Auto-povision accounts

[eng_ak]

Hi,

I just installed zimbra & integrated it with Fedora-Directory-Server (FDS). It works great. Only problem is, the part about having to provision an account *manually* after creating it in FDS!!
I mean, the whole point of FDS is centralized management. I was wondering, why is it so difficult for Zimbra to 'auto-provision' an account if it authenticates successfuly over ldap! Other groupware suites has these features.
Is there anyway (even if not staright-forward) to get this going?

Thanks

[KevinH]

What we've done with other LDAP deployments is just scripting a import from the other LDAP, then use a lastchanged or createdate and a cron job to auto-add new entries. zmprov command line tool makes this easy.

The auto-provision is a good idea and is in bugzilla. You can vote for it here:

http://bugzilla.zimbra.com/show_bug.cgi?id=7235

[eng_ak]

Ok, thanks for the reply. I really wish this feature gets implemented.

In the mean time, What would happen if I re-zmprov an account?? I'm just thinking about zmprov'ing all user accounts every 30 minutes (just to simplify my script, I have no idea what you mean about 'lastchanged' attributes)

On the other hand, if you can post any sample cron-job script, it would be really helpful

Thanks

[KevinH]

I'd probably error. Almost all LDAP directories have the idea of last change or create date. So you can query with ldapsearch just for new accounts. Calling zmprov for accounts that already exists seems like a waste of resources.

Don't have any scripts to post. They are written by our PS group for specfic Network customers. The basic idea is do an LDAP search for *new* accounts and zmprov them.

[eng_ak]

ok .. thanks for the prompt reply BTW You rock

One last thing ... Would the cleanest solution be, to use my FDS as the main directory server for Zimbra as well?? (after I transfer all needed schemas ... etc)

Would this work, and be recommended?

Thanks again

[daniellawson]

One last thing ... Would the cleanest solution be, to use my FDS as the main directory server for Zimbra as well?? (after I transfer all needed schemas ... etc)

Would this work, and be recommended?

From what I've seen, this isn't the best way to do this. You can configure Zimbra to use an external GAL and external LDAP authentication, and point both of these at your FDS server.

This is the cleanest approach, and works the best in terms of tying other systems in (eg, samba authentication via the same LDAP tree). Having tried it the other way, I wouldn't bother going ahead with it.