Hello,
I'm curious if accounts can be autocreated simply by adding an entry for the user in LDAP. We use Novell eDirectory on our internal network (which is just glorified ldap really). For security reasons we don't really want stuff in our DMZ with access internally to authenticate. Therefro we have a program called Novell Identity Manager. This uses eDirectory as a "identity store", and when I add or modify users, it populates an OpenLDAP tree with the same information. You do this through defining attribute mappings, since novell can sometimes have different names for attributes, and other rules you can create that will like automaticly add attributes to a user that a specific application may need.
We had this working in our current method of Cyrus + eGroupware since cyrus has autocreateinbox upon successful authentication and eGroupware can auto create users and assign them to a default group upon authentication.
So my question is, if I can make it so when a new user is added to our internal novell edirectory the user is created in teh zimbra ldap tree under ou=poeple complete with all the needed attributes like zimbraMailTransport, etc... will zimbra recognize them when they try to login? Or is there more going on behind the scenes when you add a user through the UI than just creating them in the ldap tree.
Thanks for any help!
Auto Creating accounts through LDAP
Auto Creating accounts through LDAP
I'm also interested in this - it would be much cleaner to just create a new LDAP record than to spawn an external zmprov process, which is the only other way I can see of creating new users in an automated fashion.
Bdial - have you actually tried this to see what happens?
Bdial - have you actually tried this to see what happens?
Auto Creating accounts through LDAP
You'll need to provision them with a script, at the moment. There are a couple of threads, IIRC, in the forums about this. There's also an RFE in bugzilla for auto provisioning - search and vote. 
Auto Creating accounts through LDAP
[quote user="10330phoenix"]You'll need to provision them with a script, at the moment. There are a couple of threads, IIRC, in the forums about this. There's also an RFE in bugzilla for auto provisioning - search and vote. [/QUOTE]
Will do.
I've found com.zimbra.cs.account.ProvUtil, which is the actual zmprov command... seems that the best way (for now) to handle automated provisioning is going to be to use the java class directly, rather than spawn an external process of zmprov. Obviously, with a java system, that isn't a problem. Should be reasonably easy with PHP too, now that it has support for using Java classes.
Still, I'd have like to have just been able to populate my LDAP directory, so my provisioning would effectively be completely decoupled from Zimbra - and it would be usable with a load of LDAP utilities that already exist... which is good for Zimbra - makes it easier for admins to manage, and less of a barrier to entry
[/QUOTE]Will do.
I've found com.zimbra.cs.account.ProvUtil, which is the actual zmprov command... seems that the best way (for now) to handle automated provisioning is going to be to use the java class directly, rather than spawn an external process of zmprov. Obviously, with a java system, that isn't a problem. Should be reasonably easy with PHP too, now that it has support for using Java classes.
Still, I'd have like to have just been able to populate my LDAP directory, so my provisioning would effectively be completely decoupled from Zimbra - and it would be usable with a load of LDAP utilities that already exist... which is good for Zimbra - makes it easier for admins to manage, and less of a barrier to entry
Auto Creating accounts through LDAP
Leesbian,
I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.
Were you able to resolve your LDAP provisioning issues? If so, what route did you take?
Thanks.
I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.
Were you able to resolve your LDAP provisioning issues? If so, what route did you take?
Thanks.
Auto Creating accounts through LDAP
[quote user="jslilly"]Leesbian,
I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.
Were you able to resolve your LDAP provisioning issues? If so, what route did you take?
Thanks.[/QUOTE]
I've found details of the SOAP API which has commands for creating and modifying accounts, so we're going to use that for now. Once we've got that working, and I have the time I'm going to investigate the LDAP further, although I need to pull apart the ProvUtil to see if it really does do anything else other than create and modify LDAP entries.
I may end up having to create some form of LDAP->Zimbra proxy that doesn't synchronise LDAP per se, but modifies/creates/deletes accounts using the Zimbra SOAP API based on the external LDAP directory.
If I get any further, I'll let you know
I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.
Were you able to resolve your LDAP provisioning issues? If so, what route did you take?
Thanks.[/QUOTE]
I've found details of the SOAP API which has commands for creating and modifying accounts, so we're going to use that for now. Once we've got that working, and I have the time I'm going to investigate the LDAP further, although I need to pull apart the ProvUtil to see if it really does do anything else other than create and modify LDAP entries.
I may end up having to create some form of LDAP->Zimbra proxy that doesn't synchronise LDAP per se, but modifies/creates/deletes accounts using the Zimbra SOAP API based on the external LDAP directory.
If I get any further, I'll let you know
Auto Creating accounts through LDAP
After further review, it looks like the SOAP API will need to be our solution as well. However, I am having difficulty finding any information about the API (other than the fact that it exists). Have you found any decent references?
Thanks again.
Thanks again.
Auto Creating accounts through LDAP
[quote user="jslilly"]After further review, it looks like the SOAP API will need to be our solution as well. However, I am having difficulty finding any information about the API (other than the fact that it exists). Have you found any decent references?
Thanks again.[/QUOTE]
No, I haven't - it's why it took me so long to come up with this solution
Zimbra really need to get the SOAP API properly documented, and some form of PDF manual placed online, with examples (or even something similar to the flickr API documentation).
Apparently there is a REST API too, but I've only found 1 or 2 examples of its usage...
I think the best you can hope for is looking in /opt/zimbra/doc - but apparently these docs (in .txt format ) are only available if you've installed Network edition.
Thanks again.[/QUOTE]
No, I haven't - it's why it took me so long to come up with this solution
Zimbra really need to get the SOAP API properly documented, and some form of PDF manual placed online, with examples (or even something similar to the flickr API documentation).
Apparently there is a REST API too, but I've only found 1 or 2 examples of its usage...
I think the best you can hope for is looking in /opt/zimbra/doc - but apparently these docs (in .txt format
) are only available if you've installed Network edition. Auto Creating accounts through LDAP
There appear to be a number of people experiencing similar frustration.
I have just downloaded the Network Edition. I will install my OS (Ubuntu 6.0.6 Server) after my memory check completes. Once that is done, I will install Zimbra and hopefully be able to find something. I will update this thread if I find anything.
Please update this thread while you (hopefully!) progress as well. Who knows, maybe we can come up with something informal to save others the same trouble.
Kind regards.
I have just downloaded the Network Edition. I will install my OS (Ubuntu 6.0.6 Server) after my memory check completes. Once that is done, I will install Zimbra and hopefully be able to find something. I will update this thread if I find anything.
Please update this thread while you (hopefully!) progress as well. Who knows, maybe we can come up with something informal to save others the same trouble.
Kind regards.