Results 1 to 8 of 8

Thread: Users in AD and OpenLDAP

  1. #1
    gribbler is offline Intermediate Member
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    9

    Default Users in AD and OpenLDAP

    I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?

  2. #2
    gribbler is offline Intermediate Member
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    9

    Default Is that correct?

    Quote Originally Posted by gribbler
    I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?

    Is that correct that user accounts need to be in both the AD and the OpenLDAP?

  3. #3
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default Yes, but it's not so bad...

    It is necessary to create the users in ldap, but you don't have to use the web UI.

    You can create users from the command line with zmprov:
    zmprov ca etc...

    So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.

    So you'll have a file with zmprov commands on the lines:

    ca user@domain.com passwd1
    ca user2@domain.com passwd2

    Then -
    zmprov < filename will bulk provision.

  4. #4
    gribbler is offline Intermediate Member
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    9

    Default How does this relate to AD?

    Quote Originally Posted by marcmac
    It is necessary to create the users in ldap, but you don't have to use the web UI.

    You can create users from the command line with zmprov:
    zmprov ca etc...

    So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.

    So you'll have a file with zmprov commands on the lines:

    ca user@domain.com passwd1
    ca user2@domain.com passwd2

    Then -
    zmprov < filename will bulk provision.
    Then whats the point of using AD? I was hoping to pul a username and password out of the AD...

  5. #5
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default AD for authentication

    You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.

  6. #6
    gribbler is offline Intermediate Member
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    9

    Default and then...

    Quote Originally Posted by marcmac
    You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.
    Does it use the AD password? Do I need to set one in the LDAP DB?

  7. #7
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default Ad

    Yes, we auth with the password set in AD, so you don't have to set one in LDAP - except, I think there's a bug that requires a password be set in order to create the account, so you can set it to anything at account creation, and the AD password will be used.

  8. #8
    gribbler is offline Intermediate Member
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    9

    Default Thanks.

    Much appreciated. Now at least I feel like I've got a grasp on everything. Well. Sort of. you know.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •