How to configure auto-provisioning with dynamic DL
- 1 How to configure auto-provisioning (autoprov) with dynamic DL
How to configure auto-provisioning (autoprov) with dynamic DL
Zimbra auto-provisioining and dynamic distribution groups
- This article explains how to configure auto-provisioining, if Zimbra is configured to use external LDAP (Active Directory), and then move the newly created users to dynamic DL group/s
- More information on how to configure Zimbra with AD can be found: [here], and for auto-provisioning [here]'
The article assume that you already have auto-provisioning set up, and we will focus on the dynamic DL configuration and how it integrates into the auto-provisioning. If auto-provisioning is not set up, check the link above for more information.
Brief overview of what we are going to do
We will first set a dynamic DL in zimbra, then create a user in AD and test the configuration. The creation of the AD user includes specifying a value for a specific attribute, which will trigger the automatic selection of users to the dynamic DL in zimbra.
Creating dynamic DL
Open AdminUI and choose "Manage".
Click on "Distribution Lists".
Enter name for the group.
Select Dynamic Group, enter the Member URL, which in our case is: ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)), and choose Automatically accept for both subscriptions.
Specify an owner for the group.
Review the group Properties to make sure all is set up correctly.
Create user in AD
For our set up to work, we need to create a user in AD with a specific attribute value as explained at the beginning.
Step 1: As we see above when we created the dynamic DL, the ldap URL specified was ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)). That means all users that has Description attribute set to sales. Easy to guess, we are going to place all users from the sales department into the ddl dynamic group. You can of course set this to different names as per the need.
Step 2: When the user is created in AD, we can have a look in the mailbox.log file to see the creation of the user.
Step 3: And finally the user automatically added to the ddl dynamic group, based on the value specified in the Description field.
To double check the attribute has been modified we can run the following command:
$ zmprov ga email@example.com description # name firstname.lastname@example.org description: sales