[SOLVED] SOAP Provisioning leads to bad LDAP

[java_macchiato]

I've run into a strange problem and I'm not quite sure where to look to solve it. We've created an external provisioning system that sends SOAP messages to Zimbra to create new accounts. These SOAP messages are exactly like the ones the web-based admin generates. This allows us to have a central provisioning server that does a bunch of other tasks while creating the Zimbra accounts for us.

This all works great with one exception. Somehow the UID of the user does not get set in LDAP. Accounts that I provision by hand (through the admin interface) have an entry in ldap that looks like

Code:

dn: uid=test1,ou=people,dc=testtest,dc=com
zimbraMailTransport: lmtp:xxx.xxx.com:7025
zimbraMailDeliveryAddress: test1@testtest.com
givenName: test1
sn: surname
zimbraMailStatus: enabled
zimbraId: 113187d8-e415-47a9-bda4-93d419baa2db
mail: test1@testtest.com
displayName: test1 surname
uid: test1
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
cn: test1 surname
zimbraMailHost: xxx.xxx.com

The ones I create via SOAP look similar:

Code:

dn: uid=test1,ou=people,dc=testtest,dc=com
zimbraMailTransport: lmtp:xxx.xxx.com:7025
zimbraMailDeliveryAddress: test1@testtest.com
zimbraMailStatus: enabled
zimbraId: 113187d8-e415-47a9-bda4-93d419baa2db
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
zimbraMailHost: xxx.xxx.com

Notice that a bunch of items including UID are missing from LDAP. This makes external LDAP lookups from our edge spam device not work.

What is odd about this is that the two SOAP messages sent to Zimbra are the same. What am I missing that creates the exta LDAP settings in one case but not the other?

FWIW Zimbra itself works fine without those extra values.

[bdial]

all these fields like givenname, surname, etc.. are fields you usually have to give it. like hwen you do it via command line with zmprov you specify displayName and what not. perhaps you need to explicitely set the uid in your soap query?

[java_macchiato]

The UID is not being passed in via the SOAP message, but many of the other fields are. The mystery is why the apparently same SOAP message sent via the web admin interface causes Zimbra to configure LDAP differently than if I "spoof" the message and send it from my provisioning system. I believe Zimbra should create the UID as I don't specify a UID when I create the account in the admin interface.

[java_macchiato]

Just in case anyone comes across this, apparently there are two lines in the SOAP header that are important:

Code:

<userAgent xmlns="" name="ZimbraWebClient - FF3.0 (Win)"/>
<format xmlns="" type="js"/>

If you don't include those everything seems to work, but the LDAP records do not get created properly. If you do, everything works great. *shrug*