Results 1 to 10 of 10

Thread: Is there something like groups?

  1. #1
    gnatbite is offline Intermediate Member
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Question Is there something like groups?

    Hi folks,

    I am preparing my server for the migration from OpenXchange to Zimbra. Right now I am wondering if there is a way in Zimbra to create Groups, which are stored in LDAP? I am asking because we need this feature for other systems within our company to group useraccounts.

    Would be glad if someone could help me out.

    Cheers,

    gnatbite

  2. #2
    alexkelly is offline Trained Alumni
    Join Date
    Oct 2007
    Location
    Columbus, OH
    Posts
    70
    Rep Power
    7

    Default

    I know nothing about openXchange so I don't know how groups are used there. Taking that into account, have you looked at the Class of Service (COS) settings In Zimbra? COS settings allow you to configure things like quota, skins, zimlets, preferences, allowed components. Then users are assigned to a particular COS.

    Again, not knowing how OpenXchange deals with groups...but strictly speaking LDAP, a user can be a member of multiple groups. In Zimbra, a user can only have one COS, so that is one thing to keep in mind.

    I don't know of any other way to "group" accounts in Zimbra.

  3. #3
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    groups in zimbra are called distribution lists. you can assign rights based on them. zimbra uses openldap to store user/groups so if needed you could hook into that, but it doesn't support using an existing ldap server for group storage

  4. #4
    gnatbite is offline Intermediate Member
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Thx for your replies guys. Too bad that there is no simple function for grouping people, aside of using distribution lists. Using distribution lists seems for me like to break a fly on the wheel.
    I think I will create my own LDAP-Objects for that.

    Cheers,

    gnatbite

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,498
    Rep Power
    56

    Default

    I don't really understand what you mean by 'groups', is it Samba Groups you're looking for? If not, perhaps you could expand your explanation or file an RFE in bugzilla if we don't do what you need.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    gnatbite is offline Intermediate Member
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Ok, I will describe it more precisely.

    In our infrastructure we are using already an LDAP server (OpenXchange) which we modified for our needs. No we need to move all our modifications to the Zimbra LDAP server, which are some attributes and special groups. We do need those because we are using not just the Groupware but other systems to authenticate against the LDAP server, e.g. our Linux Desktop Clients. Therefore we need linux based groups like audio, cdrom, lpadmin etc.

    I really dont think that "distribution lists" are the approriate way to implement what we need. In OpenXchange for example there is something called groups which we can use for combine users together. I don't know if someone else would like to have such a feature. If not, we can still do it by ourselfs with some changes to hte Zimbra LDAP tree.

    Cheers,

    gnatbite

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,498
    Rep Power
    56

    Default

    Don't the Samba & Posix extensions do what you want?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    gnatbite is offline Intermediate Member
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    I think it does it partly but I dont know yet exactly. After I had a deeper look into that I will let you know. Thx for your help so far.

    Cheers,

    gnatbite

  9. #9
    gnatbite is offline Intermediate Member
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    After I had a deeper look into the wiki I am back now. This is actually what I was looking for, because I need to have some posixAccount attributes in my user objects.
    The problem is now, that we dont need any samba attributes like discribed in the wiki howto. So I just added the nis.schema. Here is what I actually did:

    1. Created the necessary "zimbra_posixaccount.zip" and deployed it as extension within the Admin-UI. Everythink worked fine so far.
    2. Then I added the "nis.schema" and the according indexes. to LDAP master server and replica server.
    Code:
    include         "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
    # for posixGroups
    index uidNumber                eq
    index gidNumber                eq
    index memberUid                eq
    3. Then I ran the following command to add the objects to my LDAP-Store:
    Code:
    zmprov mcf +zimbraAccountExtraObjectClass posixAccount
    Everything worked out pretty well but now I have the problem, that I can't create any users with the Admin-Interface anymore. When I try to create a new user within the web interface, it says, that I need to specify the posixAccount attributes.

    Code:
    Message: invalid request: createAccount invalid schema change: [LDAP: error code 65 - object class 'posixAccount' requires attribute 'uidNumber'] Error code: service.INVALID_REQUEST Method: CreateAccountRequest Details:soap:Sender
    This makes perfect sense, but now I am wondering how to specify the attributes within the Web-Interface?

    On the command line it works pretty well, when I specify all necessary attributes:

    e.g.:

    Code:
    createAccount mail@zimbra.domain.com myPassword homeDirectory /home/userPath givenName Test sn User loginShell /bin/bash uidNumber 1000 gidNumber 1000
    Would be glad if someone could help me out because I would like to keep the chance creating the users within the Webinterface.

    Cheers,

    gnatbite

  10. #10
    kapn is offline Starter Member
    Join Date
    Sep 2007
    Posts
    2
    Rep Power
    7

    Default can't create user after installing nis.ldif

    I noticed this thread petered out here. I'm trying to set up our Zimbra server as our central auth server.

    I've followed the instructions here:
    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki

    The provided nis.ldif didn't work at all. Ldap wouldn't restart. After I created one using these instructions:
    Installing custom ldap schema 6.0 - Zimbra :: Wiki

    I was able to get ldap to restart. However, I'm unable to create users now. I get the following error:

    ERROR: service.INVALID_REQUEST (invalid request: createAccount invalid schema change: [LDAP: error code 65 - attribute 'uidNumber' not allowed])

    Looks like it has to do with the nis schema. I'm afraid I'm pretty new to ldap, so I'm struggling a bit here. However we did get an OpenLDAP install working before we decided it made more sense to extend our Zimbra server instead. Any help in solving this issue would be appreciated.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Contact Groups
    By msf004 in forum Administrators
    Replies: 1
    Last Post: 08-06-2007, 01:01 PM
  2. Outlook Migration Wizard + Contact Groups
    By thegeekiator in forum Migration
    Replies: 4
    Last Post: 07-13-2007, 03:00 PM
  3. Replies: 0
    Last Post: 06-06-2007, 12:42 PM
  4. Making Groups in address book
    By wizkid in forum Administrators
    Replies: 2
    Last Post: 09-20-2006, 05:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •