Create LDAP groups in Zimbra
I am new to administering the Zimbra 7 server. I would like to create an LDAP group in which users would be "members" of this group. The Zimbra 7 server was set up by a previous administrator. I do not know much about it.
I have already found our web site for the Zimbra admin console though. I notice that the VMWare icon is displayed on the web admin console page. Furthermore, the main headings on the left side of the admin page are:
Addresses, Configuration, Monitoring, Tools, and Searches
Under Accounts, I can see all of the users on this page. I can create a user here also. But, I cannot create a group.
I have looked though some of the documentation also for administering a Zimbra 7 Server. I had not read everything, just skimmed. I have seen that there might be OpenLDAP also? I cannot find that anywhere either.
Also, I used the Softerra LDAP browser to verify that the LDAP service was working to begin with. It is. I see the users all listed in the LDAP search returned by Softerra. However, I see no groups in the list of users returned in Softerra. The BaseDN, ObjectClass, etc. appear to be correct. This information was given to me also, but it worked in Softerra to return the LDAP search results.
Any idea where I would go to create an LDAP group? ( Sorry for the long post, but usually the next question after a post like this is for a little bit more specific information which I tried to provide already the best I could. )
Thanks, in advance
LDAP Groups cannot be created but distribution lists can be created on Zimbra Server?
For our purposes, we need the group concept. I cannot list the specific reason why as to protect confidentiality. But, in general, we need to use our code to query the LDAP server and then do other things with the groups that are returned to us from the LDAP Server. We have used Softerra as our base comparison with other LDAP Servers. Most of the time with other LDAP Servers like Microsoft Exchange 2007 or Novell Groupwise 2012, we do see both users and groups listed in Softerra after we enter all of the correct LDAP credentials and conduct the LDAP search in Softerra against those LDAP Servers.
Here is an example of how we created a group and added users to it in Microsoft Exchange 2007:
1. Log into Active Directory and Users
2. Click on the plus sign next to the LDAP Server to expand it
3. Click on "Uses" folder
4. Click on symbol for "Create Group"
5. Name the group and click Ok ( I have been leaving the default Group Type of Security selected at this point )
6. In list of groups / users, right click group from step 5 and choose properties
7. Click on "Members"
8. Click "Add"
9. Add users and click Ok
Step 7 is where we would actually be adding the users into the group. That is the key for us.
I was about to post that the above steps are not the same thing as a distribution list in Microsoft Exchange 2007 Server. However, I just now noticed at step 7 above, I saw there was a "General" tab also. On this "General" tab, I saw "Group type". For "Group type", I could choose "Security" or "Distribution". The option of "Distribution" made me think this could be a "Distribution List". So, this made me think that maybe groups are distribution lists in some cases. I don't think that groups are distribution lists in every case though. I know groups are not exactly distribution lists in Exchange or Groupwise. I will need some further investigation for the difference between "Security" and "Distribution" for the Microsoft Exchange 2007 Server also. However, this is a Zimbra forum, so we don't need to worry about that here unless it applies to the Zimbra Server as well.
Anyways, there must be something that identifies a group as a group in the LDAP world. How do we know this? First, we consider the results returned to us when using the Softerra LDAP Browser as being the correct results for an LDAP search ( meaning that we assume that the Softerra LDAP Browser gets it correct every time when LDAP searches are done since it is an actual LDAP Browser ). As long as this is true, then we can check for groups in the list of users / groups that are returned in the LDAP searches we set up using Softerra. If all of that is true, when we do an LDAP search, using Softerra, against the Zimbra Server, we never see groups listed. This also includes when distribution lists have been set up in Zimbra as well. Distribution lists in Zimbra do not display as groups in the LDAP search that is returned to us. Also, distribution lists do not show up as distribution lists in Softerra either. Distribution lists just do not show up in Softerra. So, I am thinking in the LDAP world, that distribution lists are not LDAP type objects. As long as I understand this correctly, distribution lists are just for sending email to large groups of people at the same time. Basically, instead of typing in 100 email addresses every time every time you want to email those 100 people, you can add all of these 100 email addresses to 1 distribution list. Then, you send type in the email address of that 1 distribution list and all 100 people receive the email at their email address that was entered into the distribution list.
While I still have to protect our confidentiality, I will say that sending emails to large groups of users is not what we are trying to do with our code.
So, from looking back at the posts on this thread so far, it looks like LDAP groups cannot be created but distribution lists can be. I'm going with this assumption unless someone can prove that LDAP groups can be created on the Zimbra Server.
Originally Posted by ccelis5215