Results 1 to 6 of 6

Thread: ldapadd

  1. #1
    aurfalien is offline Senior Member
    Join Date
    Jan 2009
    Posts
    65
    Rep Power
    6

    Default ldapadd

    Hi all majestic users of Zimbra,

    I've an OpenLDAP server setup on Centos with about 65 user entires.

    I need Zimbra to have the same users, can I just ldapadd an ldif file with my entires from my existing LDAP server w/o screwing anything up?

    I noticed Zimbra uses MySQL, whats it for and will it need the user entries as well?

    My ultimate goal would be to have Zimbra get complete info from our existing LDAP db but since Zimbra doesn't truly integrate with an existing dir server and only supports external auth, I need some way of having the Zimbra LDAP get all its user info from my primary LDAP.

    I actually don't mind having 2 separate LDAP dbs as we have an internal web portal that I am building and will fork out requests to both LDAP servers.

    I had already asked support if I could use Zimbra LDAP as a primary auth for workstations but they said NO. My Centos LDAP functions as a workstation login service and Zimbra LDAP will be the mail/calendar/collab service.

    My bosses love the Zimbra calendar or else I woulda chucked Zimbra as who needs the headache of trying to maintain 2 diff LDAP servers.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,483
    Rep Power
    56

    Default

    You'll need to dump the LDAP user entries and then provision them in Zimbra with zmprov (you'll find some scripts in the forums if you search). Do not, under any circumstances, modify the Zimbra LDAP as you may break your system.

    You might also like to review this document: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    Please update your forum profile with the output of the following:

    Code:
    zmcontrol -v
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    aurfalien is offline Senior Member
    Join Date
    Jan 2009
    Posts
    65
    Rep Power
    6

    Default

    Wow, thanks for this awsome info.

    Very much appreciative.

    Can I also ldapadd manually if I include all the fields in an ldif file;

    dn: uid=newuser,ou=people,dc=company,dc=com
    zimbraMailTransport: lmtp:mail.company.com:7025
    zimbraMailDeliveryAddress: newuser@company.com
    givenName: New
    sn: User
    telephoneNumber: 867-5309
    zimbraId: fffccfd3-b9f9-4492-a8cf-06970bbb580d
    zimbraMailStatus: enabled
    mail: newuser@company.com
    displayName: New User
    uid: newuser
    objectClass: organizationalPerson
    objectClass: zimbraAccount
    objectClass: amavisAccount
    cn: New User
    zimbraMailHost: mail.company.com

    My goal is to add users via some PHP using our internal web.

  4. #4
    markfennell is offline New Member
    Join Date
    Mar 2009
    Location
    Georgia
    Posts
    3
    Rep Power
    6

    Default

    I too am VERY interested in the possibility of using ldapadd. However, this
    makes it sound like a bad idea...

    Do not, under any circumstances, modify the Zimbra LDAP as you may break your system.
    Have you made any progress on this?
    I've successfully done some monkeying around such as using ldapmodify to change a user's SN. So I'm inclined to think that as long as you leave the zimbra* attributes alone, ldapmodify is ok. Of course, ldapadd would, by it's nature, touch zimbra* attributes in the directory. Thanks.
    mf

  5. #5
    aurfalien is offline Senior Member
    Join Date
    Jan 2009
    Posts
    65
    Rep Power
    6

    Default

    Hi Mark,

    I tried 2 approaches;

    1 - Make my Zimbra box a Samba domain and an LDAP domain. I followed this article with success;

    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    and

    Zimbra & Samba -- error joining machine to Domain

    2 - Using an external OpenLDAP server and then using a script with some custom mods called zmexternaldirsync.

    What this does is provisions a user(s) in Zimbra that matches a user(s) in your external dir like OpenLDAP, etc...

    I decided on option 2 because i didn't want to worry about a very customized Zimbra install for upgrade purposes down the line.

    Plus, I had to incorporate Drupal LDAP integration which was easier using OpenLDAP as the Drupal modules already exist.

    I can email you the zmexternaldirsync stuff.

    I am very surprised that Zimbra can't really integrate into an external directory. Having to create the user twice is not external directory integration in my opinion.

  6. #6
    wheel is offline Starter Member
    Join Date
    Dec 2011
    Posts
    1
    Rep Power
    3

    Default ldapadd

    Hi,

    I'm doing something similar to what you were doin Mark.

    I have a OpenLDAP server and I want to authenticate with ZImbra credentials.

    Would it be possible for you to send me the zmexternaldirsync stuff

    Thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •