Hi,
I'm testing Eager autprovisioning mode for the first time (i always used Lazy). So I configured so it will only create users that are member of a specific AD group. For testing purposes, I created 2 AD users that are part of that group. One of the users is disabled in AD and other is enabled.
Right after enabling the autoprovisioing, it worked, it created the user in Zimbra as intended (while ignoring the AD disabled one). Then, for testing, I deleted that account in Zimbra to see if it was recreated, but that never happened. Then I tried enabling the second user in AD to see if Zimbra was able to provision that other account, but Zimbra did not provision that account either. I decided to create a 3rd account but Zimbra autoprovision script fails to detect any account. All of the accounts are in the same OU
zmcontrol -v
Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 NETWORK edition.
Extract from /opt/zimbra/log/mailbox.log that shows when the 1st user was succesfully created rigth after enabling the autoprovisioning.
2017-08-17 10:14:59,230 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-17 13:44:51,396 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 12:12:33,512 INFO [Thread-12] [] autoprov - shutdown() called, but auto provision thread is not running.
2017-08-18 13:31:47,912 INFO [qtp127618319-563:https:https://localhost:7071/service/admin/soap/ModifyServerRequest] [name=zimbra;ua=zmprov/8.7.11_GA_1854;] autoprov - Starting auto provision thread with sleep interval 1m.
2017-08-18 13:31:47,931 INFO [AutoProvision] [] autoprov - Auto provision thread sleeping for 300000ms before doing work.
2017-08-18 13:36:47,963 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
2017-08-18 13:36:47,980 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: ne1@example.com, dn="CN=ne1 ne1,OU=Pruebas Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=example,DC=com"
2017-08-18 13:36:48,001 INFO [AutoProvision] [] autoprov - auto provisioned account: ne1@example.com
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - auto provision notification sent rcpt='ne1@example.com' Message-ID=<1879425459.1.1503056208140.JavaMail.zimbra@srvzstore01.example.com>
2017-08-18 13:36:48,702 WARN [AutoProvision] [] autoprov - EAGER mode should configure zimbraAutoProvListenerClass
2017-08-18 13:36:48,702 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20170818113647.967Z
2017-08-18 13:36:48,709 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
All I can see now in logs regarding autoprovision is just the message saying that it ran and found no new account to provision. Is like it only worked the first time...idk.
This is the configuration for the autoprovision.
zimbraAutoProvAccountNameMap "sAMAccountName"
zimbraAutoProvAttrMap "sn=sn"
+zimbraAutoProvAttrMap "description=description"
+zimbraAutoProvAttrMap "cn=displayName"
+zimbraAutoProvAttrMap "givenName=givenName"
zimbraAutoProvBatchSize "20"
zimbraAutoProvLdapAdminBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapAdminBindPassword "password"
zimbraAutoProvLdapBindDn "cn=Zimbra,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchBase "OU=dominio,DC=dominio,DC=org"
zimbraAutoProvLdapSearchFilter "(&(&(objectclass=user)(objectcategory=person)(memberOf=cn=Zimbra NE,OU=Externs,OU=AJUNTAMENT,OU=dominio,DC=dominio,DC=org))(!(userAccountControl=514))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
zimbraAutoProvLdapURL "ldap://dominio.org:389"
zimbraAutoProvMode "EAGER"
zimbraAutoProvNotificationFromAddress "admin@dominio.org"
zimbraAutoProvNotificationSubject "Nueva cuenta de correo"
zimbraAutoProvPollingInterval "1m"
zimbraAutoProvScheduledDomains "dominio.org"
[Solved] Autoprovision stoppped working
-
pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
[Solved] Autoprovision stoppped working
Last edited by pup_seba on Sun Sep 23, 2018 10:04 pm, edited 1 time in total.
-
pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
Re: Autoprovision stoppped working
Hi,
Well, I've got a response from Zimbra support (I've opened a ticket at the same time I posted here). It seems that in older Zimbra versions, there was this bug that had the exact same behavior I'm seeing in this newer zimbra version. The workaround was to execute:
zmprov md example.com zimbraAutoProvLastPolledTimestamp ""
I reviewed my configuration again and it was all good, so I applied that workaround. The effect was immediate, as at the very next cicle of the 1m autoprovisioning loop, the accounts were created as intended.
Hope this helps someone.
Regards,
Well, I've got a response from Zimbra support (I've opened a ticket at the same time I posted here). It seems that in older Zimbra versions, there was this bug that had the exact same behavior I'm seeing in this newer zimbra version. The workaround was to execute:
zmprov md example.com zimbraAutoProvLastPolledTimestamp ""
I reviewed my configuration again and it was all good, so I applied that workaround. The effect was immediate, as at the very next cicle of the 1m autoprovisioning loop, the accounts were created as intended.
Hope this helps someone.
Regards,
Last edited by pup_seba on Sun Sep 23, 2018 10:02 pm, edited 1 time in total.
-
jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: [Solved] Autoprovision stoppped working
Thank you Sebas for let us know.
Cheers
Cheers