Page 4 of 4 FirstFirst ... 234
Results 31 to 36 of 36

Thread: Active Directory Script to import users to Zimbra

  1. #31
    Join Date
    Feb 2011
    Posts
    4
    Rep Power
    0

    Default

    Quote Originally Posted by cocasal View Post
    Hello all,
    I have 2 questions, first, what is the last version/state of this great script?
    Second, does it works with an OpenLDAP domain?

    Thanks
    Hi there.
    Last and stable version of my script i plase here Zimbra+LDAP | www.ossportal.ru
    but there is only russian text. But if you anderstand how it work i thnik it would be yase to understand what that script do .
    in two words:

    in AD you have
    samaccountname vasia
    mail dudik@mail.com

    in Zimbra after the script you have
    login vasia@mail.com
    alias dudik@mail.com

    that what you have before and after.

    And i think it whil be works and in OPENLDATP.
    because OPLDAP have the same comands.

    P.S. have a nice day. G.L.
    Last edited by DruGoeDeLo; 03-23-2011 at 11:43 PM.

  2. #32
    Join Date
    Jul 2011
    Posts
    1
    Rep Power
    4

    Default perl script import users AD

    Первоисточник
    OpenNET:
    корректно переносит русские имена в zimbra

    import group
    Code:
    #!/usr/bin/perl
    use Net::LDAP;
    use Net::LDAP::Control::Sort;
    use Net::LDAP::Constant qw(LDAP_CONTROL_SORTRESULT);
    #AD
    my $domain="mail_domain.com";
    my $AD_server="xxx.xxx.xxx.xxx";
    my $AD_user="user_ad\@ad_domain.local";
    my $AD_pass="user_ad_passwd";
    my $AD_base="dc=ad_domain,dc=local";
    #Zimbra
    my $LDAP_server="yyy.yyy.yyy.yyy";
    my $LDAP_user="uid=admin_zimbra,cn=admins,cn=zimbra";
    my $LDAP_pass="admin_zimbra_passwd";
    my $LDAP_base="dc=mail_domain,dc=com";
    
    #use utf8;
    my %LDAP=(),%AD=();
    open(PIPE,'|/opt/zimbra/bin/zmprov -l');
    
    sub PrintMembers
    {
        my $dn = @_[0];
        my $group_mail = @_[1];
    #    print "dn=$dn   group_mail=$group_mail\n";
        my $type="user";
    
        my $ldap = Net::LDAP->new($AD_server);
        $ldap->bind($AD_user, password=>$AD_pass);
    
        my $sortc = Net::LDAP::Control->new( LDAP_CONTROL_SORTREQUEST,
           order => 'name');
    
        my $mesg = $ldap->search(filter=>"(distinguishedName=$dn)",
        base=>$AD_base,control => ['name'] ,control => [ $sortc ],
        attrs=> ['objectClass','name','distinguishedName','member','mail'] );
    
        @entries = $mesg->entries;
    
        foreach $entry (@entries) {
            my $member=$entry->get_value(member);
            my $objectClass=$entry->get_value(objectClass);
            my $name=$entry->get_value(name);
            my $mail=$entry->get_value(mail);
    #       print "name=$name\n\n";
            foreach my $vals ($entry->get_value(objectClass))
            {
               if ("$vals" eq "group")
               {
                  $type="group";
               }
            }
    
            if ("$type" eq "group") # если группа распечатать всех
            {
                foreach my $vals ($entry->get_value(member))
                {
                    PrintMembers($vals,"$group_mail");
                }
            }
            else  { #иначе вывести только имена
                if (length($mail)>0) {
    #               print "$group_mail member --  $mail \n";
                    $AD{$group_mail}{$mail} = $mail;
                }
            }
        }
        $ldap->unbind();
        return $i;
    
    }
    
    my $ldap = Net::LDAP->new($AD_server);
    $ldap->bind($AD_user, password=>$AD_pass);
    
    my $mesg = $ldap->search(filter=>"(&(objectClass=group)(mail=*\@$domain))",
        base=>$AD_base,
        attrs=> ['member','name','distinguishedName','mail'] );
    
    my    @entries = $mesg->entries;
    
    foreach $entry (@entries) {
            my $group_mail=$entry->get_value(mail);
            my $dn=  $entry->get_value(distinguishedName);
            my $name=$entry->get_value(name);
    #        print "--------GROUP  $group_mail-------\n";
    
            PrintMembers($dn,"$group_mail");
    }
    
    #это просто файл куда пишутся комманды которые выполнились в zmpro для отладки
    open (FILE, ">commands.list");
    
    print "\n--------ZIMBRA groups--------\n";
    
    $ldap = Net::LDAP->new($LDAP_server);
    $ldap->bind($LDAP_user, password=>$LDAP_pass);
    
    $mesg = $ldap->search(filter=>"(objectClass=zimbraDistributionList)",
            base=>$LDAP_base,
            attrs=> ['mail', 'cn','zimbraMailForwardingAddress'] );
    
    my $name,$sn,$mail,$department,$company,$sAMAccountName;
    @entries = $mesg->entries;
    foreach $entry (@entries) {
            $cn=$entry->get_value(cn);
            $group_mail=$entry->get_value(mail);
            @members=$entry->get_value(zimbraMailForwardingAddress);
            #delete empty groups
            if ($#members==-1) {
                print FILE "ddl $group_mail\n";
                print PIPE "ddl $group_mail\n";
            }
            else {
                foreach $mail (@members) {
                    $LDAP{$group_mail}{$mail} = $mail;
    #               print FILE "LDAP___$group_mail  $mail\n";
                }
            }
    }
    
    #print "-------Удаляем одинаковые значения\n";
    
    while(my ($k,$v)=each(%AD)) {
        while(my ($k2,$v2)=each(%{$AD{$k}})) {
            #print "$k $k2\n";
            if (defined ($LDAP{$k})) {
                if (defined ($LDAP{$k}{$k2})) {
                    delete $LDAP{$k}{$k2};
                    delete $AD{$k}{$k2};
                }
            }
        }
    }
    
    #print "------ Удаляем группы которых нету в АД";
    while(my ($k,$v)=each(%LDAP)) {
    #    print "\n$k $k2\n";
        if (!(defined ($AD{$k}))) {
                print FILE "ddl $k\n";
                print PIPE "ddl $k\n";
        }
        else {
            while(my ($k2,$v2)=each(%{$LDAP{$k}})) {
                print FILE "rdlm $k $k2\n";
                print PIPE "rdlm $k $k2\n";
            }
        }
    }
    
    while(my ($k,$v)=each(%AD)) {
        print FILE "cdl $k\n";
        print PIPE "cdl $k\n";
        while(my ($k2,$v2)=each(%{$AD{$k}})) {
            print FILE "adlm $k $k2\n";
            print PIPE "adlm $k $k2\n";
        }
    }
    close(FILE);
    close(PIPE);
    import users
    Code:
    #!/usr/bin/perl
    use Net::LDAP;
    use utf8;
    use Encode;
    
    
    #my @domains=("domain1.ru","domain2.net","domain.su");
    my @domains=("mail_domain.com");
    my $domain="";
    my $zmprov="/opt/zimbra/bin/zmprov -l";
    #AD
    my $AD_server="xxx.xxx.xxx.xxx";
    my $AD_user="user_ad\@ad_domain.local";
    my $AD_pass="user_ad_passwd";
    my $AD_base="dc=ad_domain,dc=local";
    #Zimbra
    my $LDAP_server="yyy.yyy.yyy.yyy";
    my $LDAP_user="uid=admin_zimbra,cn=admins,cn=zimbra";
    my $LDAP_pass="admin_zimbra_passwd";
    
    my $LDAP_base="";
    my $LDAP_ad_base="";
    my @LDAP_bases;#=("dc=mail_domain,dc=com");
    
    my %LDAP=(),%AD=();
    
    #генерим на основе списка доменов список для поиска и список баз
    for ($i=0;$i<=$#domains;$i++)  {
        $AD_search=$AD_search."(mail=*\@@domains[$i])";
        my @temp=split(/\./,@domains[$i]);
        for ($j=0;$j<=$#temp;$j++)  {
            if (length(@LDAP_bases[$i])==0) {
                @LDAP_bases[$i]="dc=@temp[$j]";
            }else {
                @LDAP_bases[$i]=@LDAP_bases[$i].",dc=@temp[$j]";
            }
        }
    }
    $AD_search="(|$AD_search)";
    
    print "AD_search=$AD_search\n";
    print "LDAP_bases=\"@LDAP_bases\"\n";
    my %LDAP=(),%AD=();
    
    #----------AD
    $ldap = Net::LDAP->new($AD_server);
    $ldap->bind($AD_user, password=>$AD_pass);
    
    $mesg = $ldap->search(filter=>"(&(objectclass=user)$AD_search(!(userAccountControl:1.2.840.113556.1.4.803:=2)))",
            base=>$AD_base,
            attrs=> ['sAMAccountName','displayName','sn', 'givenname', 'initials','department','description','userAccountControl','mail','company','telephoneNumber']);
    
    
    @entries = $mesg->entries;
    foreach $entry (@entries) {
    
    my $name,$sn,$mail,$department,$company,$sAMAccountName;
                $id=$entry->get_value(sAMAccountName);
                $id=lc($id);
                $displayName=$entry->get_value(displayName);
                $sn=$entry->get_value(sn);
    #       print "--$sn\n";
                $givenname=$entry->get_value(givenname);
                $initials=$entry->get_value(initials);
                $department=$entry->get_value(department);
                $description=$entry->get_value(description);
                $userAccountControl=$entry->get_value(userAccountControl);
                $mail=$entry->get_value(mail);
                $mail=lc($mail);
    
                $telephoneNumber=$entry->get_value(telephoneNumber);
                $company=$entry->get_value(company);
                $disabled=false;
                if (length($mail)>0)   {
    #               print "AD MAIL=$mail\n";
    #               $i=index($mail,"\@");
                    $domain=substr($mail,index($mail,"\@")+1);
                    $AD{$id}{domain} = $domain;
                    $AD{$id}{mail} = $mail;
    
                }
    
                if (length($displayName)>0)   {
                    $AD{$id}{displayName} = $displayName;
                }
                if (length($sn)>0)   {
                    $AD{$id}{sn} = $sn;
                }
                if (length($givenname)>0)   {
                    $AD{$id}{givenname} = $givenname;
                }
                if (length($initials)>0)   {
                    $AD{$id}{initials} = $initials;
                }
                if (length($description)>0)   {
                    $AD{$id}{description} = $description;
                }
                if (length($disabled)>0)   {
                    $AD{$id}{disabled} = $disabled;
                }
                if (length($telephoneNumber)>0) {
                    $AD{$id}{telephoneNumber} = $telephoneNumber;
                }
                if (length($company)>0) {
                    $AD{$id}{company} = $company;
                }
    }
    
    
    #---------- zimbra ldap
    
    print "\nZIMBRA\n";
    $ldap2 = Net::LDAP->new($LDAP_server);
    $ldap2->bind($LDAP_user, password=>$LDAP_pass);
    
    #прогоняем все почтовые домены
    
    for ($i=0;$i<=$#LDAP_bases;$i++)  {
    
    $mesg = $ldap2->search(filter=>"(&(objectClass=zimbraAccount)(!(userPassword=*))(!(zimbraCalResType=*)))",
            base=>@LDAP_bases[$i],
            attrs=> ['uid', 'displayName','sn','givenname','sn','mail','initials','description','zimbraPrefFromAddress','zimbraMailDeliveryAddress','zimbraAccountStatus','telephoneNumber','company'] );
    
    
    my $id='',$displayName='',$sn='',$givenname='',$initials='',$department='',$description='',$disabled='',$mail='';
    @entries = $mesg->entries;
    foreach $entry (@entries) {
        $id=$entry->get_value(uid);
        if (($id ne "admin")&&($id ne "admin")&&($id ne "wiki")&&($id ne "ham.e3_qx4qs")&&($id ne "spam.p1vityb7")&&($id ne "galsync"))  {
            $displayName=$entry->get_value(displayName);
            $sn=$entry->get_value(sn);
    #        print "$sn\n";
            $givenname=$entry->get_value(givenname);
            $sn=$entry->get_value(sn);
            $initials=$entry->get_value(initials);
            $description=$entry->get_value(description);
            $telephoneNumber=$entry->get_value(telephoneNumber);
            $company=$entry->get_value(company);
            $status=$entry->get_value(zimbraAccountStatus);
    
            if (defined ($AD{$id})) {
                if ("$status" ne "active")
                {
    #               print "$id status=active\n";
                    $status="active";
                }
                else{
                    $status="";
                }
            }
            else {
                if ("$status" eq "active")
                {
    #               print "$id status=locked\n";
                    $status="locked";
                }
                else{
                    $status="";
                }
            }
    
    
    #получаем адрес алисаса
           $mail=$entry->get_value(zimbraPrefFromAddress);
           #если нетуу алиаса берём основной адрес
            if (length($mail)==0)
            {
               $mail=$entry->get_value(zimbraMailDeliveryAddress);
            }
    
            $domain=substr($mail,index($mail,"\@")+1);
            $LDAP{$id}{domain_} = $domain;
    
    
            if (length($displayName)>0) {
                $LDAP{$id}{displayName} = $displayName;
            }
            if (length($sn)) {
                $LDAP{$id}{sn} = $sn;
            }
            if (length($givenname)>0) {
                $LDAP{$id}{givenname} = $givenname;
            }
            if (length($initials)>0) {
                $LDAP{$id}{initials} = $initials;
            }
            if (length($description)>0) {
                $LDAP{$id}{description} = $description;
            }
            if (length($telephoneNumber)>0) {
                $LDAP{$id}{telephoneNumber} = $telephoneNumber;
            }
            if (length($company)>0) {
                $LDAP{$id}{company} = $company;
            }
            if (length($mail)>0) {
                $LDAP{$id}{mail} = $mail;
    #           print "ZIMBRA MAIL=$mail\n";
            }
            if (length($status)>0) {
                $AD{$id}{status} = $status;
            }
        }
    
    }
    
    }
    
    
    #print ("\n===AD==\n");
    
    my $id='',$displayName='',$sn='',$givenname='',$initials='',$department='',$description='',$disabled='',$mail='';
    
    print "-удаляем одинаковые и несовпадающие с ад поля\n";
    my $k2,$v2;
    while(my ($k,$v)=each(%AD)) {
    #Юзер уже есть
         print "проверяем $k $v\n";
         if (defined ($LDAP{$k})) {
             while(($k2,$v2)=each(%{$AD{$k}})) {
                print "$k2 # $v2\n";
                print "LDAP=$LDAP{$k}{$k2}    AD=$AD{$k}{$k2}\n";
                if ($LDAP{$k}{$k2} ne $AD{$k}{$k2}) {
                    delete $LDAP{$k}{$k2};
                    print "удалено значение не соответсвующее АД значение\n";
    
                }
                else  {
                    print "Удалены идентичные значения\n";
                    delete $AD{$k}{$k2};
                    delete $LDAP{$k}{$k2};
                }
    
            }
        }
    }
    
    
    my $create;
    my $attr_st;
    my $alias_st;
    open (FILE, ">commands.list");
    # !!!!! временно
    
    while(my ($k,$v)=each(%AD)) {
        $create=0;
        $attr_st="";
        $alias_st="";
        $from_st="";
        if (!(defined ($LDAP{$k})))  {
            $create=1;
        }
    #    print "обновляем данные юзера\n";
        while(my ($k2,$v2)=each(%{$AD{$k}})) {
    #        print "K==$k --> $k2:$v2\n";
            if ($k2 eq "mail") {
            $m=substr($v2,-(length($v2)-index($v2,"\@")-1));
                if ("$k" ne "$m" ) {
                    $alias_st=$v2;
                }
            }
            if ($k2 eq "displayName") {
                $attr_st="$attr_st displayName \"$v2\"";
            }
            if ($k2 eq "sn") {
                $attr_st="$attr_st sn \"$v2\"";
            }
            if ($k2 eq "givenname") {
                $attr_st="$attr_st givenname \"$v2\"";
            }
            if ($k2 eq "initials") {
                $attr_st="$attr_st initials \"$v2\"";
            }
            if ($k2 eq "description") {
                $attr_st="$attr_st description \"$v2\"";
            }
            if ($k2 eq "sn") {
                $attr_st="$attr_st sn \"$v2\"";
            }
            if ($k2 eq "status") {
    #           print "$k zimbraAccountStatus \"$v2\"\n";
                $attr_st="$attr_st zimbraAccountStatus \"$v2\"";
            }
            if ($k2 eq "telephoneNumber") {
    #           print "$k telephoneNumber \"$v2\"\n";
                $attr_st="$attr_st telephoneNumber \"$v2\"";
            }
            if ($k2 eq "company") {
    #           print "$k company \"$v2\"\n";
                $attr_st="$attr_st company \"$v2\"";
            }
        }
    
    #    print "username=$k\n";
    #    print "create=$create\n";
    #    print "attr_st=$attr_st\n";
    #    print "alias_st=$alias_st\n";
    #    print "-------------------\n\n";
    
    
    #    print "\n\n\n\n\n";
    #    print "AD domain $k= $AD{$k}{domain}\n";
    #    print "LDAP domain $k= $LDAP{$k}{domain_}\n";
        if (length($AD{$k}{domain})>0)
        {
            $domain=$AD{$k}{domain}
        }else {
            $domain=$LDAP{$k}{domain_};
        }
    
        if ($create==1) {
            print FILE "ca $k\@$domain '' $attr_st\n";
    
        }
        else  {
            if (length($attr_st)>0)
            {
                print FILE "ma $k\@$domain $attr_st\n";
            }
        }
    
        if (length($alias_st)>0) {
            print FILE "aaa $k\@$domain $alias_st\n";
        }
        if (length($alias_st)>0) {
            print FILE "ma $k\@$domain  zimbraPrefFromAddress $alias_st\n";
        }
    
    }
    close(FILE);
    
    system "/opt/zimbra/bin/zmprov -f commands.list"
    [EDIT} For those that don't read Russian:

    original
    OpenNET:
    Russian names correctly moves in zimbra
    Last edited by phoenix; 02-01-2012 at 12:57 AM. Reason: Added translation

  3. #33
    Join Date
    Aug 2012
    Posts
    4
    Rep Power
    3

    Default

    HI there,

    I just tried your script and gave me this error:

    Quering ZCS... ERROR: service.INVALID_REQUEST (invalid request: can only be used with "zmprov -l/--ldap")

    What can i do?

  4. #34
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by camaya2 View Post
    I just tried your script and gave me this error:

    Quering ZCS... ERROR: service.INVALID_REQUEST (invalid request: can only be used with "zmprov -l/--ldap")

    What can i do?
    Modify the script to follw the instructions in the error message.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #35
    Join Date
    Aug 2012
    Posts
    4
    Rep Power
    3

    Default

    Thank Bill,

    I change that parameter, apparently work but another error came up ldap_bind: Can't contact LDAP server (-1),
    but the credential i set, are from a domain admin.

    ???

  6. #36
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. zimbra opesource Backup Script Problem!
    By tashi in forum Administrators
    Replies: 4
    Last Post: 03-31-2009, 12:49 AM
  2. zimbra install with perpetually broken logger/stats
    By jptech in forum Installation
    Replies: 8
    Last Post: 09-29-2008, 03:33 PM
  3. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 12:39 PM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 01:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •