Difference between revisions of "How to restore deleted user from LDAP"

(Issue)
(How to restore deleted user from LDAP)
Line 5: Line 5:
 
==Issue==
 
==Issue==
 
<br>
 
<br>
A user (rambo@domain.com) has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow make it usable again.  
+
A user (''rambo@domain.com'') has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow make it usable again.  
 
<br>
 
<br>
  
Line 12: Line 12:
 
Recreating the user in LDAP is not the most convenient way, as it has many unique attributes, and it will take a long time creating a script to add the entry in LDAP.  
 
Recreating the user in LDAP is not the most convenient way, as it has many unique attributes, and it will take a long time creating a script to add the entry in LDAP.  
  
Steps:
+
'''Steps:'''
  
'''1.''' Create a new user, identical to the one missing in ldap.  
+
'''1.''' Create a new user, ''identical'' to the one missing in ldap.<br>
zmcontrol ca rambo@domain.com zimbra
+
zmcontrol ca rambo@domain.com zimbra
'''2.''' Find out the zimbraId of the old user
+
'''2.''' Find out the ''zimbraId'' of the old user.
  
 
  $ mysql -e "select account_id from zimbra.mailbox where comment='rambo@domain.com';"
 
  $ mysql -e "select account_id from zimbra.mailbox where comment='rambo@domain.com';"
Line 25: Line 25:
 
  | acc90506-4826-481f-92b6-07bac9651b3a |
 
  | acc90506-4826-481f-92b6-07bac9651b3a |
 
  +--------------------------------------+
 
  +--------------------------------------+
 +
 +
We see two ids, because one is for the original user, and the second is for the newly added one. We are interested in the above ''account_id''.
 +
<br>
 
<br>
 
<br>
We see two ids, because one is for the original user, and the second is for the newly added one. We are interested in the above account_id.
+
'''3.'''  When we have the ''zimbraId'' of the old user, we can now go ahead and link the new user with the old user's mysql data:
 
 
'''3.'''  When we have the zimbraId of the old user, we can now go ahead and link the new user with the old user mysql data:
 
  
 
*go to the master ldap server and execute these commands:  
 
*go to the master ldap server and execute these commands:  
Line 43: Line 44:
  
  
'''Note''':  
+
'''Note''':<br>
1. The zimbraId in the above command is the zimbraId of the old user.  
+
1. The ''zimbraId'' in the above command is the ''zimbraId'' of the old user.<br>
2. If you have more than one master server, this command will fail, because the output from this variable $ldap_master_url is more than one server. Run echo and this variable to see the master servers, and choose one of them in the command, instead of the variable. The rest of the variables can be left like that.  
+
2. If you have more than one master server, this command will fail, because the output from this variable ''$ldap_master_url'' is more than one server. Run ''echo'' against this variable to see the master servers, and choose one of them in the command, instead of the variable. The rest of the variables can be left like that.  
 
 
 
 
 
 
 
 
 
 
  
  

Revision as of 15:55, 22 June 2017

How to restore deleted user from LDAP

   KB 23247        Last updated on 2017-06-22  




0.00
(0 votes)


Issue


A user (rambo@domain.com) has been deleted from LDAP, but its MySQL data is available. We need to re-create the user in LDAP or somehow make it usable again.

Resolution


Recreating the user in LDAP is not the most convenient way, as it has many unique attributes, and it will take a long time creating a script to add the entry in LDAP.

Steps:

1. Create a new user, identical to the one missing in ldap.

zmcontrol ca rambo@domain.com zimbra

2. Find out the zimbraId of the old user.

$ mysql -e "select account_id from zimbra.mailbox where comment='rambo@domain.com';"
+--------------------------------------+
| account_id                           |
+--------------------------------------+
| 99f21457-8a58-4007-b80c-1482a414b21e |
| acc90506-4826-481f-92b6-07bac9651b3a |
+--------------------------------------+

We see two ids, because one is for the original user, and the second is for the newly added one. We are interested in the above account_id.

3. When we have the zimbraId of the old user, we can now go ahead and link the new user with the old user's mysql data:

  • go to the master ldap server and execute these commands:
$ source ~/bin/zmshutil; zmsetvars
$ ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password
dn: uid=rambo,ou=people,dc=domain,dc=com
changetype: modify
replace: zimbraId
zimbraId: 99f21457-8a58-4007-b80c-1482a414b21e
Ctrl -D

modifying entry "uid=rambo,ou=people,dc=domain,dc=com"


Note:
1. The zimbraId in the above command is the zimbraId of the old user.
2. If you have more than one master server, this command will fail, because the output from this variable $ldap_master_url is more than one server. Run echo against this variable to see the master servers, and choose one of them in the command, instead of the variable. The rest of the variables can be left like that.


Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 28/06/2017
Article ID: https://wiki.zimbra.com/index.php?title=How_to_restore_deleted_user_from_LDAP Date Modified: 2017-06-22



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 COPY EDITOR Last edit by Teodor Vizirov
Jump to: navigation, search