How to work auto-provision in Zimbra 8.8.15
Posted: Wed Sep 11, 2019 1:11 pm
Hi everyone,
I'm using zimbra 8.8.15 version. The admin gui and user gui is working. I configured the Active directory connection from admin gui -> configuration ->Domains and checked is succes. And I added new user to zimbra also exist Active directory user,
that user login with active directory user password with user gui at zimbra. And I want to use auto-provising eager mode because I have 2000 user in active directory and I can't create all user at zimbra by manuel.
So I create the file /srv/autoprovision.zmp
md domain.name zimbraAutoProvAccountNameMap sAMAccountName
md domain.name zimbraAutoProvBatchSize 20
md domain.name zimbraAutoProvLdapAdminBindDn "CN=Administrator,OU=Birimler,DC=domain,DC=name"
md domain.name zimbraAutoProvLdapAdminBindPassword "password"
md domain.name zimbraAutoProvLdapBindDn "dc=domain,dc=name"
md domain.name zimbraAutoProvLdapSearchBase "dc=domain,dc=name"
md domain.name zimbraAutoProvLdapSearchFilter (&(sAMAccountName=%u))
md domain.name zimbraAutoProvLdapStartTlsEnabled FALSE
md domain.name zimbraAutoProvLdapURL "ldap://dc_ip:389"
md domain.name zimbraAutoProvMode EAGER
md domain.name zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md domain.name zimbraAutoProvNotificationSubject "New account auto provisioned"
ms eposta.domain.name zimbraAutoProvPollingInterval 1m
ms eposta.domain.name zimbraAutoProvScheduledDomains "domain.name"
then I ran this command
zmprov < /srv/autoprovision.zmp
It successed.
When I checked /opt/zimbra/log/mailbox.log file , I saw this lines
2019-09-11 16:02:00,618 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:02:07,783 INFO [MailboxPurge] [name=ham.obgqxll8@domain.name;mid=7;] purge - Purging messages.
2019-09-11 16:03:00,620 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain domain.name
2019-09-11 16:03:00,635 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain domain.name
com.zimbra.cs.ldap.LdapException: LDAP error: - unable to get connection: ldap host=: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@
ExceptionId:AutoProvision:1568206980633:4c915c57e7399717
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(UBIDLdapException.java:84)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:243)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:209)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.<init>(UBIDLdapContext.java:181)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.getExternalContextImpl(UBIDLdapClient.java:106)
at com.zimbra.cs.ldap.LdapClient.getExternalContext(LdapClient.java:174)
at com.zimbra.cs.account.ldap.AutoProvision.searchAutoProvDirectory(AutoProvision.java:642)
at com.zimbra.cs.account.ldap.AutoProvisionEager.searchAccounts(AutoProvisionEager.java:251)
at com.zimbra.cs.account.ldap.AutoProvisionEager.createAccountBatch(AutoProvisionEager.java:152)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleBatch(AutoProvisionEager.java:132)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleScheduledDomains(AutoProvisionEager.java:103)
at com.zimbra.cs.account.ldap.LdapProvisioning.autoProvAccountEager(LdapProvisioning.java:1197)
at com.zimbra.cs.account.AutoProvisionThread.run(AutoProvisionThread.java:150)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment:$
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(LDAPConnectionPool.java:1399)
at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$GetConnection.execute(UBIDLdapOperation.java:189)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:200)
... 10 more
2019-09-11 16:03:00,636 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:03:07,800 INFO [MailboxPurge] [name=admin@domain.name;mid=2;] purge - Purging messages.
2019-09-11 16:03:31,759 INFO [qtp1010670443-6043:https://10.0.47.38:7071/service/admin/soap/NoOpRequest] [name=admin@domain.name;mid=2;ip=10.0.110.29;port=52339;ua=ZimbraWebClient - GC76 (Win);soapId=525b32bb;] soap - NoOpReques$
I didn't found the solve . I tried many many method.
*I tried this commands but not work
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmcontrol restart
*I tried ldap port number change 389 to 3268 but not work.
I'm using zimbra 8.8.15 version. The admin gui and user gui is working. I configured the Active directory connection from admin gui -> configuration ->Domains and checked is succes. And I added new user to zimbra also exist Active directory user,
that user login with active directory user password with user gui at zimbra. And I want to use auto-provising eager mode because I have 2000 user in active directory and I can't create all user at zimbra by manuel.
So I create the file /srv/autoprovision.zmp
md domain.name zimbraAutoProvAccountNameMap sAMAccountName
md domain.name zimbraAutoProvBatchSize 20
md domain.name zimbraAutoProvLdapAdminBindDn "CN=Administrator,OU=Birimler,DC=domain,DC=name"
md domain.name zimbraAutoProvLdapAdminBindPassword "password"
md domain.name zimbraAutoProvLdapBindDn "dc=domain,dc=name"
md domain.name zimbraAutoProvLdapSearchBase "dc=domain,dc=name"
md domain.name zimbraAutoProvLdapSearchFilter (&(sAMAccountName=%u))
md domain.name zimbraAutoProvLdapStartTlsEnabled FALSE
md domain.name zimbraAutoProvLdapURL "ldap://dc_ip:389"
md domain.name zimbraAutoProvMode EAGER
md domain.name zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md domain.name zimbraAutoProvNotificationSubject "New account auto provisioned"
ms eposta.domain.name zimbraAutoProvPollingInterval 1m
ms eposta.domain.name zimbraAutoProvScheduledDomains "domain.name"
then I ran this command
zmprov < /srv/autoprovision.zmp
It successed.
When I checked /opt/zimbra/log/mailbox.log file , I saw this lines
2019-09-11 16:02:00,618 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:02:07,783 INFO [MailboxPurge] [name=ham.obgqxll8@domain.name;mid=7;] purge - Purging messages.
2019-09-11 16:03:00,620 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain domain.name
2019-09-11 16:03:00,635 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain domain.name
com.zimbra.cs.ldap.LdapException: LDAP error: - unable to get connection: ldap host=: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@
ExceptionId:AutoProvision:1568206980633:4c915c57e7399717
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(UBIDLdapException.java:84)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:243)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:209)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.<init>(UBIDLdapContext.java:181)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.getExternalContextImpl(UBIDLdapClient.java:106)
at com.zimbra.cs.ldap.LdapClient.getExternalContext(LdapClient.java:174)
at com.zimbra.cs.account.ldap.AutoProvision.searchAutoProvDirectory(AutoProvision.java:642)
at com.zimbra.cs.account.ldap.AutoProvisionEager.searchAccounts(AutoProvisionEager.java:251)
at com.zimbra.cs.account.ldap.AutoProvisionEager.createAccountBatch(AutoProvisionEager.java:152)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleBatch(AutoProvisionEager.java:132)
at com.zimbra.cs.account.ldap.AutoProvisionEager.handleScheduledDomains(AutoProvisionEager.java:103)
at com.zimbra.cs.account.ldap.LdapProvisioning.autoProvAccountEager(LdapProvisioning.java:1197)
at com.zimbra.cs.account.AutoProvisionThread.run(AutoProvisionThread.java:150)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment:$
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(LDAPConnectionPool.java:1399)
at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$GetConnection.execute(UBIDLdapOperation.java:189)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:200)
... 10 more
2019-09-11 16:03:00,636 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
2019-09-11 16:03:07,800 INFO [MailboxPurge] [name=admin@domain.name;mid=2;] purge - Purging messages.
2019-09-11 16:03:31,759 INFO [qtp1010670443-6043:https://10.0.47.38:7071/service/admin/soap/NoOpRequest] [name=admin@domain.name;mid=2;ip=10.0.110.29;port=52339;ua=ZimbraWebClient - GC76 (Win);soapId=525b32bb;] soap - NoOpReques$
I didn't found the solve . I tried many many method.
*I tried this commands but not work
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmcontrol restart
*I tried ldap port number change 389 to 3268 but not work.