta de correo"
zimbraAutoProvPollingInterval "1m"
zimbraAutoProvScheduledDomains "dominio.org"
I'm testing Eager autprovisioning mode for the first time (i always used Lazy). So I configured so it will only create users that are member of a specific AD group. For testing purposes, I created 2 AD users that are part of that group. One of the users is disabled in AD and other is enabled.
Right after enabling the autoprovisioing, it worked, it created the user in Zimbra as intended (while ignoring the AD disabled one). Then, for testing, I deleted that account in Zimbra to see if it was recreated, but that never happened. Then I tried enabling the second user in AD to see if Zimbra was able to provision that other account, but Zimbra did not provision that account either. I decided to create a 3rd account but Zimbra autoprovision script fails to detect any account. All of the accounts are in the same OU
zmcontrol -v
Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 NETWORK edition.
Extract from /opt/zimbra/log/mailbox.log that shows when the 1st user was succesfully created rigth after enabling the autoprovisioning.
2017-08-17 10:14:59,230 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-17 13:44:51,396 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 12:12:33,512 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 13:31:47,912 INFO [qtp127618319-563:https:https://localhost:7071/service/admin/soap/ModifyServerRequest] [name=zimbra;ua=zmprov/8.7.11_GA_1854;] autoprov - Starting auto provision thread with sleep interval 1m.
2017-08-18 13:31:47,931 INFO [AutoProvision] [] autoprov - Auto provision thread sleeping for 300000ms before doing work.
2017-08-18 13:36:47,963 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: ne1@example.com, dn="CN=ne1 ne1,OU=Pruebas Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=example,DC=com"
2017-08-18 13:36:48,001 INFO [AutoProvision] [] autoprov - auto provisioned account: ne1@example.com
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - auto provision notification sent rcpt='ne1@example.com' Message-ID=<1879425459.1.1503056208140.JavaMail.zimbra@srvzstore01.example.com>
2017-08-18 13:36:48,702 WARN [AutoProvision] [] autoprov - EAGER mode should configure zimbraAutoProvListenerClass
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20170818113647.967Z
2017-08-18 13:36:48,709 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
All I can see now in logs regarding autoprovision is just the message saying that it ran and found no new account to provision. Is like it only worked the first time...idk.
This is the configuration for the autoprovision.
zimbraAutoProvAccountNameMap "sAMAccountName"
zimbraAutoProvAttrMap "sn=sn"
+zimbraAutoProvAttrMap "description=description"
+zimbraAutoProvAttrMap "cn=displayName"
+zimbraAutoProvAttrMap "givenName=givenName"
zimbraAutoProvBatchSize "20"
zimbraAutoProvLdapAdminBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapAdminBindPassword "password"
zimbraAutoProvLdapBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchBase "OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchFilter "(&(&(objectclass=user)(objectcategory=person)(memberOf=cn=Zimbra NE,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org))(!(userAccountControl=514))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
zimbraAutoProvLdapURL "ldap://dominio.org:389"
zimbraAutoProvMode "EAGER"
zimbraAutoProvNotificationFromAddress "admin@dominio.org"
zimbraAutoProvNotificationSubject "Nueva cuenta de correo"
zimbraAutoProvPollingInterval "1m"
zimbraAutoProvScheduledDomains "dominio.org"