Results 1 to 9 of 9

Thread: adPassword extension for ZCS 7/8

  1. #1
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    8

    Default adPassword extension for ZCS 7/8

    For the users of this extension:

    • Let me know how it works
    • Signal every bug/issue
    • Suggest improvements


    Thank you all.
    Antonio

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Should there be a link to this extension?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    8

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by amessina View Post
    Thanks for posting that, I forgot to look in the Gallery.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    8

    Question ADPassword + ADSync

    There are some scripts to obtain a sort of synchronization between Zimbra and Active Directory (ldap).
    They are external script and you have to run manually or via cron job.

    So I've coded an AD->Zimbra user sync mechanism in my new dev release of ADPassword.

    It is started as a parallel thread in the init phase and it runs every XX (milli)seconds to create automatically in Zimbra those AD users (and aliases) not already provisioned.

    From the log file:

    Code:
    2012-11-10 16:44:45,590 INFO  [ADSync] [] sync - AD->Zimbra start syncing
    2012-11-10 16:44:45,846 INFO  [ADSync] [] sync - Creating user: Antonio Messina 'Antonio Messina' <iknow@example.com>
    2012-11-10 16:44:46,015 INFO  [ADSync] [] sync - Creating alias <a.messina@example.com> for user iknow
    2012-11-10 16:44:46,075 INFO  [ADSync] [] sync - Found: 1 total domains, 1 total accounts, 1 total existing domains, 0 total existing accounts
    2012-11-10 16:44:46,075 INFO  [ADSync] [] sync - Created: 1 new users, 1 new aliases
    2012-11-10 16:44:46,075 INFO  [ADSync] [] sync - AD->Zimbra stop syncing
    2012-11-10 16:44:46,075 INFO  [ADSync] [] sync - AD sync sleeping for 300000 milliseconds.
    2012-11-10 16:49:46,076 INFO  [ADSync] [] sync - Zimbra->AD start syncing
    2012-11-10 16:49:46,076 INFO  [ADSync] [] sync - Zimbra->AD stop syncing
    2012-11-10 16:49:46,076 INFO  [ADSync] [] sync - AD sync sleeping for 300000 milliseconds.
    2012-11-10 16:54:46,076 INFO  [ADSync] [] sync - AD->Zimbra start syncing
    2012-11-10 16:54:46,288 INFO  [ADSync] [] sync - Found: 1 total domains, 1 total accounts, 1 total existing domains, 1 total existing accounts
    2012-11-10 16:54:46,289 INFO  [ADSync] [] sync - Created: 0 new users, 0 new aliases
    2012-11-10 16:54:46,289 INFO  [ADSync] [] sync - AD->Zimbra stop syncing
    Any suggestion?

    If anyone is interested I can upload the new release to the Gallery.

    Thanks.
    Antonio

  6. #6
    ccelis5215 is offline Elite Member
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    476
    Rep Power
    4

    Default


    If anyone is interested I can upload the new release to the Gallery.

    Thanks.
    Of course! i've insterested in your advances.

    I have a ZCS already in production with internal authentication planning AD integration.

    ccelis.

  7. #7
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    8

    Default

    Bidirectional sync starts working in my lab in ZCS 7|8 open source edition and it replicates the 8.x NE eager mode auto-provisioning feature.

    I prefer lazy mode, but a custom authentication mechanism is not enough, because the framework verifies the account availability BEFORE the auth phase.

    This is handled by the com.zimbra.cs.service.account.Auth handler, registered by com.zimbra.cs.service.account.AccountService, and that is the reason why the Auth class has been improved in ZCS 8.

    I still haven't found when and where make a call to dispatcher.registerHandler(AccountConstants.AUTH_R EQUEST, new myAuth()), where dispatcher is a com.zimbra.soap.DocumentDispatcher object.

    Any hints?

    Antonio

  8. #8
    amessina's Avatar
    amessina is offline Active Member
    Join Date
    Jun 2007
    Location
    Campobello di Mazara, Italy
    Posts
    38
    Rep Power
    8

    Default

    Maybe Developers is the right place for this thread now
    Antonio

  9. #9
    ayuncordoba is offline Starter Member
    Join Date
    Feb 2013
    Posts
    1
    Rep Power
    2

    Default

    Excuse me if i write again, but i don't know if you read commets in gallery.
    What i put there is:
    I have test your extension, and it's does his job great, but if you have all cobnfigured/prepared as you think would be.

    This is my issues/suggestion/improvements:

    I have zimbra with n domains that have their corresponding active directory user, but this "ADUser" has their account with different name from zimbra account. For ex.: jperez@ayuncordoba.es and in Active Directory this user is JOPD.

    I have provisioned on all user accounts in Zimbra "zimbraAuthLdapExternalDn" of distinguishedName of corresponding Active Directory account, and when i login it's works, but when i try to change user password, zimbra reports on logs that it can't find user in ldap of active directory.

    I have review your code, and I think that this field it's not supported.

    And also all my users are in differents "Organization Units" that depends from one master unit, and your ADPassword don't support this (all users in one OU or it does not work).

    Thanks in advance.


    and also:

    And i forgot to mention also that adpassword send on ldap CN of zimbra display name when it's %u (user name) what it has to send.

    Example:

    If my zimbra account is jperez@ayuncordoba.es, the CN is jperez, not José Pérez Díaz. I have to rename display name of zimbra to match CN of Active Directory.


    Again, thanks in advance.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Blocking Extension
    By maschimidt in forum Administrators
    Replies: 0
    Last Post: 05-29-2012, 03:15 PM
  2. Allow *eml extension without checking
    By pyraxic in forum Administrators
    Replies: 0
    Last Post: 01-04-2012, 05:26 PM
  3. Zimlet or Extension?
    By runreal in forum Administrators
    Replies: 0
    Last Post: 08-25-2010, 01:58 AM
  4. Can you add this MediaWiki extension?
    By Chewie71 in forum /etc
    Replies: 0
    Last Post: 08-22-2008, 09:14 PM
  5. Disclaimers Extension goes 1.0!
    By mmorse in forum Announcements
    Replies: 0
    Last Post: 11-30-2007, 12:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •