Results 1 to 4 of 4

Thread: Zimbra ldap structure

  1. #1
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    4

    Default Zimbra ldap structure

    I have a extensive structure in my external LDAP.
    To synchronize passwords using a script between the LDAP (internal to external) I must have exactly the same structure everywhere in my LDAP servers.

    Do not be a problem if I create an internal LDAP Zimbra (ou = people) further tree structure (for example: ou = people, ou = whatever)?

    It works fine (for the manual modification of the internal Zimbra LDAP and restart server - move user from ou=people to ou=product,ou=people)). But I want to make sure that all of these accounts will be okay.
    Last edited by soba@ukw.edu.pl; 10-03-2011 at 05:06 AM.
    # ZCS 7.1.3 SLES11 SP1

  2. #2
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    Moving data within the Zimbra directory server will inevitably break ZCS and even if you get it to work it may break future upgrades . We'd highly recommend modifying the ZCS directory structure.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    4

    Default

    I must have hierarchical structure in my LDAP. how can I do this safely? If the internal structure and external LDAP will not be the same, it does not make the password change ...
    # ZCS 7.1.3 SLES11 SP1

  4. #4
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    4

    Default

    We use official password script migration from internal to external LDAP:
    ++++++++++++
    ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "cn=config" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}" \
    "(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d \"-${TIME} sec\"`)" userPassword | \
    sed -e '/ou=people,dc=ukw,dc=edu,dc=pl$/achangetype: modify\nreplace: userPassword'| \
    ldapmodify -x -H "${EXTERNAL_LDAP}" -D "${EXTERNAL_LDAP_BINDDN}" -w "${EXTERNAL_LDAP_PASSWD}"
    +++++++++++++++++++++++++++++++

    Our external LDAP looks like this (example):

    ou=people, dc=domain,dc=edu,dc=pl
    (standard staff)
    ou=ciscovpn1, ou=people, dc=domain,dc=edu,dc=pl
    (staff with vpn permisssion)
    ou=specialaccess, ou=ciscovpn1, ou=people, dc=domain,dc=edu,dc=pl
    (staff with special vpn permisssion)


    We must have the same LDAP structure in Zimbra, because the password change script don't will be work correctly..

    I use 'advanced' ldap structure in my Zimbra since year. I updated Zimbra from 7.x to 7.1.1 and 7.1.2 and 7.1.3 - all works fine (after changge Zimbra ldap structure we must restart ZCS, because some ldap info are collectible in NSCD)...


    P.s

    Many users has large LDAP structure ...

    There are two simple solutions:

    Or Zimbra will implement the ability to change passwords for outside accounts (external LDAP auth),

    or accept the possibility of having a complex structure with ldap for future update.
    Last edited by soba@ukw.edu.pl; 10-05-2011 at 04:32 AM.
    # ZCS 7.1.3 SLES11 SP1

Similar Threads

  1. ZCS7 Beta only Listens on IPv6
    By tobru in forum Installation
    Replies: 2
    Last Post: 03-25-2011, 03:31 AM
  2. Replies: 12
    Last Post: 03-23-2011, 09:39 PM
  3. fatal: parameter "smtpd_recipient_restrictions"
    By Robin in forum Administrators
    Replies: 8
    Last Post: 12-22-2010, 04:48 AM
  4. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 01:00 AM
  5. Replies: 8
    Last Post: 02-27-2007, 03:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •