How to configure auto-provisioning with AD: Difference between revisions
Line 35: | Line 35: | ||
:md example.com zimbraAutoProvAuthMech LDAP | :md example.com zimbraAutoProvAuthMech LDAP | ||
:md example.com zimbraAutoProvBatchSize 40 | :md example.com zimbraAutoProvBatchSize 40 | ||
:md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC= | :md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=example,DC=com" | ||
:md example.com zimbraAutoProvLdapAdminBindPassword secret | :md example.com zimbraAutoProvLdapAdminBindPassword secret | ||
:md example.com zimbraAutoProvLdapBindDn "Administrator@example.com" | :md example.com zimbraAutoProvLdapBindDn "Administrator@example.com" | ||
:md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc= | :md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=example,dc=com" | ||
:md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)" | :md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)" | ||
:md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389" | :md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389" | ||
Line 61: | Line 61: | ||
$ zmprov < /tmp/autoprov.txt | $ zmprov < /tmp/autoprov.txt | ||
:prov> md | :prov> md example.com zimbraAutoProvAccountNameMap "samAccountName" | ||
:prov> md | :prov> md example.com zimbraAutoProvAttrMap description=description | ||
:prov> md | :prov> md example.com zimbraAutoProvAttrMap cn=displayName | ||
:prov> md | :prov> md example.com zimbraAutoProvAttrMap givenName=givenName | ||
:prov> md | :prov> md example.com zimbraAutoProvAttrMap sn=displayName | ||
:prov> md | :prov> md example.com zimbraAutoProvAuthMech LDAP | ||
:prov> md | :prov> md example.com zimbraAutoProvBatchSize 40 | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com" | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapAdminBindPassword Zimbra1 | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapBindDn "Administrator@example.com" | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com" | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)" | ||
:prov> md | :prov> md example.com zimbraAutoProvLdapURL "ldap://192.168.56.70:389" | ||
:prov> md | :prov> md example.com zimbraAutoProvMode EAGER | ||
:prov> md | :prov> md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}." | ||
:prov> md | :prov> md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com | ||
:prov> md | :prov> md example.com zimbraAutoProvNotificationSubject "New account auto provisioned" | ||
:prov> ms nine. | :prov> ms nine.example.com zimbraAutoProvPollingInterval "1m" | ||
:prov> ms nine. | :prov> ms nine.example.com +zimbraAutoProvScheduledDomains "example.com" | ||
---- | |||
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging debug]]. | To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging debug]]. | ||
:Ideally you have to see the following output in normal logging mode: | :Ideally you have to see the following output in normal logging mode: | ||
*before adding entries in AD | *before adding entries in AD | ||
:2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain | :2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com | ||
:2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result | :2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result | ||
:2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z | :2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z | ||
*after adding new entries | *after adding new entries | ||
:2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain | :2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com | ||
:2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result | :2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result | ||
:2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@ | :2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@example.com, dn="CN=test,OU=zimbrausers,DC=example,DC=com" | ||
:2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z | :2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z | ||
:2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds. | :2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds. |
Revision as of 15:53, 16 September 2015
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- More information on how to configure Zimbra with AD can be found: [here]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=example,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=example,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
For the last two entries starting with ms, you have to use your server's fqdn.
2. Execute the file:
$ zmprov < /tmp/autoprov.txt
- prov> md example.com zimbraAutoProvAccountNameMap "samAccountName"
- prov> md example.com zimbraAutoProvAttrMap description=description
- prov> md example.com zimbraAutoProvAttrMap cn=displayName
- prov> md example.com zimbraAutoProvAttrMap givenName=givenName
- prov> md example.com zimbraAutoProvAttrMap sn=displayName
- prov> md example.com zimbraAutoProvAuthMech LDAP
- prov> md example.com zimbraAutoProvBatchSize 40
- prov> md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- prov> md example.com zimbraAutoProvLdapAdminBindPassword Zimbra1
- prov> md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- prov> md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- prov> md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- prov> md example.com zimbraAutoProvLdapURL "ldap://192.168.56.70:389"
- prov> md example.com zimbraAutoProvMode EAGER
- prov> md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- prov> md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- prov> md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- prov> ms nine.example.com zimbraAutoProvPollingInterval "1m"
- prov> ms nine.example.com +zimbraAutoProvScheduledDomains "example.com"
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [debug].
- Ideally you have to see the following output in normal logging mode:
- before adding entries in AD
- 2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
- after adding new entries
- 2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@example.com, dn="CN=test,OU=zimbrausers,DC=example,DC=com"
- 2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
- 2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
More information
IN PROGRESS
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- For more information on how to configure Zimbra with AD, please check the following link: [link]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
2. To execute the file run:
$ zmprov < /tmp/autoprov.txt
More information
IN PROGRESS