Master OpenLDAP on different server

[mrdebian]

Hello all,

I've got an implementation like described below:

Masterldap --> OpenLDAP --> Running HTTP/HTTPS/FTP
SlaveLDAP --> OpenLDAP --> Running Email Services (POP3/POP3S/IMAP/IMAPS/Webmail-HTTP/HTTPS)

Entries from master are auto synced on slave. I want to migrate initially the email server (slaveldap) to a different data center on a more powerful server due to have performance issues on existing server. At the moment when a new user is been added IT staff needs to manually create /home/username and chown that folder on slaveldap server, that'all.

I'm a little bit confused about how Zimbra works in terms of LDAP. Can I use my masterldap for authentication and just add the accounts manually on Zimbra each time a new user is been added?
If I delete a user from my masterldap would that be removed as well or it needs to be deleted manually?

Thanks in advance

[Krishopper]

Since Zimbra has its own LDAP server inside of it for its config/directory/authentication services, when I answer this I assume "Masterldap" and "SlaveLDAP" are LDAP servers that are NOT part of the LDAP server within Zimbra.

If you point Zimbra to an external LDAP server, you still have to create the users within Zimbra on your own (or through a script) - there is no auto-provisioning built in yet.
That being said, you would also need to manually delete the user as well.

[mrdebian]

Thanks a lot for the reply.
Is there a documentation about how to make an import of the users with some sort of default settings for everyone?
I'm asking this as I've got at the moment 1200+ users and creating each one will take ages.

Thanks

Since Zimbra has its own LDAP server inside of it for its config/directory/authentication services, when I answer this I assume "Masterldap" and "SlaveLDAP" are LDAP servers that are NOT part of the LDAP server within Zimbra.

If you point Zimbra to an external LDAP server, you still have to create the users within Zimbra on your own (or through a script) - there is no auto-provisioning built in yet.
That being said, you would also need to manually delete the user as well.

[mmorse]

zmexternaldirsync (previously called zimbrasynctool) can do that one way provision (can even put it in a cron). You have to grab it and the directions doc from bug 14772 (or latest available in the source at ZimbraServer/src/bin/zmexternaldirsync with example configs under ZimbraServer/conf/externaldirsync)

Note: Use the above at your own risk/take a backup, it's not completely hassle free yet. The proper RFE to vote for is Bug 7235 - Auto Provision New Accounts with External LDAP (aimed at both auto-creation and auto-removal)

[Krishopper]

There is also the Bulk Provisioning wiki page with good info.

[mrdebian]

I've managed to transfer all accounts using the wiki details related with imapsync (used to have squirrelmail+postfix). All I need now is how to auto create users when I'm adding a new entry or deleting in my master ldap server.

Did anyone had any success on this?

Many thanks for the replies.