Integrate With Active Directory

[m3ds0]

Hi mates,

I'm trying to integrate the Zimbra With active directory (2016) and everything works fine but two things, first autoprov, the problem is(actually I think it's an old problem) after first user auto provisioning the new users are not sync with zimbra.

I figured out it's about the search filter:
filter=[(&(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(memberOf=CN=Mail,CN=Users,DC=mydomain,DC=local))(createTimestamp>=20200717195253.084Z))
"createTimestamp>=20200717195253.084Z" this part never gonna have result, I know i can change the zimbraAutoProvLastPolledTimestamp but it is not the right way.

And the second problem is User changes, for example I change the user's first name or change phone number,the changes are not append in Zimbra.

Does anyone have solution ?

Regards

[danielb]

I had the same issue with autoprov, so I wrote my own script to sync users, and groups https://git.fws.fr/dani/zimbra/src/bran ... zmldapsync

[m3ds0]

Thank you for your reply, I'll test this solution as soon as possible.

Regards

[josephstacklin]

Sorry to resurrect a dead topic but I am trying to install this but have no idea what I am doing. I created the .py file but it says it doesn't exist. Please help!

[danielb]

Sorry to resurrect a dead topic but I am trying to install this but have no idea what I am doing. I created the .py file but it says it doesn't exist. Please help!

There's no python script. My solution is perl based. The doc to set it up is available here : https://git.fws.fr/dani/zimbra/src/bran ... zmldapsync

[zimico]

Dear Danielb,

Could you share the way we need to prepare the environment before running the scripts? Do we need to install any yaml package on Centos 7?
My current environment:
- Centos 7 basic.
- Zimbra 9 NE.
When running the zmldapsync.pl script, there is an error as the below:

Code: Select all

[root@mail scripts]# ./zmldapsync.pl --config /opt/scripts/zmldapsync.yml --dry-run
Can't locate YAML/Tiny.pm in @INC (@INC contains: /opt/zimbra/common/lib/perl5/x86_64-linux-thread-multi /opt/zimbra/common/lib/perl5 /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./zmldapsync.pl line 7, <DATA> line 755.
BEGIN failed--compilation aborted at ./zmldapsync.pl line 7, <DATA> line 755.

Best regards,
Minh.

[danielb]

Hi. All the dependencies should be easily available as RPM (you need to enable the EPEL repo). Here's the list of packages you need :

Code: Select all

yum install perl-LDAP perl-YAML-Tiny perl-Data-UUID perl-String-ShellQuote perl-Array-Diff perl-List-MoreUtils perl-Hash-Merge-Simple perl-Text-Unidecode perl-Email-MIME perl-Email-Sender

Also, the project URL is now https://git.lapiole.org/dani/zimbra/src ... zmldapsync (the old URL is still up but I do not control it anymore as I quit my previous employer)

[danielb]

Also : I have only tested the synchro with Zimbra OSE, I'm interested in any feedback against the NE edition

[zimico]

Hello Danielb,

Thank for your kind reply with useful info. Now I can run the script and users as well as distribution list are synced from AD. It's great, Danielb!
Because i configure AD authentication so when an account is disabled in AD, end user can not login zimbra using this account. Do you think that it is useful if we can sync the account status from AD to zimbra also?

zmldapsync only creates distribution list members when group type in AD is distribution and not security. I think it's better if in the configuration file we have additional option setting to allow sync and create meember for security group also.

I'm very glad if you share your thought about zimbra autoprovisioning and zmldapsync approach?

Many thank and best regards,
Minh.

[zimico]

Hi Danielb,
After script finishes, I see that the terminal is hang. This does not happen when we re-run the script in new terminal.
Best regards,
Minh.