How to configure auto-provisioning with dynamic DL: Difference between revisions

 
(23 intermediate revisions by the same user not shown)
Line 4: Line 4:
<!-- Wiki/Article Body -->
<!-- Wiki/Article Body -->


=== Zimbra auto-provisioining and dynamic distribution groups===
==Zimbra auto-provisioining and dynamic distribution groups==


; '''This article explains how to configure auto-provisioining, if Zimbra is configured to use external LDAP (Active Directory), and then move the newly created users to dynamic DL group/s ''' : ''More information on how to configure Zimbra with AD can be found: [[https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory  here]], and for auto-provisioning [[https://wiki.zimbra.com/wiki/How_to_configure_auto-provisioning_with_AD  here]]'''
; '''This article explains how to configure auto-provisioining, if Zimbra is configured to use external LDAP (Active Directory), and then move the newly created users to dynamic DL group/s ''' : ''More information on how to configure Zimbra with AD can be found: [[https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory  here]], and for auto-provisioning [[https://wiki.zimbra.com/wiki/How_to_configure_auto-provisioning_with_AD  here]]'''


==== Solution ====
===Solution===


The article assume that you have auto-provisioning already setup, and we will focus on the dynamic DL configuration and how it integrates into the auto-provisioning. If auto-provisioning is not setup, check the link above for more information.  
The article assume that you already have auto-provisioning set up, and we will focus on the dynamic DL configuration and how it integrates into the auto-provisioning. If auto-provisioning is not set up, check the link above for more information.  


==Creating dynamic DL==
====Brief overview of what we are going to do====
We will first set a dynamic DL in zimbra, then create a user in AD and test the configuration. The creation of the AD user includes specifying a value for a specific attribute, which will trigger the automatic selection of users to the dynamic DL in zimbra.


=====Step 1: Create dynamic DL=====
===Creating dynamic DL===
 
=====Step 1: =====


Open AdminUI and choose "Manage".
Open AdminUI and choose "Manage".
Line 20: Line 23:
[[File:Dl1.png|800px]]
[[File:Dl1.png|800px]]


=Step 2: Click on "Distribution Lists".=
=====Step 2:=====
Select "Distribution Lists", click on the right top gear icon, and choose "New".


[[File:Dl2.png|800px]]
[[File:Dl2.png|800px]]


=Step 3: Enter name for the group.=
=====Step 3:=====
Enter name for the group.


[[File:Dl3.png|800px]]
[[File:Dl3.png|800px]]


=Step 4: Select "Dynamic Group", enter the Member URL, which in our case is: ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)), and select the "Automatically accept" for both subscriptions.=
=====Step 4:=====
 
Select '''Dynamic Group''', enter the Member URL, which in our case is: '''ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales))''', and choose '''Automatically accept''' for both subscriptions.


[[File:Dl4.png|800px]]
[[File:Dl4.png|800px]]


=Step 5: Specify an owner for the group.=
=====Step 5:=====
 
Specify an owner for the group.


[[File:Dl5.png|800px]]
[[File:Dl5.png|800px]]


=Step 6: Review the group Properties to make sure all is set up correctly.=
=====Step 6:=====
 
Review the group Properties to make sure all is set up correctly.


[[File:Dl6.png|800px]]
[[File:Dl6.png|800px]]


==== More information ====
===Create user in AD===
 
For our set up to work, we need to create a user in AD with a specific attribute value as explained at the beginning. 
 
Step 1:
As we see above when we created the dynamic DL, the ldap URL specified was '''ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales))'''. That means all users that has '''Description''' attribute set to '''sales'''. Easy to guess, we are going to place all users from the sales department into the ddl dynamic group. You can of course set this to different names as per the need.
 
[[File:Dl7.png|800px]]
 
Step 2:
When the user is created in AD, we can have a look in the mailbox.log file to see the creation of the user in zimbra.
 
[[File:Dl9.png|1200px]]
 
Step 3:
And finally the user automatically added to the ddl dynamic group, based on the value specified in the '''Description''' field.
 
[[File:Dl8.png|800px]]
 
=== More information ===
 
To double check the attribute has been modified we can run the following command:
 
'''$ zmprov ga sales@azmo.com description'''
# name sales@azmo.com
description: sales

Latest revision as of 14:21, 18 March 2016

How to configure auto-provisioning (autoprov) with dynamic DL

   KB 22567        Last updated on 2016-03-18  




0.00
(0 votes)


Zimbra auto-provisioining and dynamic distribution groups

This article explains how to configure auto-provisioining, if Zimbra is configured to use external LDAP (Active Directory), and then move the newly created users to dynamic DL group/s
More information on how to configure Zimbra with AD can be found: [here], and for auto-provisioning [here]'

Solution

The article assume that you already have auto-provisioning set up, and we will focus on the dynamic DL configuration and how it integrates into the auto-provisioning. If auto-provisioning is not set up, check the link above for more information.

Brief overview of what we are going to do

We will first set a dynamic DL in zimbra, then create a user in AD and test the configuration. The creation of the AD user includes specifying a value for a specific attribute, which will trigger the automatic selection of users to the dynamic DL in zimbra.

Creating dynamic DL

Step 1:

Open AdminUI and choose "Manage".

Dl1.png

Step 2:

Select "Distribution Lists", click on the right top gear icon, and choose "New".

Dl2.png

Step 3:

Enter name for the group.

Dl3.png

Step 4:

Select Dynamic Group, enter the Member URL, which in our case is: ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)), and choose Automatically accept for both subscriptions.

Dl4.png

Step 5:

Specify an owner for the group.

Dl5.png

Step 6:

Review the group Properties to make sure all is set up correctly.

Dl6.png

Create user in AD

For our set up to work, we need to create a user in AD with a specific attribute value as explained at the beginning.

Step 1: As we see above when we created the dynamic DL, the ldap URL specified was ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)). That means all users that has Description attribute set to sales. Easy to guess, we are going to place all users from the sales department into the ddl dynamic group. You can of course set this to different names as per the need.

Dl7.png

Step 2: When the user is created in AD, we can have a look in the mailbox.log file to see the creation of the user in zimbra.

Dl9.png

Step 3: And finally the user automatically added to the ddl dynamic group, based on the value specified in the Description field.

Dl8.png

More information

To double check the attribute has been modified we can run the following command:

$ zmprov ga sales@azmo.com description
# name sales@azmo.com
description: sales
Jump to: navigation, search