ldapadd

[aurfalien]

Hi all majestic users of Zimbra,

I've an OpenLDAP server setup on Centos with about 65 user entires.

I need Zimbra to have the same users, can I just ldapadd an ldif file with my entires from my existing LDAP server w/o screwing anything up?

I noticed Zimbra uses MySQL, whats it for and will it need the user entries as well?

My ultimate goal would be to have Zimbra get complete info from our existing LDAP db but since Zimbra doesn't truly integrate with an existing dir server and only supports external auth, I need some way of having the Zimbra LDAP get all its user info from my primary LDAP.

I actually don't mind having 2 separate LDAP dbs as we have an internal web portal that I am building and will fork out requests to both LDAP servers.

I had already asked support if I could use Zimbra LDAP as a primary auth for workstations but they said NO. My Centos LDAP functions as a workstation login service and Zimbra LDAP will be the mail/calendar/collab service.

My bosses love the Zimbra calendar or else I woulda chucked Zimbra as who needs the headache of trying to maintain 2 diff LDAP servers.

[phoenix]

You'll need to dump the LDAP user entries and then provision them in Zimbra with zmprov (you'll find some scripts in the forums if you search). Do not, under any circumstances, modify the Zimbra LDAP as you may break your system.

You might also like to review this document: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

Please update your forum profile with the output of the following:

Code:

zmcontrol -v

[aurfalien]

Wow, thanks for this awsome info.

Very much appreciative.

Can I also ldapadd manually if I include all the fields in an ldif file;

dn: uid=newuser,ou=people,dc=company,dc=com
zimbraMailTransport: lmtp:mail.company.com:7025
zimbraMailDeliveryAddress: newuser@company.com
givenName: New
sn: User
telephoneNumber: 867-5309
zimbraId: fffccfd3-b9f9-4492-a8cf-06970bbb580d
zimbraMailStatus: enabled
mail: newuser@company.com
displayName: New User
uid: newuser
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
cn: New User
zimbraMailHost: mail.company.com

My goal is to add users via some PHP using our internal web.

[markfennell]

I too am VERY interested in the possibility of using ldapadd. However, this
makes it sound like a bad idea...

Quote:

Do not, under any circumstances, modify the Zimbra LDAP as you may break your system.

Have you made any progress on this?
I've successfully done some monkeying around such as using ldapmodify to change a user's SN. So I'm inclined to think that as long as you leave the zimbra* attributes alone, ldapmodify is ok. Of course, ldapadd would, by it's nature, touch zimbra* attributes in the directory. Thanks.
mf

[aurfalien]

Hi Mark,

I tried 2 approaches;

1 - Make my Zimbra box a Samba domain and an LDAP domain. I followed this article with success;

UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

and

Zimbra & Samba -- error joining machine to Domain

2 - Using an external OpenLDAP server and then using a script with some custom mods called zmexternaldirsync.

What this does is provisions a user(s) in Zimbra that matches a user(s) in your external dir like OpenLDAP, etc...

I decided on option 2 because i didn't want to worry about a very customized Zimbra install for upgrade purposes down the line.

Plus, I had to incorporate Drupal LDAP integration which was easier using OpenLDAP as the Drupal modules already exist.

I can email you the zmexternaldirsync stuff.

I am very surprised that Zimbra can't really integrate into an external directory. Having to create the user twice is not external directory integration in my opinion.

[wheel]

Hi,

I'm doing something similar to what you were doin Mark.

I have a OpenLDAP server and I want to authenticate with ZImbra credentials.

Would it be possible for you to send me the zmexternaldirsync stuff

Thanks