Results 1 to 3 of 3

Thread: Zimbra 8.0.3 NE Pro Auto Provisioning with Active Directory not work properly

Hybrid View

  1. #1
    Join Date
    Mar 2011
    Location
    Turkey
    Posts
    9
    Rep Power
    4

    Unhappy Zimbra 8.0.3 NE Pro Auto Provisioning with Active Directory not work properly

    Hi everybody,
    I have problem second try after starting AUTO PROVISION thread.

    I have lookup the DEBUG logs and see the problem.
    My auto provision config:

    zimbraAutoProvAccountNameMap: sAMAccountName
    zimbraAutoProvAttrMap: cn=displayName
    zimbraAutoProvAttrMap: description=description
    zimbraAutoProvAttrMap: sn=sn
    zimbraAutoProvAttrMap: givenName=givenName
    zimbraAutoProvBatchSize: 20
    zimbraAutoProvLastPolledTimestamp: 20130520141656Z
    zimbraAutoProvLdapAdminBindDn: CN=Administrator,CN=Users,DC=xxx,DC=local
    zimbraAutoProvLdapAdminBindPassword: xxxxxx
    zimbraAutoProvLdapBindDn: %u@%d
    zimbraAutoProvLdapSearchBase: OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local
    zimbraAutoProvLdapSearchFilter: (samAccountName=%u)
    zimbraAutoProvLdapURL: ldap://10.x.x.x:389
    zimbraAutoProvMode: EAGER
    zimbraAutoProvNotificationBody: Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}.
    zimbraAutoProvNotificationFromAddress: xxxxx
    zimbraAutoProvNotificationSubject: New account auto provisioned


    First starting auto provision thread is working properly creating accounts.
    When second try after PoolInterval, nothing to results.

    I have checked DEBUG log and see the problem on filter active directory,
    First filter is:
    2013-05-20 17:19:56,175 DEBUG [AutoProvision] [] ldap - REL_CONN - conn=[4]
    2013-05-20 17:19:56,175 DEBUG [AutoProvision] [] autoprov - lock domain successful
    2013-05-20 17:19:56,176 DEBUG [AutoProvision] [] ldap - GET_CONN - millis=[0], usage=[AUTO_PROVISION_ADMIN_SEARCH], conn=[5], connPool=[ldap://10.x.x.x:389:PLAIN::CN=Administrator,CN=Users,DC=x xx,DC=local(1731288427)]
    2013-05-20 17:19:56,179 DEBUG [AutoProvision] [] ldap - SEARCH - millis=[3], resp=[0 (success)], usage=[AUTO_PROVISION_ADMIN_SEARCH], conn=[5], controls=[Simple Paged Results Control], base=[OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local], filter=[(samAccountName=*)]

    Is working...


    Second try is theese filter changing automatic;
    2013-05-20 17:21:56,212 DEBUG [AutoProvision] [] ldap - REL_CONN - conn=[0]
    2013-05-20 17:21:56,212 DEBUG [AutoProvision] [] autoprov - lock domain successful
    2013-05-20 17:21:56,212 DEBUG [AutoProvision] [] ldap - GET_CONN - millis=[0], usage=[AUTO_PROVISION_ADMIN_SEARCH], conn=[5], connPool=[ldap://10.x.x.x:389:PLAIN::CN=Administrator,CN=Users,DC=x xx,DC=local(1731288427)]
    2013-05-20 17:21:56,216 DEBUG [AutoProvision] [] ldap - SEARCH - millis=[3], resp=[0 (success)], usage=[AUTO_PROVISION_ADMIN_SEARCH], conn=[5], controls=[Simple Paged Results Control], base=[OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local], filter=[(&(samAccountName=*)(createTimestamp>=201305201420 56Z))]
    2013-05-20 17:21:56,216 DEBUG [AutoProvision] [] ldap - REL_CONN - conn=[5]
    2013-05-20 17:21:56,216 DEBUG [AutoProvision] [] autoprov - searched external LDAP source, hit size limit ? false
    2013-05-20 17:21:56,217 INFO [AutoProvision] [] autoprov - 0 external LDAP entries returned as search result

    And nothing...

    When I have going
    zmprov md xxx.com zimbraAutoProvLdapSearchFilter "(something)" and again,
    Write:
    zmprov md xxx.com zimbraAutoProvLdapSearchFilter "(samAccountName=%u)"

    Its work again.


    ldapsearch -h 10.x.x.x -D "CN=Administrator,CN=Users,DC=turkkep,DC=local " -b "OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local" -W -x "(samAccountName=*)"


    Also this ldap search result with filter samAccountName=%u:

    # 333 444, Zimbra, Users, 01_xxx, xxx.local
    dn: CN=333 444,OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    cn: 333 444
    sn: 444
    givenName: 333
    distinguishedName: CN=333 444,OU=Zimbra,OU=Users,OU=01_xxx,DC=xxx,DC=local
    instanceType: 4
    whenCreated: 20130520135312.0Z <<<- Different (creationStamp)
    whenChanged: 20130520135312.0Z
    displayName: 333 444
    uSNCreated: 150100
    uSNChanged: 150105
    name: 333 444
    objectGUID:: 3F9A+fs31kqhM1MR+1DKjw==
    userAccountControl: 512
    badPwdCount: 0
    codePage: 0
    countryCode: 0
    badPasswordTime: 0
    lastLogoff: 0
    lastLogon: 0
    pwdLastSet: 130135315928944856
    primaryGroupID: 513
    objectSid:: AQUAAAAAAAUVAAAAZO6MUndMPFdqcPAZuQQAAA==
    accountExpires: 9223372036854775807
    logonCount: 0
    sAMAccountName: 333.444


    Anyone can help me?

  2. #2
    Join Date
    Mar 2011
    Location
    Massachusetts
    Posts
    11
    Rep Power
    4

    Default

    Hi, we are looking into this also, have you been able to get it to work?

    Thanks Rick

  3. #3
    Join Date
    Jun 2013
    Posts
    9
    Rep Power
    2

    Default

    Quote Originally Posted by RickC View Post
    Hi, we are looking into this also, have you been able to get it to work?

    Thanks Rick
    Take a look at the following bug report from earlier this year: Bug 82789 ? zimbraAutoProvLastPolledTimestamp format breaks EAGER Auto-Provisioning LDAP Filter when using Active Directory

    And these other forums threads:

    http://www.zimbra.com/forums/adminis...-properly.html
    http://www.zimbra.com/forums/adminis...enerclass.html

    They sound related.

    Regards,

    tifkat

Similar Threads

  1. Replies: 9
    Last Post: 07-18-2013, 02:13 PM
  2. Zimbra 8 Auto Provisioning not work properly
    By gruzin in forum Administrators
    Replies: 25
    Last Post: 06-19-2013, 12:07 AM
  3. Zimbra 8 Auto Provisioning not work
    By breno.sobral in forum Administrators
    Replies: 3
    Last Post: 05-10-2013, 08:48 AM
  4. Replies: 0
    Last Post: 12-18-2012, 08:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •