How to configure auto-provisioning with AD: Difference between revisions
Line 57: | Line 57: | ||
For the last two entries starting with '''ms''', you have to use your server's fqdn. | For the last two entries starting with '''ms''', you have to use your server's fqdn. | ||
---- | |||
'''2. | '''2. Execute the file:''' | ||
$ zmprov < /tmp/autoprov.txt | $ zmprov < /tmp/autoprov.txt | ||
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging '''debug''']]. Ideally you have to see the following output in normal logging mode: | To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging '''debug''']]. | ||
:Ideally you have to see the following output in normal logging mode: | |||
*before adding entries in AD | *before adding entries in AD |
Revision as of 15:45, 16 September 2015
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- For more information on how to configure Zimbra with AD, please check the following link: [link]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
For the last two entries starting with ms, you have to use your server's fqdn.
2. Execute the file:
$ zmprov < /tmp/autoprov.txt
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [debug].
- Ideally you have to see the following output in normal logging mode:
- before adding entries in AD
- 2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
- 2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
- after adding new entries
- 2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
- 2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@azmo.com, dn="CN=test,OU=zimbrausers,DC=azmo,DC=com"
- 2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
- 2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
More information
IN PROGRESS
How to configure auto-provisioning (autoprov) with AD
Zimbra auto-provisioining
- This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).
- For more information on how to configure Zimbra with AD, please check the following link: [link]
Solution
1. Create a file with the following entries:
$ vim /tmp/autoprov.txt
- md example.com zimbraAutoProvAccountNameMap "samAccountName"
- md example.com zimbraAutoProvAttrMap description=description
- md example.com zimbraAutoProvAttrMap cn=displayName
- md example.com zimbraAutoProvAttrMap givenName=givenName
- md example.com zimbraAutoProvAttrMap sn=displayName
- md example.com zimbraAutoProvAuthMech LDAP
- md example.com zimbraAutoProvBatchSize 40
- md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
- md example.com zimbraAutoProvLdapAdminBindPassword secret
- md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
- md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
- md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
- md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
- md example.com zimbraAutoProvMode EAGER
- md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
- md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
- md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
- ms server.example.com zimbraAutoProvPollingInterval "1m"
- ms server.example.com +zimbraAutoProvScheduledDomains "example.com"
The options are self-explanatory. The ones that you might want to change according to your environment are:
- zimbraAutoProvLdapAdminBindDn
- zimbraAutoProvLdapAdminBindPassword
- zimbraAutoProvLdapSearchBase
- zimbraAutoProvLdapURL
2. To execute the file run:
$ zmprov < /tmp/autoprov.txt
More information
IN PROGRESS