[SOLVED] Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Looking to migrate to ZCS? Ask here. Got a great tip or script that helped you migrate? Post it here.
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

[SOLVED] Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby ElClay » Wed Nov 16, 2016 3:53 pm

My installation of Zimbra 8.7 is A single server and my infrastructure for mail is composed as follows:

Server A: Dns + OpenLdap v2.4 under Debian 6, with about 500 users.
Server B: Zimbra Collaboration 8.7.1 under Ubuntu 16.04.

I need to integrate or migrate my OpenLdap (server a) to Zimbra-ldap (server b) for what purpose ?, for use by existing users in my OpenLdap and that when creating a new user is automatically created in my Zimbra-ldap.

Is it currently possible to do this?
What alternatives do I have to do it?

regards
Last edited by ElClay on Fri Nov 25, 2016 8:10 pm, edited 1 time in total.


phoenix
Ambassador
Ambassador
Posts: 26674
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby phoenix » Wed Nov 16, 2016 4:01 pm

How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
sensor
Posts: 37
Joined: Tue Apr 12, 2016 7:52 am

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby sensor » Wed Nov 16, 2016 8:10 pm

Hi,

I would say that depends on what your future plans with that openldap server are. Basically you have 2 options:

HTH,
Sensor
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby ElClay » Wed Nov 16, 2016 9:30 pm

phoenix wrote:How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt


Ok I'm testing with the information they gave me, but now I have another problem I'm throwing the following error:

tail -f /opt/zimbra/log/mailbox.log
2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute


How do I clean this attribute? zimbraAutoProvAttrMap: sn=commonName

Try changing it with this command: zmprov md my.domain +zimbraAutoProvAttrMap sn=sn But I'm still throwing the same error

So I would like to know how to clean that attribute or what is the valid attribute for zimbra, (zimbraAutoProvAttrMap: sn=?)

S.O.S
User avatar
sensor
Posts: 37
Joined: Tue Apr 12, 2016 7:52 am

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby sensor » Wed Nov 16, 2016 11:08 pm

Let's have a look at the definition for zimbraAutoProvAttrMap:

Code: Select all

<attr id="1231" name="zimbraAutoProvAttrMap" type="string" max="256" cardinality="multi" optionalIn="domain" since="8.0.0">
  <desc>
     EAGER mode: optional
      LAZY mode: optional
    MANUAL mode: optional 
 
    Attribute map for mapping attribute values from the external entry to Zimbra account attributes.
    Values are in the format of {external attribute}={zimbra attribute}.
    If not set, no attributes from the external directory will be populated in Zimbra directory.
   
    Invalid mapping configuration will cause the account creation to fail.
    Examples of bad mapping:
        - invalid external attribute name.
        - invalid Zimbra attribute name.
        - external attribute has multiple values but the zimbra attribute is single-valued.
        - syntax violation.  e.g. Value on the external attribute is a String but the Zimbra
          attribute is declared an integer.
  </desc>
</attr>


so your problem is very obvious:

2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute


remove the configured mapping:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap sn=commonName


and set it up correctly:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap commonName=sn


check your settings:

Code: Select all

$ zmprov gd example.com md zimbraAutoProvAttrMap


and remove all unintended settings as described above.
User avatar
ElClay
Posts: 11
Joined: Fri Jan 08, 2016 8:52 am
Location: Venezuela
ZCS/ZD Version: 8.7.1

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Postby ElClay » Thu Nov 17, 2016 1:05 pm

Thank you very much for the information sensor and fenix that helped me a lot, I was able to implement the connection without any problem thanks to you.

I only have one last question, is it possible to enable the password change under this scheme ?, ie; That when changing the password in the Zimbra (server b) is changed in the OpenLdap (server a).

Since you try to change the password in the Zimbra and when entering the email account, it still uses the OpenLdap password, ie it does not take the password change.

regards

Return to “Migration”

Who is online

Users browsing this forum: No registered users and 1 guest