Results 1 to 7 of 7

Thread: Integrating with Active Directory

  1. #1
    Join Date
    Sep 2007
    Posts
    8
    Rep Power
    8

    Question Integrating with Active Directory

    hi there

    i have just integrated an Active Directory account in Zimbra but i wanna know one thing,

    how do i sync the AD users with Zimbra users automatically or do i need to do it manually..

    Thanks and Regards,

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    You will need to script it manually.

  3. #3
    Join Date
    Sep 2007
    Posts
    8
    Rep Power
    8

    Lightbulb

    Thanks but can you guide me to any script or piece of code.

    I will be very thankful to you.

    Thanks and Regards.

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Which will be your source Zimbra or AD ?

  5. #5
    Join Date
    Sep 2007
    Posts
    8
    Rep Power
    8

    Lightbulb

    Ok, i need all my 'active directory' users to be created in 'zimbra', i think in that case the source will be 'AD' ?

    Every time i create a user in 'AD', it will be created in 'zimbra' automatically.

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Well there are two ways you could do this :-

    1) Extract you AD users and compare to list of ZCS users
    2) Use PHP and AdLDAP to create the AD users; and if you search the forums for PHP there are some classes for creating users in ZCS

  7. #7
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    6

    Default

    I recently dug up this post, which seems to do exactly what you need. It's a python script and here's the code:

    Code:
    #!/usr/bin/python
    
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation; GPLv3
    #      
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #              
    # To obtain a copy of the GNU General Public License, write to the Free Software Foundation,
    # Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
    #
    #--------------------------------------------------------------------------------------------------
    # Notes:
    # This script automatically creates zimbra accounts from active directory, the actrive directory account must have
    # the employeeType=STUDENT attributed set. If accounts are in the 'banned' active directory group then the
    # account will automatically be locked when the script is run, and unlocked if they are no longer in the AD 
    # banned group                       
    #--------------------------------------------------------------------------------------------------
    
    # Variables can be changed here:
    banned =  'CN=Banned,CN=Users,DC=college,DC=internal'
    # an OU for banned users
    scope   = 'ou=OU,dc=college,dc=internal'
    #the search scope
    domain = "domain.college.internal" # "example.com"
    ldapserver="server1"
    #ldap server
    port="389" 
    #ldap port (389 default)
    emaildomain="zimbra.school.sch.uk"
    #the email domain
    ldapbinddomain="DOMAIN"
    #the domain of the ldap bind account
    ldapbind="ldapusername"
    #the account name of the account to bind to ldap
    ldappassword="password"
    #the ldap password
    pathtozmprov="/opt/zimbra/bin/zmprov"
    #--------------------------------------------------------------------------------------------------
    import ldap, string, os, time, sys
    
    #output the list of all accounts from zmprov gaa (get all accounts)
    f = os.popen(pathtozmprov +' gaa')
    zmprovgaa= []
    zmprovgaa = f.readlines()
               
    l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port) 
    l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword) #bind to the ldap server using name/password 
    
    try:
        res = l.search_s(scope, 
        ldap.SCOPE_SUBTREE, "(&(ObjectCategory=user) (userAccountControl=512)(employeeType=STUDENT))", ['sAMAccountName','givenName','sn','memberOf'])
    #userAccountControl  512 = normal , 514 = disabled account
        for (dn, vals) in res:
          accountname = vals['sAMAccountName'][0].lower()
          try:
            sirname = vals['sn'][0].lower()
          except: 
            sirname = vals['sAMAccountName'][0].lower()
          try:
            givenname = vals['givenName'][0]          
          except:
            givenname = vals['sAMAccountName'][0].lower()
          try:
            groups = vals['memberOf']
          except:
            groups = 'none'
          initial = givenname[:1].upper()
          sirname = sirname.replace(' ', '')
          sirname = sirname.replace('\'', '')
          sirname = sirname.replace('-', '')
          sirname = sirname.capitalize()
          name = initial + "." + sirname
          accountname = accountname + "@" + emaildomain
          password = "  \'\' "
          sys.stdout.flush()
          
          # if the account doesn't exist in the output of zmprov gaa create the account
          if accountname +"\n" not in zmprovgaa:
            
            print  accountname," exists in active directory but not in zimbra, the  account is being created\n"
            time.sleep(1)
            os.system(pathtozmprov +' ca %s %s displayName %s' % (accountname,password,name))  
    
    
          # if the account is in the group 'banned' check to see if account already locked
          if banned in groups:
            zmprovga = os.popen(pathtozmprov + ' ga %s' % (accountname))
            ga= []
            ga = zmprovga.readlines()
            locked = "zimbraAccountStatus: locked\n"
            if locked not in ga: #if account not locked then lock it
              print accountname, " has been BANNED from the internet. The email account has been locked "
              os.system(pathtozmprov + ' ma %s zimbraAccountStatus locked' % (accountname))
              time.sleep(1)
            else:
              print accountname, " has a locked email account because they are in the 'banned' group"
           
           #set any accounts to 'active' if they are not in the banned group and the account is currently locked
          else:
            zmprovga = os.popen(pathtozmprov + ' ga %s' % (accountname))
            ga= []
            ga = zmprovga.readlines()
            locked = "zimbraAccountStatus: locked\n"
            if locked in ga:
              os.system(pathtozmprov + ' ma %s zimbraAccountStatus active' % (accountname))
              time.sleep(1)
              print accountname, " is no longer in the 'banned' group, therefore the account has been activated"                            
    
               
    except ldap.LDAPError, error_message:
      print error_message          
    
    l.unbind_s()
    Just to be clear: I didn't write this code, CyberNerd published this at the EduGeek forums.

Similar Threads

  1. ZCS, Windows Active directory and Multiple-servers
    By tuhintt in forum Installation
    Replies: 0
    Last Post: 12-19-2008, 09:30 AM
  2. Replies: 1
    Last Post: 05-28-2008, 05:18 AM
  3. Active directory elimination
    By danny.sierra@omtech.net in forum Administrators
    Replies: 2
    Last Post: 11-23-2007, 01:48 PM
  4. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 10:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •