How to configure auto-provisioning with AD: Difference between revisions
(Created page with "<!-- Please enter the name of your article, and the Zimbra Collaboration versions where you tested it. Add the Tag {{WIP}} after the Header if you want to indicate that the W...") |
No edit summary |
||
Line 79: | Line 79: | ||
==== More information ==== | |||
= IN PROGRESS = | |||
<!-- Footer --> | |||
{{Article Footer|Zimbra Collaboration XXX, XXX |04/16/2014}} | |||
<!-- Please enter the name of your article, and the | |||
Zimbra Collaboration versions where you tested it. | |||
Add the Tag {{WIP}} after the Header if you want to indicate that the Wiki/KB article is work in progress. | |||
At the footer, please add again the Zimbra Collaboration versions and the date when you create this Wiki. | |||
--> | |||
<!-- Header --> | |||
{{BC|Community Sandbox}} | |||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=How to configure auto-provisioning (autoprov) with AD= | |||
{{KB|{{Unsupported}}|{{ZCS XXX}}|{{ZCS XXX}}|}} | |||
<!-- Wiki/Article Body --> | |||
=== Zimbra auto-provisioining === | |||
---- | |||
; '''This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory). ''' : ''For more information on how to configure Zimbra with AD, please check the following link: [[https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory link]]'' | |||
==== Solution ==== | |||
'''1. Create a file with the following entries:''' | |||
$ vim /tmp/autoprov.txt | |||
:md example.com zimbraAutoProvAccountNameMap "samAccountName" | |||
:md example.com zimbraAutoProvAttrMap description=description | |||
:md example.com zimbraAutoProvAttrMap cn=displayName | |||
:md example.com zimbraAutoProvAttrMap givenName=givenName | |||
:md example.com zimbraAutoProvAttrMap sn=displayName | |||
:md example.com zimbraAutoProvAuthMech LDAP | |||
:md example.com zimbraAutoProvBatchSize 40 | |||
:md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com" | |||
:md example.com zimbraAutoProvLdapAdminBindPassword secret | |||
:md example.com zimbraAutoProvLdapBindDn "Administrator@example.com" | |||
:md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com" | |||
:md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)" | |||
:md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389" | |||
:md example.com zimbraAutoProvMode EAGER | |||
:md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}." | |||
:md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com | |||
:md example.com zimbraAutoProvNotificationSubject "New account auto provisioned" | |||
:ms server.example.com zimbraAutoProvPollingInterval "1m" | |||
:ms server.example.com +zimbraAutoProvScheduledDomains "example.com" | |||
The options are self-explanatory. The ones that you might want to change according to your environment are: | |||
:zimbraAutoProvLdapAdminBindDn | |||
:zimbraAutoProvLdapAdminBindPassword | |||
:zimbraAutoProvLdapSearchBase | |||
:zimbraAutoProvLdapURL | |||
'''2. To execute the file run:''' | |||
$ zmprov < /tmp/autoprov.txt | |||
Revision as of 15:42, 16 September 2015
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- For more information on how to configure Zimbra with AD, please check the following link: [link]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
For the last two entries starting with ms, you have to use your server's fqdn.
2. To execute the file run:
$ zmprov < /tmp/autoprov.txt
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [debug]. Ideally you have to see the following output in normal logging mode:
- before adding entries in AD
- 2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
- after adding new entries
- 2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@azmo.com, dn="CN=test,OU=zimbrausers,DC=azmo,DC=com"
- 2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
- 2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
More information
IN PROGRESS
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- For more information on how to configure Zimbra with AD, please check the following link: [link]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
2. To execute the file run:
$ zmprov < /tmp/autoprov.txt
More information
IN PROGRESS