Results 1 to 8 of 8

Thread: Users in AD and OpenLDAP

Hybrid View

  1. #1
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    10

    Default Users in AD and OpenLDAP

    I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?

  2. #2
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    10

    Default Is that correct?

    Quote Originally Posted by gribbler
    I saw that users need to be in both AD and LDAP, if I have 300 users in AD, I am not wanting to create 300 user accounts. Is there another way to do this?

    Is that correct that user accounts need to be in both the AD and the OpenLDAP?

  3. #3
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default Yes, but it's not so bad...

    It is necessary to create the users in ldap, but you don't have to use the web UI.

    You can create users from the command line with zmprov:
    zmprov ca etc...

    So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.

    So you'll have a file with zmprov commands on the lines:

    ca user@domain.com passwd1
    ca user2@domain.com passwd2

    Then -
    zmprov < filename will bulk provision.

  4. #4
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    10

    Default How does this relate to AD?

    Quote Originally Posted by marcmac
    It is necessary to create the users in ldap, but you don't have to use the web UI.

    You can create users from the command line with zmprov:
    zmprov ca etc...

    So, if you can dump your userlist to a file, one user per line, you can feed that file to zmprov. If you want to create additional attributes (display name, etc) you can do that as well.

    So you'll have a file with zmprov commands on the lines:

    ca user@domain.com passwd1
    ca user2@domain.com passwd2

    Then -
    zmprov < filename will bulk provision.
    Then whats the point of using AD? I was hoping to pul a username and password out of the AD...

  5. #5
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default AD for authentication

    You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.

  6. #6
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    10

    Default and then...

    Quote Originally Posted by marcmac
    You use AD to authenticate against, but all zimbra-specific account attributes stay in our openldap db - so we're not writing to your AD installation.
    Does it use the AD password? Do I need to set one in the LDAP DB?

  7. #7
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default Ad

    Yes, we auth with the password set in AD, so you don't have to set one in LDAP - except, I think there's a bug that requires a password be set in order to create the account, so you can set it to anything at account creation, and the AD password will be used.

  8. #8
    Join Date
    Oct 2005
    Posts
    18
    Rep Power
    10

    Default Thanks.

    Much appreciated. Now at least I feel like I've got a grasp on everything. Well. Sort of. you know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •