Integrate With Active Directory

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
m3ds0
Posts: 14
Joined: Fri Sep 28, 2018 8:32 am
Location: #!/dev/null

Integrate With Active Directory

Post by m3ds0 »

Hi mates,

I'm trying to integrate the Zimbra With active directory (2016) and everything works fine but two things, first autoprov, the problem is(actually I think it's an old problem) after first user auto provisioning the new users are not sync with zimbra.

I figured out it's about the search filter:
filter=[(&(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(memberOf=CN=Mail,CN=Users,DC=mydomain,DC=local))(createTimestamp>=20200717195253.084Z))
"createTimestamp>=20200717195253.084Z" this part never gonna have result, I know i can change the zimbraAutoProvLastPolledTimestamp but it is not the right way.

And the second problem is User changes, for example I change the user's first name or change phone number,the changes are not append in Zimbra.

Does anyone have solution ?

Regards
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Re: Integrate With Active Directory

Post by danielb »

I had the same issue with autoprov, so I wrote my own script to sync users, and groups https://git.fws.fr/dani/zimbra/src/bran ... zmldapsync
User avatar
m3ds0
Posts: 14
Joined: Fri Sep 28, 2018 8:32 am
Location: #!/dev/null

Re: Integrate With Active Directory

Post by m3ds0 »

Thank you for your reply, I'll test this solution as soon as possible.

Regards
josephstacklin
Posts: 1
Joined: Sun Feb 07, 2021 11:38 pm

Re: Integrate With Active Directory

Post by josephstacklin »

Sorry to resurrect a dead topic but I am trying to install this but have no idea what I am doing. I created the .py file but it says it doesn't exist. Please help!
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Re: Integrate With Active Directory

Post by danielb »

josephstacklin wrote:Sorry to resurrect a dead topic but I am trying to install this but have no idea what I am doing. I created the .py file but it says it doesn't exist. Please help!
There's no python script. My solution is perl based. The doc to set it up is available here : https://git.fws.fr/dani/zimbra/src/bran ... zmldapsync
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Integrate With Active Directory

Post by zimico »

Dear Danielb,

Could you share the way we need to prepare the environment before running the scripts? Do we need to install any yaml package on Centos 7?
My current environment:
- Centos 7 basic.
- Zimbra 9 NE.
When running the zmldapsync.pl script, there is an error as the below:

Code: Select all

[root@mail scripts]# ./zmldapsync.pl --config /opt/scripts/zmldapsync.yml --dry-run
Can't locate YAML/Tiny.pm in @INC (@INC contains: /opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi /opt/zimbra/common/lib/perl5 /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./zmldapsync.pl line 7, <DATA> line 755.
BEGIN failed--compilation aborted at ./zmldapsync.pl line 7, <DATA> line 755.
Best regards,
Minh.
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Re: Integrate With Active Directory

Post by danielb »

Hi. All the dependencies should be easily available as RPM (you need to enable the EPEL repo). Here's the list of packages you need :

Code: Select all

yum install perl-LDAP perl-YAML-Tiny perl-Data-UUID perl-String-ShellQuote perl-Array-Diff perl-List-MoreUtils perl-Hash-Merge-Simple perl-Text-Unidecode perl-Email-MIME perl-Email-Sender

Also, the project URL is now https://git.lapiole.org/dani/zimbra/src ... zmldapsync (the old URL is still up but I do not control it anymore as I quit my previous employer)
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Re: Integrate With Active Directory

Post by danielb »

Also : I have only tested the synchro with Zimbra OSE, I'm interested in any feedback against the NE edition :-)
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Integrate With Active Directory

Post by zimico »

Hello Danielb,

Thank for your kind reply with useful info. Now I can run the script and users as well as distribution list are synced from AD. It's great, Danielb!
Because i configure AD authentication so when an account is disabled in AD, end user can not login zimbra using this account. Do you think that it is useful if we can sync the account status from AD to zimbra also?

zmldapsync only creates distribution list members when group type in AD is distribution and not security. I think it's better if in the configuration file we have additional option setting to allow sync and create meember for security group also.

I'm very glad if you share your thought about zimbra autoprovisioning and zmldapsync approach?

Many thank and best regards,
Minh.
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Integrate With Active Directory

Post by zimico »

Hi Danielb,
After script finishes, I see that the terminal is hang. This does not happen when we re-run the script in new terminal.
Best regards,
Minh.
Post Reply