Active Directory Script to import users to Zimbra

[sgros]

I've checked your web and there is only the class used for Zimbra Admin, but not the script you refer on you post. Would it be possible for you to share it with us ?

Regards,

I just placed the script on my Web site.

[mocart]

Please, help me, what is it:

Code:

root@mail:~# ./user.sh
Quering ADS... Found 51 users (/tmp/users_ads_772811882.lst)
Quering ZCS... ERROR: service.INVALID_REQUEST (invalid request: can only be used with  "zmprov -l/--ldap")
Found 0 users (/tmp/users_zcs_772811882.lst)
Generating diff file (/tmp/users_dif_772811882.lst)
New users: 0
Old users: 0
root@mail:~#

cat script.sh

Code:

LDAPSEARCH=/usr/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/

...

Code:

# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

then i replace
$ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
to
$ZMPROV -l $DOMAIN_NAME > $ZCS_TMP

so script is works, but give me this message:

Code:

root@mail:~# ./user.sh
Quering ADS... Found 51 users (/tmp/users_ads_935551324.lst)
Quering ZCS... Found 37 users (/tmp/users_zcs_935551324.lst)
Generating diff file (/tmp/users_dif_935551324.lst)
New users: 0
Old users: 0
root@mail:~#

[julyusito]

The AD is windows 2008, I change the parameteres in both scripts but this is the errors

./ad_sync.py
{'info': '00002024: LdapErr: DSID-0C060597, comment: No other operations may be performed on the connection while a bind is outstanding., data 0, v1db0', 'desc': 'Server is busy'}

Somebody Please help

[sgros]

The AD is windows 2008, I change the parameteres in both scripts but this is the errors

./ad_sync.py
{'info': '00002024: LdapErr: DSID-0C060597, comment: No other operations may be performed on the connection while a bind is outstanding., data 0, v1db0', 'desc': 'Server is busy'}

Somebody Please help

Have you used google to find what could be the error? Quick try leaded me to the following thread:

Using LDAP Groups With Subversion's Authz File | ThoughtSpark.org

look there for the comment by Burn (Thu, 08/27/2009 - 19:24). It seems that a delay should be added after the bind because bind is performed asynchronousy. Can you try to do that? Also, DSID value isn't the same, but I don't know what that is, the code 00002024 seems to be important.

[julyusito]

Thanks for your quickly response...

Sorry my friend, I'm not python programer
could add sleep sentence after the l.simple_bind?

Thanks

[julyusito]

Hey my friend I make this changes for your script and it run without errors:

l.simple_bind for l.simple_bind_s

These changes affect the script, or is better add the sleep sentence

Thanks

[sgros]

Hey my friend I make this changes for your script and it run without errors:

l.simple_bind for l.simple_bind_s

These changes affect the script, or is better add the sleep sentence

Thanks

I'm glad you solved it.

Anyway, it is better to add simple_bind_s because it invokes synchronous bind which waits exactly the time it requires to perform the bind operation. If you use sleep you have to be conservative with the sleep value (otherwise the error will occur again), but this will be too long, and in the and the script will need more time than necessary.

[DruGoeDeLo]

#!/bin/bash

#AD domain and Zimbra Domain(s)
Domain="YOUR.AD.DOMAIN" # DNS Name or IP of Active Directory
ADDOMAIN="ZIMBRA_DOMAIN" # if zimbra have some other domain like (zuza.com, ziza.com, ugauga,com)

#Values
LDAPSEARCH=/opt/zimbra/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
DOMAIN_NAME="email i WONT create ex (domain zuza.com)"
TIMESTAMP=`date +%N`
TMP_DIR=/tmp
ADS_TMP=$TMP_DIR/users_ads_$TIMESTAMP.lst
ZCS_TMP=$TMP_DIR/users_zcs_$TIMESTAMP.lst
DIF_TMP=$TMP_DIR/users_dif_$TIMESTAMP.lst

# Server values
LDAP_SERVER="ldap://YOUR.AD.DOMAIN"
BASEDN="dc=YOUR,dc=AD,dc=DOMAIN"
BINDDN="CN=123,CN=users,DC=YOUR,DC=AD,DC=DOMAIN"
BINDPW="123456789" #user password 123
FILTER="(mail=*)"
FIELDS="mail"

# Extract users from ADS
echo -n "Extract emails from AD... "
$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | \
grep "@$DOMAIN_NAME" | \
awk '{print $2}' | \
sort > $ADS_TMP
echo "Found `cat $ADS_TMP | wc -l` users ($ADS_TMP)"

# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV -l gaa $DOMAIN_NAME | sort > $ZCS_TMP
echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

# Generate diff
echo "Generating diff file ($DIF_TMP)"
diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP

# Clean up users list
rm -f $ADS_TMP $ZCS_TMP

# Import new users
echo -n "New users: "
cat $DIF_TMP | grep ^+ | wc -l
for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
do
echo -n " - Adding $i ";
searchValues=`ldapsearch -x -h $Domain -b $BASEDN -D $BINDDN -w $BINDPW -LLL "(mail=$i)" sAMAccountName`
Username=`echo $searchValues | grep -w sAMAccountName: | awk '{split ($0, a, "sAMAccountName:"); print a[2]}' | awk '{print $1}'` # get the username
printf "Creating User $Username \n";
$ZMPROV ca $i passwd > /dev/null;
$ZMPROV aaa $i $Username"@"$ADDOMAIN; # Account Alias based apon there sAMAccountName
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done

# Delete old users
echo -n "Old users: "
cat $DIF_TMP | grep ^- | wc -l
for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);
do
echo -n " - Deleting $i ";
$ZMPROV deleteAccount $i > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done

# Clean up diff list
rm -f $DIF_TMP

################################################## ##
This scrip sinhronise zimbra and AD.

Main account Zimbra=email in AD
account that i log in zimbra (in fact to log I use ALIAS) = sAMAccountName in AD
password in zimbra auth = password in AD auth

My zimbra version
Zcs-6.0.10_GA_2692.UBUNTU10_64
My OS
Ubuntu
################################################## ##

My script consists of two. 2-nd and 3-rd

P.S. Have a Nice Day and GL. Hello from russia.
парни вот вам жалую скрипт работает 100 процентов. если что пиши объясню.

[DruGoeDeLo]

Code:

# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

in fact i think the mystake is here
try thees

$ZMPROV -l gaa $DOMAIN_NAME | sort > $ZSC_TMP

[cocasal]

Hello all,
I have 2 questions, first, what is the last version/state of this great script?
Second, does it works with an OpenLDAP domain?

Thanks