Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Zimbra ldap structure

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-03-2011, 05:00 AM
Special Member
  
Posts: 146
Default Zimbra ldap structure
I have a extensive structure in my external LDAP.
To synchronize passwords using a script between the LDAP (internal to external) I must have exactly the same structure everywhere in my LDAP servers.

Do not be a problem if I create an internal LDAP Zimbra (ou = people) further tree structure (for example: ou = people, ou = whatever)?

It works fine (for the manual modification of the internal Zimbra LDAP and restart server - move user from ou=people to ou=product,ou=people)). But I want to make sure that all of these accounts will be okay.
__________________
# ZCS 7.1.3 SLES11 SP1
Last edited by soba@ukw.edu.pl; 10-03-2011 at 05:06 AM..
Reply With Quote
  #2 (permalink)  
Old 10-04-2011, 06:40 PM
Zimbra Employee
  
Posts: 604
Default
Moving data within the Zimbra directory server will inevitably break ZCS and even if you get it to work it may break future upgrades . We'd highly recommend modifying the ZCS directory structure.
__________________
Bugzilla - Wiki - Downloads - Before posting... Search!
Reply With Quote
  #3 (permalink)  
Old 10-05-2011, 03:44 AM
Special Member
  
Posts: 146
Default
I must have hierarchical structure in my LDAP. how can I do this safely? If the internal structure and external LDAP will not be the same, it does not make the password change ...
__________________
# ZCS 7.1.3 SLES11 SP1
Reply With Quote
  #4 (permalink)  
Old 10-05-2011, 04:00 AM
Special Member
  
Posts: 146
Default
We use official password script migration from internal to external LDAP:
++++++++++++
ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "cn=config" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}" \
"(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d \"-${TIME} sec\"`)" userPassword | \
sed -e '/ou=people,dc=ukw,dc=edu,dc=pl$/achangetype: modify\nreplace: userPassword'| \
ldapmodify -x -H "${EXTERNAL_LDAP}" -D "${EXTERNAL_LDAP_BINDDN}" -w "${EXTERNAL_LDAP_PASSWD}"
+++++++++++++++++++++++++++++++

Our external LDAP looks like this (example):

ou=people, dc=domain,dc=edu,dc=pl
(standard staff)
ou=ciscovpn1, ou=people, dc=domain,dc=edu,dc=pl
(staff with vpn permisssion)
ou=specialaccess, ou=ciscovpn1, ou=people, dc=domain,dc=edu,dc=pl
(staff with special vpn permisssion)


We must have the same LDAP structure in Zimbra, because the password change script don't will be work correctly..

I use 'advanced' ldap structure in my Zimbra since year. I updated Zimbra from 7.x to 7.1.1 and 7.1.2 and 7.1.3 - all works fine (after changge Zimbra ldap structure we must restart ZCS, because some ldap info are collectible in NSCD)...


P.s

Many users has large LDAP structure ...

There are two simple solutions:

Or Zimbra will implement the ability to change passwords for outside accounts (external LDAP auth),

or accept the possibility of having a complex structure with ldap for future update.
__________________
# ZCS 7.1.3 SLES11 SP1
Last edited by soba@ukw.edu.pl; 10-05-2011 at 04:32 AM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.