How to configure auto-provisioning with dynamic DL

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

How to configure auto-provisioning (autoprov) with dynamic DL

   KB 22567        Last updated on 2016-03-18  




0.00
(0 votes)


Zimbra auto-provisioining and dynamic distribution groups

This article explains how to configure auto-provisioining, if Zimbra is configured to use external LDAP (Active Directory), and then move the newly created users to dynamic DL group/s
More information on how to configure Zimbra with AD can be found: [here], and for auto-provisioning [here]'

Solution

The article assume that you already have auto-provisioning set up, and we will focus on the dynamic DL configuration and how it integrates into the auto-provisioning. If auto-provisioning is not set up, check the link above for more information.

Brief overview of what we are going to do

We will first set a dynamic DL in zimbra, then create a user in AD and test the configuration. The creation of the AD user includes specifying a value for a specific attribute, which will trigger the automatic selection of users to the dynamic DL in zimbra.

Creating dynamic DL

Step 1:

Open AdminUI and choose "Manage".

Dl1.png

Step 2:

Click on "Distribution Lists".

Dl2.png

Step 3:

Enter name for the group.

Dl3.png

Step 4:

Select Dynamic Group, enter the Member URL, which in our case is: ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)), and choose Automatically accept for both subscriptions.

Dl4.png

Step 5:

Specify an owner for the group.

Dl5.png

Step 6:

Review the group Properties to make sure all is set up correctly.

Dl6.png


Create user in AD

For our set up to work, we need to create a user in AD with a specific attribute value as explained at the beginning.

Step 1: As we see above when we created the dynamic DL, the ldap URL specified was ldap:///??sub?(&(objectClass=zimbraAccount)(description=sales)). That means all users that has Description attribute set to sales. Easy to guess, we are going to place all users from the sales department into the ddl dynamic group. You can of course set this to different names as per the need.

Dl7.png

Step 2: When the user is created in AD, we can have a look in the mailbox.log file to see the creation of the user.

Dl9.png

Step 3: And finally the user automatically added to the ddl dynamic group, based on the value specified in the Description field.

Dl8.png


More information

To double check the attribute has been modified we can run the following command:

$ zmprov ga sales@azmo.com description
# name sales@azmo.com
description: sales
Jump to: navigation, search