Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Zimbra 8 Auto Provisioning not work properly

  1. #11
    gruzin is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    Hello!

    Sorry, You not undestand me...

    In the first run, Auto Provision create mailbox correctly

    Look this:

    Code:
    zimbra@mail:/home/user$ ldapsearch -v -b "ou=test,DC=sp,DC=local" -h pdc.sp.local -D root -W -x "(&(objectClass=user)(mail=*stimul-kd.ru))" | grep sAMAccountName
    ldap_initialize( ldap://pdc.sp.local )
    Enter LDAP Password:
    filter: (&(objectClass=user)(mail=*stimul-kd.ru))
    requesting: All userApplication attributes
    sAMAccountName: test1
    sAMAccountName: test2
    sAMAccountName: test3
    sAMAccountName: test4
    sAMAccountName: test5
    Then...

    Code:
    zimbra@mail:/home/user$ zmprov gd stimul-kd.ru |grep zimbraAutoProv
    zimbraAutoProvAccountNameMap: samAccountName
    zimbraAutoProvAttrMap: sn=sn
    zimbraAutoProvAttrMap: description=description
    zimbraAutoProvBatchSize: 20
    zimbraAutoProvLastPolledTimestamp: 20121205084138Z
    zimbraAutoProvLdapAdminBindDn: cn=root,cn=users,dc=sp,dc=local
    zimbraAutoProvLdapAdminBindPassword: password
    zimbraAutoProvLdapBindDn: %u@%d
    zimbraAutoProvLdapSearchBase: ou=test,dc=sp,dc=local
    zimbraAutoProvLdapSearchFilter: (&(objectClass=user)(mail=*stimul-kd.ru))
    zimbraAutoProvLdapURL: ldap://pdc.sp.local:389
    zimbraAutoProvMode: EAGER
    zimbraAutoProvNotificationBody: Your account has been auto provisioned.  Your email address is ${ACCOUNT_ADDRESS}.
    zimbraAutoProvNotificationFromAddress: admin@stimul-kd.ru
    zimbraAutoProvNotificationSubject: New account auto provisioned
    And...

    Code:
    zimbra@mail:/home/user$ zmprov gs mail.souzprodopt.ru |grep zimbraAutoProv
    zimbraAutoProvPollingInterval: 0
    zimbraAutoProvScheduledDomains: stimul-kd.ru
    
    zimbra@mail:/home/user$ zmlocalconfig -e autoprov_initial_sleep_ms=1000
    zimbra@mail:/home/user$ zmlocalconfig -l
    zimbra@mail:/home/user$ zmprov ms mail.souzprodopt.ru zimbraAutoProvPollingInterval 1m
    Then

    Code:
    2012-12-05 15:40:37,030 INFO  [AutoProvision] [] autoprov - Auto provision thread sleeping for 1000ms before doing work.
    2012-12-05 15:40:38,031 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:40:38,072 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test1@stimul-kd.ru
    2012-12-05 15:40:38,076 INFO  [AutoProvision] [] autoprov - auto provisioned account: test1@stimul-kd.ru
    2012-12-05 15:40:38,191 INFO  [AutoProvision] [] autoprov - auto provision notification sent rcpt='test1@stimul-kd.ru' Message-ID=<602067351.7.1354696838082.JavaMail.root@mail.souzprodopt.ru>
    2012-12-05 15:40:38,191 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test2@stimul-kd.ru
    2012-12-05 15:40:38,193 INFO  [AutoProvision] [] autoprov - auto provisioned account: test2@stimul-kd.ru
    2012-12-05 15:40:38,270 INFO  [AutoProvision] [] autoprov - auto provision notification sent rcpt='test2@stimul-kd.ru' Message-ID=<1506758376.9.1354696838197.JavaMail.root@mail.souzprodopt.ru>
    2012-12-05 15:40:38,270 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test3@stimul-kd.ru
    2012-12-05 15:40:38,272 INFO  [AutoProvision] [] autoprov - auto provisioned account: test3@stimul-kd.ru
    2012-12-05 15:40:38,347 INFO  [AutoProvision] [] autoprov - auto provision notification sent rcpt='test3@stimul-kd.ru' Message-ID=<4283836.11.1354696838275.JavaMail.root@mail.souzprodopt.ru>
    2012-12-05 15:40:38,347 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test4@stimul-kd.ru
    2012-12-05 15:40:38,350 INFO  [AutoProvision] [] autoprov - auto provisioned account: test4@stimul-kd.ru
    2012-12-05 15:40:38,434 INFO  [AutoProvision] [] autoprov - auto provision notification sent rcpt='test4@stimul-kd.ru' Message-ID=<525968097.13.1354696838353.JavaMail.root@mail.souzprodopt.ru>
    2012-12-05 15:40:38,434 INFO  [AutoProvision] [] autoprov - auto creating account in EAGER mode: test5@stimul-kd.ru
    2012-12-05 15:40:38,437 INFO  [AutoProvision] [] autoprov - auto provisioned account: test5@stimul-kd.ru
    2012-12-05 15:40:38,546 INFO  [AutoProvision] [] autoprov - auto provision notification sent rcpt='test5@stimul-kd.ru' Message-ID=<1188963122.15.1354696838441.JavaMail.root@mail.souzprodopt.ru>
    2012-12-05 15:41:38,553 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    This is correctly working, yes?

    Then I create a new user account test6

    zimbra@mail:~/log$ ldapsearch -v -b "ou=test,DC=sp,DC=local" -h pdc.sp.local -D root -W -x "(&(objectClass=user)(mail=*stimul-kd.ru))" | grep sAMAccountName
    ldap_initialize( ldap://pdc.sp.local )
    Enter LDAP Password:
    filter: (&(objectClass=user)(mail=*stimul-kd.ru))
    requesting: All userApplication attributes
    sAMAccountName: test1
    sAMAccountName: test2
    sAMAccountName: test3
    sAMAccountName: test4
    sAMAccountName: test5
    sAMAccountName: test6
    And...nothing, not create a new mailbox for user test6

    Code:
    2012-12-05 15:41:38,553 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:42:38,561 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:43:38,567 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:44:38,575 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:45:38,582 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:46:38,590 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:47:38,596 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:48:38,602 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:49:38,610 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:50:38,616 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:51:38,622 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:52:38,630 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:53:38,636 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:54:38,642 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:55:38,650 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:56:38,658 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:57:38,667 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:58:38,673 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:59:38,679 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 16:00:38,685 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 16:01:38,691 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 16:02:38,697 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 16:03:38,704 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    You try to add a new user, you will create a mailbox, or I do not understand the principle of auto provision mode EAGER?

  2. #12
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    You're not using EAGER mode correctly.
    EAGER mode is meant to be used once (create all accounts once) or scheduled.

    Out of the documentation:
    EAGER mode - ZCS polls the external directory for accounts to auto provision. You configure how often the external directory is polled for new users, the maximum number of users to process at each interval, and which domains are scheduled for account auto provision on which servers.
    If you want the users to be created "on the flow" (ie created on AD then the ZCS account is created when the user logs in), you need to use LAZY mode.

  3. #13
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    7

    Default

    Hi

    Quote Originally Posted by gruzin View Post
    Sorry, You not undestand me...
    It happens!

    This is correctly working, yes?
    Yes it is. Some weren't reported in your first post.

    You try to add a new user, you will create a mailbox, or I do not understand the principle of auto provision mode EAGER?
    Correct.

    Again, I'm doing the same here, starting with 8 test accounts as reported by:

    Code:
    [zimbra@zimbra8 ~]$ zmprov cta iknowconsulting.it
    cos name             cos id                                   # of accounts
    -------------------- ---------------------------------------- --------------------
    default              e00428a1-0c00-11d9-836a-000d93afea2a     8
    the same in LDAP:
    Code:
    [zimbra@zimbra8 ~]$ ldapsearch -h w2008 -D "cn=Administrator,cn=users,dc=iknowconsulting,dc=it" -b "cn=users,dc=iknowconsulting,dc=it" -W "(&(objectClass=user)(userPrincipalName=*iknowconsulting.it))" |grep sAMAccountName|wc -l
    Enter LDAP Password:
    8
    Create a new user:
    Code:
    [zimbra@zimbra8 ~]$ ldapsearch -h w2008 -D "cn=Administrator,cn=users,dc=iknowconsulting,dc=it" -b "cn=users,dc=iknowconsulting,dc=it" -W "(&(objectClass=user)(userPrincipalName=*iknowconsulting.it))" |grep sAMAccountName
    Enter LDAP Password:
    sAMAccountName: iknow
    sAMAccountName: prova
    sAMAccountName: prova1
    sAMAccountName: prova2
    sAMAccountName: prova3
    sAMAccountName: prova4
    sAMAccountName: prova5
    sAMAccountName: prova6
    sAMAccountName: testeager
    Start autoprovision:
    Code:
    [zimbra@zimbra8 ~]$ zmprov ms zimbra8.iknowconsulting.it zimbraAutoProvPollingInterval 1m
    And surprise...

    Code:
    [zimbra@zimbra8 ~]$ tail -f log/mailbox.log|grep AutoProvision
    2012-12-05 13:16:26,064 INFO  [AutoProvision] [] autoprov - Auto provision thread sleeping for 1000ms before doing work.
    2012-12-05 13:16:27,083 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    2012-12-05 13:17:27,139 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    2012-12-05 13:18:27,160 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    2012-12-05 13:19:27,170 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    2012-12-05 13:20:27,180 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    2012-12-05 13:21:27,190 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    It doesn't work
    Antonio

  4. #14
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    7

    Default

    Quote Originally Posted by Klug View Post
    You're not using EAGER mode correctly.
    EAGER mode is meant to be used once (create all accounts once) or scheduled.
    I don't agree.

    In EAGER mode we all expect automatic provision of users, including the new created over time, at the intervals and with the maximum number specified.

    Why polling periodically the external directory for new users if they will never be autoprovisioned?
    Antonio

  5. #15
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    Considering what I read, it seems gruzin is not waiting for the scheduled launch of the EAGER provisioning to happen (nor launching it by hand).

    He's excepting LAZY mode to happen: create the account in AD and immediately connect to ZCS (without waiting for the scheduled provisioning).

  6. #16
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    7

    Default

    Nope, he's just excepting EAGER mode auto provisioning.

    The difference between LAZY and EAGER is clear and noone has tried to do a login with an unprovisioned "test" account.

    The launch of the thread was already scheduled and it was running.

    His log (and mine) is self-explanatory and reports only the subsequent runs of AutoProvision thread.

    A line like this
    Code:
    2012-12-05 13:20:27,180 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain iknowconsulting.it
    is printed by the handleScheduledDomains(LdapProv prov, EagerAutoProvisionScheduler scheduler) method of com.zimbra.cs.account.ldap.AutoProvisionEager class, subclass of com.zimbra.cs.account.ldap.AutoProvision:

    Code:
    ...
    ZimbraLog.autoprov.info("Auto provisioning accounts on domain %s", domainName);
    AutoProvisionEager autoProv = new AutoProvisionEager(prov, domain, scheduler);
    autoProv.handleBatch(zlc);
    ...
    where zlc is a ZLdapContext.

    The handleBatch method simply check for a lock for the interested domain and then calls the createAccountBatch method.

    The relevant part of that method is:
    Code:
    private void createAccountBatch() throws ServiceException {
        long polledAt = System.currentTimeMillis();
        List<ExternalEntry> entries = new ArrayList<ExternalEntry>();
        boolean hitSizeLimitExceededException = searchAccounts(entries, domain.getAutoProvBatchSize());
        ZimbraLog.autoprov.info("%d external LDAP entries returned as search result", entries.size());
        int stuckAcctNum = 0;
        for (ExternalEntry entry : entries) {
        ... 
        }
        ...
    }
    The real problem is in the searchAccounts method:
    Code:
    searchAccounts(final List<ExternalEntry> entries, int batchSize)
    where the argument entries is declared final. Doing so results in not being able to reassign it in the body of the method and the user list remains the same.

    IMHO
    Antonio

  7. #17
    gruzin is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    Quote Originally Posted by Klug View Post
    Considering what I read, it seems gruzin is not waiting for the scheduled launch of the EAGER provisioning to happen (nor launching it by hand).

    He's excepting LAZY mode to happen: create the account in AD and immediately connect to ZCS (without waiting for the scheduled provisioning).
    Hi!

    No, I create settings the scheduled launch of the EAGER provisioning!

    Look this:

    Code:
    zimbra@mail:/home/user$ zmprov ms mail.souzprodopt.ru zimbraAutoProvPollingInterval 1m
    and

    Code:
    2012-12-05 15:41:38,553 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:42:38,561 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:43:38,567 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:44:38,575 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:45:38,582 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:46:38,590 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:47:38,596 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    2012-12-05 15:48:38,602 INFO  [AutoProvision] [] autoprov - Auto provisioning accounts on domain stimul-kd.ru
    LAZY Mode work properly, but i need more experience to work with LDAP Filter

  8. #18
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    7

    Default

    Quote Originally Posted by gruzin View Post
    LAZY Mode work properly, but i need more experience to work with LDAP Filter
    Maybe But I think it's not the real issue here
    Antonio

  9. #19
    gruzin is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    Quote Originally Posted by amessina View Post
    Maybe But I think it's not the real issue here
    Yes I hope that this bug will be fixed or we'll understand how exactly the EAGER mode auto provisioning is working.

  10. #20
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    7

    Default

    Antonio

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra 8.0 Auto Provisioning help
    By frankchavez in forum Administrators
    Replies: 5
    Last Post: 04-27-2013, 03:02 AM
  2. nedd help with zimbra 8.0 Configure Lazy Mode Auto-Provisioning
    By bahram741413 in forum Administrators
    Replies: 2
    Last Post: 04-01-2013, 01:44 AM
  3. Auto-provisioning calendar data/shared calendars
    By Rich Graves in forum Administrators
    Replies: 18
    Last Post: 07-23-2009, 11:02 AM
  4. Mail filters do not work properly
    By c.bossola in forum General Questions
    Replies: 2
    Last Post: 07-10-2009, 05:20 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •