External LDAP - auto Account creation

[nepenthe]

Hi Guys,

I've just set up the GA release on a FC4 and everything is running fine.

It's looking really great! However.. ..

I have authentication via External LDAP to our site-wide LDAP servers.

Whilst the external ldap authentication works fine, it requires me to add each account to Zimbra by hand. Is this correct functionality?

e.g. We have ~1200 users in our LDAP, do I need to add each of these accounts one at a time? Ideally Zimbra would read off our internal LDAP servers dynamically, i.e. if we add a new account to our internal LDAP servers, the user will automatically get a mail account in Zimbra. I have seen the batch-provisioning command (zmprov) which uses a text file of usernames, but this would only work at the initial setup stage. After that, we would still need to keep our internal LDAP servers and the Zimbra accounts in sync manually.

Am i going about this the wrong way?

At this point I haven't added the Zimbra LDAP schema to our site-wide schema, but can do so if that is required.

Any instruction on how to make this setup work would be great. I've looked thru the doco and forums but can't find anything relevant.

Cheers

J

[marcmac]

we don't currently support provisioning of the type you've described. If you want to avoid creating all the accounts by hand via the UI, you can write a simple script to dump your account db and use zmprov to create the accounts in zimbra.

[croffler]

I have the same issue ! Are there any plans to suppor this auto creation of users ?

Chris

[fmodola]

I'm not developer, but I think that a Perl script (that finds out informations about accounts in a branch of the LDAP tree source) can do the trick.

The input arguments would be the source DN, and the most useful would be that the script runs every day in order to sync the modifications on the source LDAP tree (if your accounts' source is an LDAP tree).

I think it would be great too if this script could search through any LDAP tree (MS Active Directory, Novell eDirectory, OpenLDAP, etc ...).

Is there a developer ready to write that script ???

[croffler]

It would be nice if this could run in an automated mode. For example, the authentication is done via LDAP, if the user exists in LDAP, zimbra checks if the user exist in Zimbra, if not it will automatically create the user in Zimbra.

I am using OTRS www.otrs.org, they do exactly that. It is writen in perl and you can map all attributes in ldap to there internal attributes.

Chris

[phoenix]

Quote:

Originally Posted by spacegoose

I'm using external LDAP auth, and would like it if Zimbra auto-created the zimbra mailbox if the external LDAP auth is successful and the acct doesn't already exist in zimbra.

There's already a request in bugzilla for this feature, search and vote.

Quote:

Originally Posted by spacegoose

Would also like a script that would auto-create the accounts from a dump of my external LDAP - but this would be less ideal than the above automatic solution.

Check in bugzilla if there's already an RFE, if not file one and vote on it.

[spacegoose]

I'm using external LDAP auth, and would like it if Zimbra auto-created the zimbra mailbox if the external LDAP auth is successful and the acct doesn't already exist in zimbra.

Would also like a script that would auto-create the accounts from a dump of my external LDAP - but this would be less ideal than the above automatic solution.

Thanks,
s g

[r0b0t]

We need to the same thing plus more. Our organization environment is dynamic and users will get different COS depending on certain attributes. This is not just during account creation but is ongoing. to make matters worst it doesn't look like openLdap has any kind of changelog to figure out what changed/created/deleted.

[bdial]

You'd want something like Novell's Identity Manager.

[nrc]

You want to vote for Bug #2235 - Auto Provision New Accounts with External LDAP.