Zmprov

(Redirected from Zmprov (Provisioning))

Zmprov

   KB 1395        Last updated on 2015-10-19  




0.00
(0 votes)

For the most recent information on this CLI, including syntax and description, see ZCS Administrator's Guide Network Edition > Appendix A Command-Line Utilities.

Important: When using international symbols as attribute values for create* and modify* commands make sure LC_ALL environment variable is set to the value corresponding the character set you enter new values in.

ZCS 6.0.x

  • Bug 23920 - a new CLI command, zmprov desc, prints all attribute names.
  • Bug 32321 - zmprov usage for gaa now requires -l in the command so that account information is retrieved via LDAP.
Important: When upgrading - If you created a script using zmprov gaa to retrieve all accounts, you will need to modify the script to include -l in the command.
  • Bug 33973 - A new option was added to the zmprov CLI to force the command to use the value of ldap_master_url when retrieving information (zmprov -l -m)

zmprov (Provisioning)

The zmprov tool performs all provisioning tasks in Zimbra LDAP, including creating accounts, aliases, domains, COS, distribution lists, and calendar resources. Each operation is invoked through command-line options, each of which has a long name and a short name.

The syntax for modify can include the prefix “+” or “-” so that you can make changes to the attributes affected and do not need to reenter attributes that are not changing.

  • Use + to add a new instance of the specified attribute name without changing any existing attributes.
  • Use - to remove a particular instance of an attribute.

Syntax

zmprov [cmd] [argument]

The following objects use this syntax:

  • ModifyAccount
  • ModifyDomain
  • ModifyCos
  • ModifyServer
  • ModifyConfig
  • ModifyDistributionList
  • ModifyCalendarResource

The following example would add the attribute zimbraZimletUserProperties with the value “blue” to user 1 and would not change the value of any other instances of that attribute.

zmprov ma user1 +zimbraZimletUserProperties "com_company_testing:favoriteColor:blue"

Description

The commands in the following table are divided into the tasks types - General, Account, Calendar Resources, Config, COS, Distribution List, Documents, Domain, Server, and Miscellaneous.

Long Name Short Name Description
General Options
--help -h display usage
--file -f use file as input stream
--server -s {host}[:{port}] server hostname and optional port
--ldap -l provision via LDAP instead of SOAP
--log property file -L log 4j property file, valid only with -l
--account {name} -a account name to auth as
--password {pass} -p password for account
--passfile {file} -P read password from file
--zadmin -z use Zimbra admin name/password from localconfig for admin/password
--authtoken (authtoken) -y use auth token string (has to be in JSON format) from command line
--authtoken (authtoken file) -Y use auth token string (has to be in JSON format) from command line
--verbose -v verbose mode (dumps full exception stack trace)
--debug -d/ debug mode (dumps SOAP messages)
--master -m use LDAP master. This only valid with -l
Account Provisioning Commands
addAccountAlias aaa {name@domain|id|adminName} {alias@domain}

zmprov aaa joe@domain.com joe.smith@engr.domain.com

checkPasswordStrength cps Syntax: {name@domain|id} {password}

Note: This command does not check the password age or history.

zmprov cps joe@domain.com test123

createAccount ca Syntax:{name@domain} {password} [attribute1 value1 etc]

Type on one line.

zmprov ca joe@domain.com test123 displayName JSmith

createDataSource cds {name@domain} {ds-type} {ds-name} [attr1 value1 [attr2 value2...]]
createIdentity cid {name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
createSignature csig {name@domain} {signature-name} [attr1 value1 [attr2 value2...]]
deleteAccount da Syntax:{name@domain|id|adminName}

zmprov da joe@domain.com

deleteDataSource dds {name@domain|id} {ds-name|ds-id}
deleteIdentity did {name@domain|id} {identity-name}
deleteIdentity did {name@domain|id} {identity-name}
deleteSignature dsig {name@domain|id} {signature-name}
getAccount ga Syntax:{name@domain|id|adminName}

zmprov ga joe@domain.com

getAccountMembership gam {name@domain|id}
getAllAccounts gaa Syntax: [-v] [{domain}]

zmprov -l gaa

zmprov -l gaa -v domain.com

getAllAdminAccounts gaaa Syntax: gaaa

zmprov gaaa

getDataSources gds {name@domain | id} [arg 1 [arg 2...]]
getIdentities gid {name@domain | id} [arg 1 [arg 2...]]
getSignatures gsig {name@domain | id} [arg 1 [arg 2...]]
modifyAccount ma {name@domain|id|adminName} [attribute1 value1 etc]

zmprov ma joe@domain.com zimbraAccountStatus maintenance

modifyDataSource mds {name@domain | id} {ds-name |ds-id} [attr 1 value 1 [attr2 value 2...]]
modifyIdentity mid {name@domain |id} {identity-name} [attr 1 value 1 [attr 2 value 2...]]
modifySignature msig {name@domain |id} {signature-name | signature-id} [attr 1 value 1 [attr 2 value 2...]]
removeAccountAlias raa {name@domain|id|adminName} {alias@domain}

zmprov raa joe@domain.com joe.smith@engr.domain.com

renameAccount ra {name@domain|id} {newname@domain}

zmprov ra joe@domain.com joe23@domain.com

Note: After you rename an account, you should run a full backup for that account.

zmbackup -f - <servername.com> -a <newaccountname@servername.com>

setAccountCOS sac {name@domain|id|adminName} {cos-name|cos-id}

zmprov sac joe@domain.com FieldTechnician

setPassword sp {name@domain|id|adminName} {password}

Note: Passwords cannot included accented characters in the string. Example of accented characters that cannot be used: ã, é, í, ú, ü, ñ.

zmprov sp joe@domain.com test321

Calendar Resource Provisioning Commands
createCalendarResource ccr {name@domain} [attr1 value1 [attr2 value2...]]
deleteCalendarResource dcr {name@domain|id}
getAllCalendarResources gacr [-v] [{domain}]
getCalendarResource gcr {name@domain|id}
modifyCalendarResource mcr {name@domain|id} [attr1 value1 {attr2 value2...]]
renameCalendarResource rcr {name@domain|id} {newName@domain}
searchCalendarResources scr [-v] domain attr op value {attr op value...]
Free Busy Commands
getAllFbp gafbp [-v]
getFreebusyQueueInfo gfbqi [{provider-name}]
pushFreebusy pfb {domain | account-id} [account-id...]
Domain Provisioning Commands
countAccount cta {domain|id}

This lists each COS, the COS ID and the number of accounts assigned to each COS

createAliasDomain cad {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]]
createDomain cd {domain} [attribute1 value1 etc]

zmprov cd mktng.domain.com zimbraAuthMech zimbra

deleteDomain dd {domain|id}

zmprov dd mktng.domain.com

getDomain gd {domain|id}

zmprov gd mktng.domain.com

getDomainInfo gdi name|id|virtualHostname {value} [attr1 [attr2...]]
getAllDomains gad [-v]
modifyDomain md {domain|id} [attribute1 value1 etc]

zmprov md domain.com zimbraGalMaxResults 500

Note:Do not modify zimbraDomainRenameInfo manually. This is automatically updated when a domain is renamed.

renameDomain rd {domain|id} {newDomain}

Note: renameDomain can only be used with “zmprov -l/--ldap”.

COS Provisioning Commands
copyCos cpc {src-cos-name|id} {dest-cos-name}
createCos cc {name} [attribute1 value1 etc]

zmprov cc Executive zimbraAttachmentsBlocked FALSE zimbraAuthTokenLifetime 60m zimbraMailQuota 100M zimbraMailMessageLifetime 0

deleteCos dc {name|id}

zmprov dc Executive

getCos gc {name|id}

zmprov gc Executive

getAllCos gac [-v]

zmprov gac -v

modifyCos mc {name|id} [attribute1 value1 etc]

zmprov mc Executive zimbraAttachmentsBlocked TRUE

renameCos rc {name|id} {newName}

zmprov rc Executive Business

Server Provisioning Commands
createServer cs {name} [attribute1 value1 etc]
deleteServer ds {name|id}

zmprov ds domain.com

getServer gs {name|id}

zmprov gs domain.com

getAllServers gas [-v]

zmprov gas

getAllReverseProxyBackends garpb
modifyServer ms {name|id} [attribute1 value1 etc]

zmprov ms domain.com zimbraVirusDefinitionsUpdateFrequency 2h

getAllReverseProxyURLs garpu Used to publish into nginx.conf what servers should be used for reverse proxy lookup.
getAllMtaAuthURLs gamau Used to publish into saslauthd.conf what servers should be used for saslauthd.conf MTA auth
getAllMemcachedServers gamcs Used to list memcached servers (for nginix use).
Config Provisioning Commands
getAllConfig gacf [-v]

All LDAP settings are displayed

getConfig gcf {name}
modifyConfig mcf attr1 value1

Modifies the LDAP settings.

Distribution List Provisioning Commands
createDistributionList cdl {list@domain}

zmprov cdl needlepoint-list@domain.com

addDistributionListMember adlm {list@domain|id} {member@domain}

zmprov adlm needlepoint-list@domain.com singer23@mail.free.net

removeDistributionListMember rdlm {list@domain|id}

zmprov rdlm needlepoint-list@domain.com singer23@mail.free.net

getAlldistributionLists gadl [-v]
get DistributionListmembership gdlm {name@domain|id}
getDistributionList gdl {list@domain|id}

zmprov gdl list@domain.com

modifyDistributionList mdl {list@domain|id} attr1 value1 {attr2 value2...}

zmprov mdl list@domain.com

deleteDistributionList ddl {list@domain|id}
addDistributionListAlias adla {list@domain|id} {alias@domain}
removeDistributionListAlias rdla {list@domain|id} {alias@domain}
renameDistributionList rdl {list@domain|id} {newName@domain}
Zimbra Documents Provisioning Commands
importNotebook impn {name@domain} {directory} {folder}

Before importing files, any file that will become a Documents page (wiki-style page), must be renamed to include the extension “.wiki”. If not it is imported as a file, accessed either as an attachment or an image.

impn joe@domain.com /opt/zimbra/wiki/template template

initNotebook in [{name@domain}]

in joe@domain.com

initDomainNotebook idn {domain} [{name@domain}]

Creates the domain Documents account

idn domain.com domainwiki@domain.com

UpdateTemplates ut [-h host] {template-directory}
Mailbox Commands
getMailboxInfo--- gmi {account}
getQuotaUsage--- gqu {server}
reIndexMailbox rim {name@domain|id} {action} [{reindex-by} {value1} [value2...]]
RecalculateMailboxCounts rmc {name@domain|id}

When unread message count and quota usage are out of sync with the data in the mailbox, use this command to immediately recalculate the mailbox quota usage and unread messages count.

Important:Recalculating mailbox quota usage and message count should be schedule to run in off peak hours and used on one mailbox at a time.

selectMailbox sm {account-name} [{zmmailbox commands}]
Logs
addAccount Logger aal {name@domain|id} {logging-category} {debug|info|warn|error}

Creates custom logging for a single account

getAccountLoggers gal [-s/--server hostname] {name@domain|id} {logging-category} {debug|info|warn|error}
getAllAccountLoggers gaal [-s/--server hostname]

Shows all individual custom logger account

removeAccountLogger ral [-s/ --server hostname] {name@domain|id} {logging-category}

When name@domain is specified, removes the custom logger created for the account otherwise removes all accounts all account loggers from the system.

See the zmprov Log Categories for a list of logging categories.
Search
searchGAL sg {domain} {name}

zmprov sg joe

autoCompleteGal acg {domain} {name}
searchAccounts sa [-v] {ldap-query} [limit] [offset] [sortBy {attribute} [sortAscending 0|1] [domain {domain}]
Share Provisioning Commands
For a GUI view of results, see Distribution List Shares tab on the administration console
getPublishedDistributionListShareInfo gpdlsi {dl-name|dl-id} [{owner-name|owner-id}]
getShareInfo gsi {owner-name|owner-id}
publishDistribtionListShareInfo pdlsi {+|-} {dl-name@domain|id} {owner-name|owner-id} [{folder-path|folder-id}]
Miscellaneous Provisioning Commands
describe desc [[-v] [-ni] [{entry-type}]] | [-a {attribute-name}]

Prints all attribute names (account, domain, COS, servers, etc.).

generateDomainPreAuthKey gdpak {domain|id}

Generates a pre-authentication key to enable a trusted third party to authenticate to allow for single-sign on. Used in conjunction with GenerateDomainPreAuth.

generateDomainPreAuth gdpa {domain|id} {name} {name|id|foreignPrincipal} {timestamp|0} {expires|0}

Generates preAuth values for comparison.

syncGal syg {domain} [{token}]
flushCache fc [skin|local|account|config|cos|domain|server|zimlet} [name1|id]

Flush cached LDAP entries for a type. See Flushing LDAP Cache

getAccountLogger gal [-s /--server hostname] {name@domain | id}
Commands specific to Zimbra IMAP/POP proxy
getAllReverseProxyURLs garpu Used to publish into nginx.conf what servers should be used for reverse proxy lookup.
getAllMtaAuthURLs gamau Used to publish into saslauthd.conf what servers should be used for saslauthd.conf MTA auth
getAllMemcachedServers gamcs Used to list memcached servers (for nginix use).

Examples

  • Create one account with a password that is assigned to the default COS.
zmprov ca name@domain.com password
  • Create one account with a password that is assigned to a specified COS. You must know the COS ID number. To find a COS ID, type zmprov gc <COSname>.
zmprov ca name@domain.com password zimbraCOSId cosIDnumberstring
  • Create one account when the password is not authenticated internally.
zmprov ca name@domain.com ‘’
Note: The empty single quote is required and indicates that there is no local password.
  • Using a batch process to create accounts, see the Managing the Zimbra Collaboration Suite chapter in the Zimbra Administration Guide for the procedure.
  • Add an alias to an account.
zmprov aaa accountname@domain.com aliasname@domain.com
  • Create distribution list. The ID of the distribution list is returned.
zmprov cdl listname@domain.com
  • Add a member to a distribution list.
Tip: You can add multiple members to a list from the administration console.
zmprov adlm listname@domain.com member@domain.com
  • Change the administrator’s password. Use this command to change any password. Enter the address of the password to be changed.
zmprov sp admin@domain.com password
  • Create a domain that authenticates against zimbra OpenLDAP.
zmprov cd marketing.domain.com zimbraAuthMech zimbra
  • Set the default domain.
zmprov mcf zimbraDefaultDomainName domain1.com
  • To list all COSs and their attribute values.
zmprov gac -v
  • To list all user accounts in a domain (domain.com)
zmprov gaa domain.com
  • To list all user accounts and their configurations
zmprov gaa -v domain.com
  • To enable logger on a single server
zmprov +zimbraServiceEnabled logger

Then type zmloggerctl start, to start the logger.

  • To modify the purge interval, set zimbraMailPurgeSleepInterval to the duration of time that the server should “sleep” between every two mailboxes. Type:
zmprov ModifyServer <server-name> zimbraMailPurgeSleepInterval <Xm>

X is the duration of time between mailbox purges; m represents minutes. You could also set <xh> for hours.

  • Modify zimbraNewMailNotification to customize the notification email template. A default email is sent from Postmaster notifying users that they have received mail in another mailbox. To change the template, you modify the receiving mailbox account. The variables are:
    • ${SENDER_ADDRESS}
    • ${RECIPIENT_ADDRESS}
    • ${RECIPIENT_DOMAIN}
    • ${NOTIFICATION_ADDRESSS}
    • ${SUBJECT}
    • ${NEWLINE}

You can specify which of the above variables appear in the Subject, From, or Body of the email. The following example is changing the appearance of the message in the body of the notification email that is received at name@domain.com. You can also change the template in a class of service, use zmprov mc. The command is written on one line.

zmprov ma name@domain.com zimbraNewMailNotificationBody ‘Important message from ${SENDER_ADDRESS}.${NEWLINE}Subject:${SUBJECT}’

ZCS 5.0


  • Bug 30948 - Documents wiki templates on all domains can be upgraded at once using zmprov ut. This updates the Notebook templates for all Notebook system accounts including domain Notebook accounts. This is upgraded on a per server basis. -h is used to specify the target host for zmprov ut.

ZCS 4.5

Related Articles


Verified Against: ZCS 6.0.x Date Created: 4/5/2006
Article ID: https://wiki.zimbra.com/index.php?title=Zmprov Date Modified: 2015-10-19



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search