Difference between revisions of "How to configure auto-provisioning with AD"

(How to configure auto-provisioning (autoprov) with AD)
(Zimbra auto-provisioining)
Line 35: Line 35:
 
:md example.com zimbraAutoProvAuthMech LDAP
 
:md example.com zimbraAutoProvAuthMech LDAP
 
:md example.com zimbraAutoProvBatchSize 40
 
:md example.com zimbraAutoProvBatchSize 40
:md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
+
:md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=example,DC=com"
 
:md example.com zimbraAutoProvLdapAdminBindPassword secret
 
:md example.com zimbraAutoProvLdapAdminBindPassword secret
 
:md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
 
:md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
:md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
+
:md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=example,dc=com"
 
:md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
 
:md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
 
:md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
 
:md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
Line 61: Line 61:
  
 
$ zmprov < /tmp/autoprov.txt
 
$ zmprov < /tmp/autoprov.txt
:prov> md azmo.com zimbraAutoProvAccountNameMap "samAccountName"
+
:prov> md example.com zimbraAutoProvAccountNameMap "samAccountName"
:prov> md azmo.com zimbraAutoProvAttrMap description=description
+
:prov> md example.com zimbraAutoProvAttrMap description=description
:prov> md azmo.com zimbraAutoProvAttrMap cn=displayName
+
:prov> md example.com zimbraAutoProvAttrMap cn=displayName
:prov> md azmo.com zimbraAutoProvAttrMap givenName=givenName
+
:prov> md example.com zimbraAutoProvAttrMap givenName=givenName
:prov> md azmo.com zimbraAutoProvAttrMap sn=displayName
+
:prov> md example.com zimbraAutoProvAttrMap sn=displayName
:prov> md azmo.com zimbraAutoProvAuthMech LDAP
+
:prov> md example.com zimbraAutoProvAuthMech LDAP
:prov> md azmo.com zimbraAutoProvBatchSize 40
+
:prov> md example.com zimbraAutoProvBatchSize 40
:prov> md azmo.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
+
:prov> md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
:prov> md azmo.com zimbraAutoProvLdapAdminBindPassword Zimbra1
+
:prov> md example.com zimbraAutoProvLdapAdminBindPassword Zimbra1
:prov> md azmo.com zimbraAutoProvLdapBindDn "Administrator@azmo.com"
+
:prov> md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
:prov> md azmo.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
+
:prov> md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
:prov> md azmo.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
+
:prov> md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
:prov> md azmo.com zimbraAutoProvLdapURL "ldap://192.168.56.70:389"
+
:prov> md example.com zimbraAutoProvLdapURL "ldap://192.168.56.70:389"
:prov> md azmo.com zimbraAutoProvMode EAGER
+
:prov> md example.com zimbraAutoProvMode EAGER
:prov> md azmo.com zimbraAutoProvNotificationBody "Your account has been auto provisioned.  Your email address is ${ACCOUNT_ADDRESS}."
+
:prov> md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned.  Your email address is ${ACCOUNT_ADDRESS}."
:prov> md azmo.com zimbraAutoProvNotificationFromAddress prov-admin@azmo.com
+
:prov> md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
:prov> md azmo.com zimbraAutoProvNotificationSubject "New account auto provisioned"
+
:prov> md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
:prov> ms nine.azmo.com zimbraAutoProvPollingInterval "1m"
+
:prov> ms nine.example.com zimbraAutoProvPollingInterval "1m"
:prov> ms nine.azmo.com +zimbraAutoProvScheduledDomains "azmo.com"
+
:prov> ms nine.example.com +zimbraAutoProvScheduledDomains "example.com"
 
 
  
 +
----
 
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging debug]].  
 
To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [[https://wiki.zimbra.com/wiki/Using_log4j_to_Configure_mailboxd_Logging debug]].  
 
:Ideally you have to see the following output in normal logging mode:  
 
:Ideally you have to see the following output in normal logging mode:  
  
 
*before adding entries in AD
 
*before adding entries in AD
:2015-07-09 03:22:00,484 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
+
:2015-07-09 03:22:00,484 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
 
:2015-07-09 03:22:00,490 INFO  [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
 
:2015-07-09 03:22:00,490 INFO  [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
 
:2015-07-09 03:22:00,490 INFO  [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
 
:2015-07-09 03:22:00,490 INFO  [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
  
 
*after adding new entries
 
*after adding new entries
:2015-07-09 03:26:00,546 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain azmo.com
+
:2015-07-09 03:26:00,546 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
 
:2015-07-09 03:26:00,553 INFO  [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
 
:2015-07-09 03:26:00,553 INFO  [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
:2015-07-09 03:26:00,553 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@azmo.com, dn="CN=test,OU=zimbrausers,DC=azmo,DC=com"
+
:2015-07-09 03:26:00,553 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@example.com, dn="CN=test,OU=zimbrausers,DC=example,DC=com"
 
:2015-07-09 03:26:00,558 INFO  [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
 
:2015-07-09 03:26:00,558 INFO  [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
 
:2015-07-09 03:26:00,565 INFO  [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.
 
:2015-07-09 03:26:00,565 INFO  [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.

Revision as of 15:53, 16 September 2015


How to configure auto-provisioning (autoprov) with AD

   KB 22329        Last updated on 2015-09-16  




5.00
(one vote)


Zimbra auto-provisioining


This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).  
More information on how to configure Zimbra with AD can be found: [here]


Solution


1. Create a file with the following entries:

$ vim /tmp/autoprov.txt

md example.com zimbraAutoProvAccountNameMap "samAccountName"
md example.com zimbraAutoProvAttrMap description=description
md example.com zimbraAutoProvAttrMap cn=displayName
md example.com zimbraAutoProvAttrMap givenName=givenName
md example.com zimbraAutoProvAttrMap sn=displayName
md example.com zimbraAutoProvAuthMech LDAP
md example.com zimbraAutoProvBatchSize 40
md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=example,DC=com"
md example.com zimbraAutoProvLdapAdminBindPassword secret
md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=example,dc=com"
md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
md example.com zimbraAutoProvMode EAGER
md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
ms server.example.com zimbraAutoProvPollingInterval "1m"
ms server.example.com +zimbraAutoProvScheduledDomains "example.com"


The options are self-explanatory. The ones that you might want to change according to your environment are:

zimbraAutoProvLdapAdminBindDn
zimbraAutoProvLdapAdminBindPassword
zimbraAutoProvLdapSearchBase
zimbraAutoProvLdapURL

For the last two entries starting with ms, you have to use your server's fqdn.


2. Execute the file:

$ zmprov < /tmp/autoprov.txt

prov> md example.com zimbraAutoProvAccountNameMap "samAccountName"
prov> md example.com zimbraAutoProvAttrMap description=description
prov> md example.com zimbraAutoProvAttrMap cn=displayName
prov> md example.com zimbraAutoProvAttrMap givenName=givenName
prov> md example.com zimbraAutoProvAttrMap sn=displayName
prov> md example.com zimbraAutoProvAuthMech LDAP
prov> md example.com zimbraAutoProvBatchSize 40
prov> md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
prov> md example.com zimbraAutoProvLdapAdminBindPassword Zimbra1
prov> md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
prov> md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
prov> md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
prov> md example.com zimbraAutoProvLdapURL "ldap://192.168.56.70:389"
prov> md example.com zimbraAutoProvMode EAGER
prov> md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
prov> md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
prov> md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
prov> ms nine.example.com zimbraAutoProvPollingInterval "1m"
prov> ms nine.example.com +zimbraAutoProvScheduledDomains "example.com"

To double check that the configuration is working, create a user in AD, and then follow the entries in /opt/zimbra/log/mailbox.log file. To be able to see more, enable [debug].

Ideally you have to see the following output in normal logging mode:
  • before adding entries in AD
2015-07-09 03:22:00,484 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result
2015-07-09 03:22:00,490 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022200.488Z
  • after adding new entries
2015-07-09 03:26:00,546 INFO [AutoProvision] [] autoprov - Auto provisioning accounts on domain example.com
2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - 1 external LDAP entries returned as search result
2015-07-09 03:26:00,553 INFO [AutoProvision] [] autoprov - auto creating account in EAGER mode: test@example.com, dn="CN=test,OU=zimbrausers,DC=example,DC=com"
2015-07-09 03:26:00,558 INFO [AutoProvision] [] autoprov - Auto Provisioning has finished for now, setting last polled timestamp: 20150709022600.550Z
2015-07-09 03:26:00,565 INFO [AutoProvision] [] autoprov - Sleeping for 60000 milliseconds.

More information

IN PROGRESS

Verified Against: Zimbra Collaboration XXX, XXX Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=How_to_configure_auto-provisioning_with_AD Date Modified: 2015-09-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »



How to configure auto-provisioning (autoprov) with AD

   KB 22329        Last updated on 2015-09-16  




5.00
(one vote)


Zimbra auto-provisioining


This article explains how to configure automatic user provisioning, if Zimbra is configured to use external LDAP (Active Directory).  
For more information on how to configure Zimbra with AD, please check the following link: [link]


Solution

1. Create a file with the following entries:

$ vim /tmp/autoprov.txt

md example.com zimbraAutoProvAccountNameMap "samAccountName"
md example.com zimbraAutoProvAttrMap description=description
md example.com zimbraAutoProvAttrMap cn=displayName
md example.com zimbraAutoProvAttrMap givenName=givenName
md example.com zimbraAutoProvAttrMap sn=displayName
md example.com zimbraAutoProvAuthMech LDAP
md example.com zimbraAutoProvBatchSize 40
md example.com zimbraAutoProvLdapAdminBindDn "CN=Administrator,CN=Users,DC=azmo,DC=com"
md example.com zimbraAutoProvLdapAdminBindPassword secret
md example.com zimbraAutoProvLdapBindDn "Administrator@example.com"
md example.com zimbraAutoProvLdapSearchBase "OU=zimbrausers,dc=azmo,dc=com"
md example.com zimbraAutoProvLdapSearchFilter "(cn=%u)"
md example.com zimbraAutoProvLdapURL "ldap://192.168.0.1:389"
md example.com zimbraAutoProvMode EAGER
md example.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md example.com zimbraAutoProvNotificationFromAddress prov-admin@example.com
md example.com zimbraAutoProvNotificationSubject "New account auto provisioned"
ms server.example.com zimbraAutoProvPollingInterval "1m"
ms server.example.com +zimbraAutoProvScheduledDomains "example.com"


The options are self-explanatory. The ones that you might want to change according to your environment are:

zimbraAutoProvLdapAdminBindDn
zimbraAutoProvLdapAdminBindPassword
zimbraAutoProvLdapSearchBase
zimbraAutoProvLdapURL


2. To execute the file run:

$ zmprov < /tmp/autoprov.txt


More information

IN PROGRESS

Verified Against: Zimbra Collaboration XXX, XXX Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=How_to_configure_auto-provisioning_with_AD Date Modified: 2015-09-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search