Active Directory (ADS) import
Hi Community,
the last few days I passed around with getting Zimbra synced to Actice Directory. Now I just got it.
I modified a script of Eduardo Gonzalez (special thanks for the script) to import also some values like givenName or telephoneNumber. You can find the original script here:
http://www.zimbra.com/forums/adminis...rs-zimbra.html
Now I just want to share my script with you:
Code:
#!/bin/bash
# zsync_ad.sh is a script thant syncs AD users and Zimbra users
# It is unidirectional, just replicates changes from AD to ZCS
# Developed on by Eduardo Gonzalez <egrueda at gmail dot com>
# Testing version 0.6 - Use at your own risk
# Edited by B. Pletschacher
LDAPSEARCH=/usr/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
DOMAIN_NAME="example.com"
TIMESTAMP=`date +%N`
TMP_DIR=/tmp
ADS_TMP=$TMP_DIR/users_ads_$TIMESTAMP.lst
ZCS_TMP=$TMP_DIR/users_zcs_$TIMESTAMP.lst
DIF_TMP=$TMP_DIR/users_dif_$TIMESTAMP.lst
# Server values
LDAP_SERVER="ldap://111.1.1.150"
BASEDN="dc=example,dc=com"
BINDDN="CN=username,DC=example,DC=com"
BINDPW="secret"
FILTER="(&(sAMAccountName=*)(objectClass=user)(givenName=*))"
FIELDS="mail"
LDAPCOMPLETE="$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW" #Do not change
# Extract users from ADS
echo -n "Quering ADS... "
$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | \
grep "@$DOMAIN_NAME" | \
awk '{print $2}' | \
sort > $ADS_TMP
echo "Found `cat $ADS_TMP | wc -l` users ($ADS_TMP)"
# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV -l gaa > $ZCS_TMP
echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"
#Compare the users_ads.lst and users_zcs.lst list to make an import
Z_USER="cat $ZCS_TMP"
A_USER="cat $ADS_TMP"
count=1
for i in `$A_USER`;
do
Name="`sed -n "$count p" $ADS_TMP`"
Exist="`$Z_USER | grep $Name`"
if [ "$Exist" = "" ]; then
echo -e "\033[49;5;31m$Name does not exist\033[49;0;30m"
echo $Name >> $DIF_TMP
echo -e "\033[49;0;31mwrote $Name to sync-list\033[49;0;30m"
else
echo -e "\033[49;0;32m$Exist already exists\033[49;0;30m"
fi
count=$((count+1))
done
echo "" >> $DIF_TMP #If file does not exist, create it
# Clean up users list
rm -f $ADS_TMP $ZCS_TMP
# Import new users
echo -n "New users: "
cat $DIF_TMP
if [ "`cat $DIF_TMP`" = "" ]; then
echo "none"
fi
for i in $(cat $DIF_TMP);
do
echo -n " - Adding $i ";
$ZMPROV createAccount $i passwd > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done
#Modify new users
echo -e "Modifying new users \033[49;5;31m-in progress-\033[49;0;30m"
for i in $(cat $DIF_TMP);
do
#To write options from LDAP to zimbra just copy and paste a $ZMPROV line and change the values after $i, "mail=$i" and grep
$ZMPROV modifyAccount $i cn "`$LDAPCOMPLETE "mail=$i" cn | grep cn: | awk '{printf "%s %s \n",$2,$3}'`" ;
$ZMPROV modifyAccount $i displayName "`$LDAPCOMPLETE "mail=$i" cn | grep cn: | awk '{printf "%s %s \n",$2,$3}'`" ;
$ZMPROV modifyAccount $i gn "`$LDAPCOMPLETE "mail=$i" givenName | grep givenName: | awk '{printf "%s %s \n",$2,$3}'`" ;
$ZMPROV modifyAccount $i sn "`$LDAPCOMPLETE "mail=$i" sn | grep sn: | awk '{printf "%s %s \n",$2,$3}'`" ;
$ZMPROV modifyAccount $i telephoneNumber "`$LDAPCOMPLETE "mail=$i" telephoneNumber | grep telephoneNumber: | awk '{printf "%s %s \n",$2,$3}'`" ;
#To get an output on command-line copy a echo `$LDAPCOMPLETE line and change the values after "mail=$i" and grep
echo $i;
echo `$LDAPCOMPLETE "mail=$i" cn | grep cn: | awk '{printf "%s %s \n",$2,$3}'`;
echo `$LDAPCOMPLETE "mail=$i" cn | grep cn: | awk '{printf "%s %s \n",$2,$3}'`;
echo `$LDAPCOMPLETE "mail=$i" givenName | grep givenName: | awk '{printf "%s %s \n",$2,$3}'`;
echo `$LDAPCOMPLETE "mail=$i" sn | grep sn: | awk '{printf "%s %s \n",$2,$3}'`;
echo `$LDAPCOMPLETE "mail=$i" telephoneNumber | grep telephoneNumber: | awk '{printf "%s %s \n",$2,$3}'`;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done
echo -e "\033[49;0;32mDone\033[49;0;30m"
# Clean up diff list
rm -f $DIF_TMP
