active directory and a bucket

[preston]

I promise I have read all the posts, and the manual, I am missing something here.

Running VMware version, on server1. MS2000 on server2.

Lets say my email domain is zzz.com, and my active directory domain is yyy.

I configure gal first
activedirectory
ldap://pingable hostname from server1
ldap filter defaults to "AD" and greyed out
Ldap search base dc=zzz, dc=yyy
my zimbra user works

When I test it, I get a fail and a long list of errors, but the first line says "missing 'equals'"

If I go a step further to the "configure authentication" screens, I can actually authenticate. Although inside the gal I can't get it to test successfully or import any users.

Any ideas on what I am doing wrong? Thanks in advance.

[KevinH]

What are the rest of the errors? Zimbra doesn't automatically create the accounts. You still need to create an account in Zimbra so we have a place to hang config/prefs in LDAP.

[preston]

Maybe I am asking it to do something it can't.

If I have 20 user accounts set up on a MS2000 server running ad, no accounts other than admin setup on zimbra.

I configure the GAL setting, will Zimbra import all of my accounts, username password etc?

[Coilcore]

You have to create individual user accounts. You can't just expect them to be made from the fact theres an account in the GAL.

Most of the time you wouldn't want accounts to be automagically made like this because of an entry in LDAP/AD, because what about that 1 user who you don't want using email (that intern or the shady seeming contractor). Plus the GAL will often have non-corporate users and 'psuedo' users (the printer for example).

You could write a script that crawls your GAL and creates accounts.

[preston]

Ah, so now I get it.

Tested it out, the password work off my server but I do have to create the usernames.

Is there a quick and dirty way to import accounts off a passwd file, or if I do an ldap export file and place all the user names in a txt file.

[Coilcore]

You can create accounts using the command line tool 'zmprov'. Its a pretty useful tool.

The basic idea would be to write a script that parses the file (whatever format) for the usernames, and call 'zmprov CreateAccount ${username}' (or 'zmprov ca ${username}') for each user.

[preston]

Coil I am asking a lot here, but is there a sample I could follow. I am not a scripter.

Although if you ever need help with a Cisco Config of any type I could return the favor.

I could pull the name out of either a passwd file or Active Directory, honestly I wouldn't mind knowing how to do both.

VPN, Firewall, Switch, anything in that realm........

[swallac2]

Preston, Check out the admin docs. There is a lot of detail about zmprov in there. I also heard that an automatic user provisioning feature is coming to Zimbra, but I don't knwo a timeline.

[zaf]

I made a quick and dirty script to import users from our own AD domains using the "net" commands on Linux to create a list of users on the Domain, then running the necessary 'zmprov' commands off that list. It's not a real-time sync (runs in a cron), but it does the job.

This creates the necessary Zimbra accounts, and authentication is done by lookups against the AD server

[preston]

Zaf, any chance you could send it to me?

Thats just the kind of thing I am looking for. So far I am only using Zimbra in the VMware appliance. Its doing ok so far, my next phase is I want the mail store to be kept on a NAS appliance outside of the VM. If I can pull that off, it gives me a lot of options.

Thanks in advance for the script, if you ever need some cisco help, let me return the favor, you can find me at allsystemsup.net