Page 1 of 1

[SOLVED] Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Wed Nov 16, 2016 3:53 pm
by ElClay
My installation of Zimbra 8.7 is A single server and my infrastructure for mail is composed as follows:

Server A: Dns + OpenLdap v2.4 under Debian 6, with about 500 users.
Server B: Zimbra Collaboration 8.7.1 under Ubuntu 16.04.

I need to integrate or migrate my OpenLdap (server a) to Zimbra-ldap (server b) for what purpose ?, for use by existing users in my OpenLdap and that when creating a new user is automatically created in my Zimbra-ldap.

Is it currently possible to do this?
What alternatives do I have to do it?

regards

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Wed Nov 16, 2016 4:01 pm
by phoenix
How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Wed Nov 16, 2016 8:10 pm
by sensor
Hi,

I would say that depends on what your future plans with that openldap server are. Basically you have 2 options:

HTH,
Sensor

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Wed Nov 16, 2016 9:30 pm
by ElClay
phoenix wrote:How about using the Provisioning feature of ZCS?

https://git.zimbra.com/repos/zimbra-fos ... toprov.txt


Ok I'm testing with the information they gave me, but now I have another problem I'm throwing the following error:

tail -f /opt/zimbra/log/mailbox.log
2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute


How do I clean this attribute? zimbraAutoProvAttrMap: sn=commonName

Try changing it with this command: zmprov md my.domain +zimbraAutoProvAttrMap sn=sn But I'm still throwing the same error

So I would like to know how to clean that attribute or what is the valid attribute for zimbra, (zimbraAutoProvAttrMap: sn=?)

S.O.S

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Wed Nov 16, 2016 11:08 pm
by sensor
Let's have a look at the definition for zimbraAutoProvAttrMap:

Code: Select all

<attr id="1231" name="zimbraAutoProvAttrMap" type="string" max="256" cardinality="multi" optionalIn="domain" since="8.0.0">
  <desc>
     EAGER mode: optional
      LAZY mode: optional
    MANUAL mode: optional 
 
    Attribute map for mapping attribute values from the external entry to Zimbra account attributes.
    Values are in the format of {external attribute}={zimbra attribute}.
    If not set, no attributes from the external directory will be populated in Zimbra directory.
   
    Invalid mapping configuration will cause the account creation to fail.
    Examples of bad mapping:
        - invalid external attribute name.
        - invalid Zimbra attribute name.
        - external attribute has multiple values but the zimbra attribute is single-valued.
        - syntax violation.  e.g. Value on the external attribute is a String but the Zimbra
          attribute is declared an integer.
  </desc>
</attr>


so your problem is very obvious:

2016-11-16 16:36:34,710 WARN [AutoProvision] [] autoprov - Unable to auto provision accounts for domain my.domain
com.zimbra.common.service.ServiceException: system failure: invalid value in zimbraAutoProvAttrMap: sn=commonName, not a valid zimbra attribute


remove the configured mapping:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap sn=commonName


and set it up correctly:

Code: Select all

$ zmprov md example.com md -zimbraAutoProvAttrMap commonName=sn


check your settings:

Code: Select all

$ zmprov gd example.com md zimbraAutoProvAttrMap


and remove all unintended settings as described above.

Re: Migrating users from OpenLdap 2.4 to Zimbra-ldap 8.7

Posted: Thu Nov 17, 2016 1:05 pm
by ElClay
Thank you very much for the information sensor and fenix that helped me a lot, I was able to implement the connection without any problem thanks to you.

I only have one last question, is it possible to enable the password change under this scheme ?, ie; That when changing the password in the Zimbra (server b) is changed in the OpenLdap (server a).

Since you try to change the password in the Zimbra and when entering the email account, it still uses the OpenLdap password, ie it does not take the password change.

regards