Results 1 to 9 of 9

Thread: Auto Creating accounts through LDAP

  1. #1
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default Auto Creating accounts through LDAP

    Hello,

    I'm curious if accounts can be autocreated simply by adding an entry for the user in LDAP. We use Novell eDirectory on our internal network (which is just glorified ldap really). For security reasons we don't really want stuff in our DMZ with access internally to authenticate. Therefro we have a program called Novell Identity Manager. This uses eDirectory as a "identity store", and when I add or modify users, it populates an OpenLDAP tree with the same information. You do this through defining attribute mappings, since novell can sometimes have different names for attributes, and other rules you can create that will like automaticly add attributes to a user that a specific application may need.

    We had this working in our current method of Cyrus + eGroupware since cyrus has autocreateinbox upon successful authentication and eGroupware can auto create users and assign them to a default group upon authentication.

    So my question is, if I can make it so when a new user is added to our internal novell edirectory the user is created in teh zimbra ldap tree under ou=poeple complete with all the needed attributes like zimbraMailTransport, etc... will zimbra recognize them when they try to login? Or is there more going on behind the scenes when you add a user through the UI than just creating them in the ldap tree.

    Thanks for any help!

  2. #2
    Leesbian is offline Active Member
    Join Date
    May 2007
    Location
    London, UK
    Posts
    26
    Rep Power
    8

    Default

    I'm also interested in this - it would be much cleaner to just create a new LDAP record than to spawn an external zmprov process, which is the only other way I can see of creating new users in an automated fashion.

    Bdial - have you actually tried this to see what happens?

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    You'll need to provision them with a script, at the moment. There are a couple of threads, IIRC, in the forums about this. There's also an RFE in bugzilla for auto provisioning - search and vote.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Leesbian is offline Active Member
    Join Date
    May 2007
    Location
    London, UK
    Posts
    26
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    You'll need to provision them with a script, at the moment. There are a couple of threads, IIRC, in the forums about this. There's also an RFE in bugzilla for auto provisioning - search and vote.
    Will do.

    I've found com.zimbra.cs.account.ProvUtil, which is the actual zmprov command... seems that the best way (for now) to handle automated provisioning is going to be to use the java class directly, rather than spawn an external process of zmprov. Obviously, with a java system, that isn't a problem. Should be reasonably easy with PHP too, now that it has support for using Java classes.

    Still, I'd have like to have just been able to populate my LDAP directory, so my provisioning would effectively be completely decoupled from Zimbra - and it would be usable with a load of LDAP utilities that already exist... which is good for Zimbra - makes it easier for admins to manage, and less of a barrier to entry

  5. #5
    jslilly is offline New Member
    Join Date
    Jul 2007
    Posts
    3
    Rep Power
    8

    Default

    Leesbian,

    I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.

    Were you able to resolve your LDAP provisioning issues? If so, what route did you take?

    Thanks.

  6. #6
    Leesbian is offline Active Member
    Join Date
    May 2007
    Location
    London, UK
    Posts
    26
    Rep Power
    8

    Default

    Quote Originally Posted by jslilly View Post
    Leesbian,

    I am in the planning phase for a migration to Zimbra, but the various LDAP issues are a barrier for me as well.

    Were you able to resolve your LDAP provisioning issues? If so, what route did you take?

    Thanks.
    I've found details of the SOAP API which has commands for creating and modifying accounts, so we're going to use that for now. Once we've got that working, and I have the time I'm going to investigate the LDAP further, although I need to pull apart the ProvUtil to see if it really does do anything else other than create and modify LDAP entries.

    I may end up having to create some form of LDAP->Zimbra proxy that doesn't synchronise LDAP per se, but modifies/creates/deletes accounts using the Zimbra SOAP API based on the external LDAP directory.

    If I get any further, I'll let you know

  7. #7
    jslilly is offline New Member
    Join Date
    Jul 2007
    Posts
    3
    Rep Power
    8

    Default

    After further review, it looks like the SOAP API will need to be our solution as well. However, I am having difficulty finding any information about the API (other than the fact that it exists). Have you found any decent references?

    Thanks again.

  8. #8
    Leesbian is offline Active Member
    Join Date
    May 2007
    Location
    London, UK
    Posts
    26
    Rep Power
    8

    Default

    Quote Originally Posted by jslilly View Post
    After further review, it looks like the SOAP API will need to be our solution as well. However, I am having difficulty finding any information about the API (other than the fact that it exists). Have you found any decent references?

    Thanks again.
    No, I haven't - it's why it took me so long to come up with this solution

    Zimbra really need to get the SOAP API properly documented, and some form of PDF manual placed online, with examples (or even something similar to the flickr API documentation).

    Apparently there is a REST API too, but I've only found 1 or 2 examples of its usage...

    I think the best you can hope for is looking in /opt/zimbra/doc - but apparently these docs (in .txt format ) are only available if you've installed Network edition.

  9. #9
    jslilly is offline New Member
    Join Date
    Jul 2007
    Posts
    3
    Rep Power
    8

    Default

    There appear to be a number of people experiencing similar frustration.

    I have just downloaded the Network Edition. I will install my OS (Ubuntu 6.0.6 Server) after my memory check completes. Once that is done, I will install Zimbra and hopefully be able to find something. I will update this thread if I find anything.

    Please update this thread while you (hopefully!) progress as well. Who knows, maybe we can come up with something informal to save others the same trouble.

    Kind regards.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External LDAP - auto Account creation
    By nepenthe in forum Administrators
    Replies: 9
    Last Post: 08-20-2008, 10:05 AM
  2. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM
  5. Replies: 4
    Last Post: 11-15-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •