Results 1 to 3 of 3

Thread: How-To: Syncronizing distribution lists and AD groups

Threaded View

  1. #1
    Join Date
    Jul 2013
    Posts
    5
    Rep Power
    2

    Default How-To: Syncronizing distribution lists and AD groups

    Hello everyone.

    I wanted to have some of my distributions lists synced with a couple Active Directory groups.

    After a lot of looking around I ended up coding my own solution for that in python.

    Hopefully it can be of use to some of you.

    Code:
    #!/usr/bin/python
    # coding=UTF-8
    '''
    The script will compare the user list from an AD group with the members from a distribution list
    If the user is on AD and not on the list, it will add it to the list
    If the user is on the list but not on AD, it will remove it from the list
    Tested on Zimbra FOSS 8.0.4
    '''
    # list dic
    # 'distribution list name':'group name on AD'
    lists = {'support': 'Helpdesk', 'comercial': 'Comercial', 'it':'IT'}
    
    # base SCOPE
    scope = 'cn=Users,dc=mydomain,dc=lan'
    
    # search domain
    domain = "mydomain.lan"
    
    # AD server
    ldapserver="server-001"
    
    # connection port
    port="389"
    
    # users domain on zimbra
    emaildomain="mydomain.lan"
    
    # AD bind account domain
    ldapbinddomain="mydomain"
    
    # AD bind account
    ldapbind="zimbra"
    
    # AD bind account password
    ldappassword="zimbra123"
    
    # path to zmprov
    pathtozmprov="/opt/zimbra/bin/zmprov"
    
    #--------------------------------------------------------------------------------------------------
    import ldap, string, os, sys
    
    for list, departament in lists.iteritems():
      # lets get all members of the department
      f = os.popen(pathtozmprov +' gdlm '+ list + '@' + emaildomain +' | egrep -v "^$" | grep -v members | grep -v "#"')
      member_list = []
      member_list = f.readlines()
      res2=[]
    
      l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
      l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword)
      try:
        res = l.search_s(scope, ldap.SCOPE_SUBTREE, "(&(objectClass=user)(memberOf=cn="+departament+",cn=Users,dc=mydomain,dc=lan))", ['sAMAccountName'])
        
        # check if all AD group members are in the list, if they are not there, add them
        print '\nVerifying list ' + list +'@'+ emaildomain
        for (dn, vals) in res:
          accountname = vals['sAMAccountName'][0].lower()
          accountname = accountname + "@" + emaildomain
    
          if accountname +"\n" not in member_list:
            print 'adding '+accountname+ ' to '+ list+'@'+emaildomain
            os.system(pathtozmprov +' adlm %s@%s %s' % (list,emaildomain,accountname))
    
          res2.append(accountname)
    
        # check if all list members are on the AD group, if they are not there, remove them from the list
        for value in member_list:
          accountname=value.rstrip('\n')
          if accountname not in res2:
            print 'removing '+accountname+ ' from '+ list+'@'+emaildomain
            os.system(pathtozmprov +' rdlm %s@%s %s' % (list,emaildomain,accountname))
    
      except ldap.LDAPError, error_message:
        print error_message
      l.unbind_s()

    I also didnt really like the way AD provisioning works, so I made a script for that too (provision from AD/block on zimbra accounts blocked on AD, keep attributes synced), I might post it sometime later

    Cheers!
    Last edited by Argais; 07-30-2013 at 12:08 PM.

Similar Threads

  1. Replies: 2
    Last Post: 05-17-2013, 06:04 AM
  2. Colaborative groups through distribution lists?
    By ecobrazim in forum Administrators
    Replies: 2
    Last Post: 08-25-2011, 03:40 PM
  3. Replies: 1
    Last Post: 05-25-2011, 07:27 AM
  4. How to use existing LDAP groups for distribution lists
    By b.smith in forum Administrators
    Replies: 1
    Last Post: 08-13-2010, 11:28 AM
  5. Search for groups/distribution lists?
    By Rich Graves in forum Users
    Replies: 0
    Last Post: 03-12-2008, 01:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •