How to restore deleted user from LDAP: Difference between revisions
(→Issue) |
|||
Line 5: | Line 5: | ||
==Issue== | ==Issue== | ||
<br> | <br> | ||
A user (rambo@domain.com) has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow | A user (rambo@domain.com) has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow make it usable again. | ||
<br> | <br> | ||
==Resolution== | ==Resolution== | ||
<br> | <br> |
Revision as of 15:45, 22 June 2017
How to restore deleted user from LDAP
Issue
A user (rambo@domain.com) has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow make it usable again.
Resolution
Recreating the user in LDAP is not the most convenient way, as it has many unique attributes, and it will take a long time creating a script to add the entry in LDAP.
Steps:
1. Create a new user, identical to the one missing in ldap. zmcontrol ca rambo@domain.com zimbra 2. Find out the zimbraId of the old user
$ mysql -e "select account_id from zimbra.mailbox where comment='rambo@domain.com';" +--------------------------------------+ | account_id | +--------------------------------------+ | 99f21457-8a58-4007-b80c-1482a414b21e | | acc90506-4826-481f-92b6-07bac9651b3a | +--------------------------------------+
We see two ids, because one is for the original user, and the second is for the newly added one. We are interested in the above account_id.
3. When we have the zimbraId of the old user, we can now go ahead and link the new user with the old user mysql data:
- go to the master ldap server and execute these commands:
$ source ~/bin/zmshutil; zmsetvars $ ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password dn: uid=rambo,ou=people,dc=domain,dc=com changetype: modify replace: zimbraId zimbraId: 99f21457-8a58-4007-b80c-1482a414b21e Ctrl -D modifying entry "uid=rambo,ou=people,dc=domain,dc=com"
Note:
1. The zimbraId in the above command is the zimbraId of the old user.
2. If you have more than one master server, this command will fail, because the output from this variable $ldap_master_url is more than one server. Run echo and this variable to see the master servers, and choose one of them in the command, instead of the variable. The rest of the variables can be left like that.