Zimbra9 autoprovision bug

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Zimbra9 autoprovision bug

Post by arukashi »

Hi!
I have configured account autoprovision against MS AD with several domain controller on Zimbra9

Code: Select all

Release 9.0.0.ZEXTRAS.20211118.UBUNTU18.64 UBUNTU18_64 FOSS edition.
It works like charm, but only when account created directly on controller which is populated in zimbraAutoProvLdapURL. When i create AD account, for example, on DC 192.168.1.2, after replication to 192.168.1.1 Zimbra doesn't recognize replicated account as new.

Code: Select all

zimbraAutoProvAccountNameMap: someattribute
zimbraAutoProvAttrMap: distinguishedName=zimbraAuthLdapExternalDn
zimbraAutoProvAttrMap: displayName=displayName
zimbraAutoProvAttrMap: givenName=givenName
zimbraAutoProvAttrMap: cn=cn
zimbraAutoProvAttrMap: sn=sn
zimbraAutoProvAttrMap: description=description
zimbraAutoProvAuthMech: LDAP
zimbraAutoProvBatchSize: 1000
zimbraAutoProvLastPolledTimestamp: 20220803134343.953Z
zimbraAutoProvLdapAdminBindDn: ldapstring
zimbraAutoProvLdapAdminBindPassword: pass
zimbraAutoProvLdapBindDn: zimbra@domain.example
zimbraAutoProvLdapSearchBase: dc=domain,dc=example
zimbraAutoProvLdapSearchFilter: (memberOf=CN=group,DC=domain,DC=example)
zimbraAutoProvLdapURL: ldap://192.168.1.1:3268
zimbraAutoProvMode: EAGER
Of course I could delete zimbraAutoProvLastPolledTimestamp value and autoprovisiong will start again, but i don't like Zimbra trying to create all of the filter matches so logs will be full of this unsuccessful attempts.

So my question are:
1. How do Zimbra determine wheher account new or not?
2. Is this some kind of bug or LDAP constraints?
3. Can i set multiple zimbraAutoProvLdapURL values?

Thanks in advance.
Last edited by arukashi on Thu Aug 04, 2022 6:02 am, edited 1 time in total.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra9 autoprovision bug

Post by phoenix »

You should always give your Zimbra version by posting the full output of the following command:

Code: Select all

zmcontrol -v
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Re: Zimbra9 autoprovision bug

Post by arukashi »

phoenix wrote:You should always give your Zimbra version by posting the full output of the following command:

Code: Select all

zmcontrol -v
Here is the full output of command above

Code: Select all

Release 9.0.0.ZEXTRAS.20211118.UBUNTU18.64 UBUNTU18_64 FOSS edition.
Edited initial post also.
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Re: Zimbra9 autoprovision bug

Post by arukashi »

bump post.
Lurking problem in the internet didn't give much information.
danielb
Posts: 35
Joined: Mon Jul 15, 2019 6:08 pm

Re: Zimbra9 autoprovision bug

Post by danielb »

You can have a look at my zmldapsync script. I found the provisioning support in Zimbra far too limited, so I wrote it, it provides a lot more features and can probably work around this specific issue
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra9 autoprovision bug

Post by phoenix »

arukashi wrote:

Code: Select all

Release 9.0.0.ZEXTRAS.20211118.UBUNTU18.64 UBUNTU18_64 FOSS edition.
That version of Zimbra is almost a year old, you need to keep ZCS up-to-date and I'd suggest you update it ASAP especially when we have this sort of problem in the wild: viewtopic.php?f=15&t=71058
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Re: Zimbra9 autoprovision bug

Post by arukashi »

danielb wrote:You can have a look at my zmldapsync script. I found the provisioning support in Zimbra far too limited, so I wrote it, it provides a lot more features and can probably work around this specific issue
Thanks, i'll take a look at your work.
But i am very curious about how Zimbra AutoProvision mechanism decides whether create new account or not. Maybe it compares AD account creation and update timestamp?

phoenix wrote:
arukashi wrote:

Code: Select all

Release 9.0.0.ZEXTRAS.20211118.UBUNTU18.64 UBUNTU18_64 FOSS edition.
That version of Zimbra is almost a year old, you need to keep ZCS up-to-date and I'd suggest you update it ASAP especially when we have this sort of problem in the wild: viewtopic.php?f=15&t=71058
Thanks, will do it. Anyway, there is no such fix about autoprovision though. As far as i know, my problem with autoprovision lasts since Zimbra was born
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Re: Zimbra9 autoprovision bug

Post by arukashi »

arukashi wrote:That version of Zimbra is almost a year old, you need to keep ZCS up-to-date and I'd suggest you update it ASAP especially when we have this sort of problem in the wild: viewtopic.php?f=15&t=71058
Did update yesterday morning

Code: Select all

Release 9.0.0.ZEXTRAS.20220713.UBUNTU18.64 UBUNTU18_64 FOSS edition.
doesn't make any difference to my autoprovision problem. So my question still remains, why AD account which has been replicated to another DC not seen visible to Zimbra as new.
arukashi
Posts: 12
Joined: Wed Aug 03, 2022 3:09 pm

Re: Zimbra9 autoprovision bug

Post by arukashi »

Bump!
Update didn't helped at all
Post Reply