Results 1 to 4 of 4

Thread: group bulk provisioning - ldap sync

  1. #1
    Join Date
    Dec 2006
    Location
    Paris
    Posts
    78
    Rep Power
    8

    Default group bulk provisioning - ldap sync

    Hello,

    I have to create sync several zimbra groups from our ldap server.

    Right now, I use a script that deletes each group, recreates it, and adds each user in a loop.

    This is very slow. Is there a better way ?

    Thanks in advance,
    Artturi
    Artturi

  2. #2
    Join Date
    Dec 2006
    Location
    Paris
    Posts
    78
    Rep Power
    8

    Default

    I found a post on that topic and got the solution : populate a text file with zmprov arguments and call zmprov only once. This speeds up a lot !

    To improve the relevance of this topic, here's the script that keeps zimbra groups in sync with some ldap groups.

    Code:
    #!/usr/bin/python -d
    import sys
    import ldap
    import time
    sys.path.append('../lib')
    import ldaplib
    import os
    
    l = ldaplib.myconnect("ldaphost")
    
    retrieveAttributes = [ "cn", "description", "uniquemember" ]
    
    groups = open("/tmp/groups.cmd", "w")
    members = open("/tmp/members.cmd", "w")
    
    for ou in ['ou=groups' ]:
        for regexp in [ 'students*', 'teachers*' ]:
            searchFilter = "(&(objectclass=groupofuniquenames)(cn=" + regexp + "))"
    
            ldap_result_id = l.search( ou + ",dc=your,dc=ldap,dc=basedn", ldap.SCOPE_SUBTREE, searchFilter, retrieveAttributes)
    
            while 1:
                result_type, result_data = l.result(ldap_result_id, 0)
                if (result_data == []):
                    break
                else:
                    if result_type == ldap.RES_SEARCH_ENTRY:
                        if result_data[0][1].has_key('cn') == True:
                            cn = result_data[0][1]['cn'][0]
                groups.write("ddl " + cn + "@domain\n")
                groups.write("cdl " + cn + "@domain\n")
                            print cn
                        if result_data[0][1].has_key('uniquemember') == True:
                            print result_data[0][1]['uniquemember']
                            for uniquemember in result_data[0][1]['uniquemember']:
                                member = uniquemember[4:].split(',')[0]
                    members.write("adlm " + cn +"@domain " + member +"@domain\n")
                                print member
    
    members.close()
    groups.close()
    
    os.system("su - zimbra -c 'zmprov < /tmp/groups.cmd'")
    os.system("su - zimbra -c 'zmprov < /tmp/members.cmd'")
    Regards,
    Last edited by Artturi; 09-22-2007 at 12:53 PM.
    Artturi

  3. #3
    Join Date
    Dec 2006
    Location
    Paris
    Posts
    78
    Rep Power
    8

    Default

    Quick note to say that this script is actually wrong because it keeps groups in sync by deleting old ones and creating new ones.

    This is bad because each group has an id that is used as reference for shares. Old and New groups share the name but not the id :-(

    I'll look at this script to fix that but it seems that I have to delete each member the one after the other. Will be quite slow...
    Artturi

  4. #4
    Join Date
    May 2007
    Location
    Los Angeles, CA
    Posts
    31
    Rep Power
    8

    Default

    I'll look at this script to fix that but it seems that I have to delete each member the one after the other.
    You should also be able to have your script do the following:
    1) "zmprov gdl", reading the results into an "old group" data structure
    2) ldap query for the same group, reading the results into a parallel "new group" data structure
    3) Walk the data structures, generating zmprov adlm and rdlm commands into a file for where they mismatch.

    I'm not a python person, but I'll see what I can do by way of example...

Similar Threads

  1. Hangs on "Loading" screen
    By gbr in forum General Questions
    Replies: 16
    Last Post: 06-19-2008, 01:01 PM
  2. [SOLVED] URGENT: Tomcat Not Starting On Reboot
    By AlexanderH in forum Administrators
    Replies: 19
    Last Post: 08-22-2007, 12:42 PM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  4. Zimbra + Samba LDAP auth problems
    By fajarpri in forum Installation
    Replies: 3
    Last Post: 07-04-2007, 11:39 PM
  5. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •