Previously had been explain how to automatically create mailboxes in Zimbra with eager mode auto-provisioning. In this section, we can try to using lazy mode auto-provisioning. What difference between eager mode and lazy mode?
Difference of both is process automatically create mailboxes. If using eager mode, Zimbra will process create mailboxes every certain time (example every 5 minutes) and if using lazy mode, Zimbra will process create mailboxes every users of external AD login for first time.
You can choose which method suitable with your system. But on this section, i will explain how to using lazy mode auto-provisioning.
Create file with name autoprovision.zmp and put at folder /srv/
vi /srv/autoprovision.zmp
fill with the following line
md imanudin.net zimbraAutoProvAttrMap "cn=displayName" md imanudin.net +zimbraAutoProvAttrMap "givenName=givenName" md imanudin.net +zimbraAutoProvAttrMap "sn=sn" md imanudin.net +zimbraAutoProvAttrMap "description=description" md imanudin.net zimbraAutoProvAuthMech "LDAP" md imanudin.net zimbraAutoProvLdapAdminBindDn "cn=Administrator,cn=users,dc=imanudin,dc=net" md imanudin.net zimbraAutoProvLdapAdminBindPassword "VerySecret123" md imanudin.net zimbraAutoProvLdapBindDn "cn=Administrator,cn=users,dc=imanudin,dc=net" md imanudin.net zimbraAutoProvLdapSearchBase "dc=imanudin,dc=net" md imanudin.net zimbraAutoProvLdapURL "ldap://192.168.1.102:389" md imanudin.net zimbraAutoProvMode "LAZY" md imanudin.net zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}." md imanudin.net zimbraAutoProvNotificationFromAddress "admin@imanudin.net" md imanudin.net zimbraAutoProvNotificationSubject "New account auto provisioned"
INFORMATION :
imanudin.net = domain name at Zimbra
LdapAdminBindDn/LdapBindDn = User Administrator at Active Directory/Samba4
LdapAdminBindPassword = Password user Administrator
LdapSearchBase = Attribute search AD/Samba4
LdapSearchFilter = Attribute search which has been filtered
LdapURL = IP Server external AD/Samba4
After above file has been created, run the following command as Zimbra
su - zimbra zmprov < /srv/autoprovision.zmp
Please check process automatically create mailboxes at /opt/zimbra/log/mailbox.log. Please check also mailboxes which has been created at Zimbra Admin | Manage.
Good luck and hopefully useful 😀
Hello
It’s a pleasure to read this tutorial!!
But i have a question, this method is available only for NE version of zimbra 8.6 or NE and OSE version?
Thanks
Hi Enguerran bret,
This guidance could be using on both of Zimbra. NE and OSE
HI, thank you for your job.
When i connect with a new account, Display Name is Administrator, name is fill with no value and firstname is empty.
THis is my autoprovision.zmp:
md myzimbradomainname zimbraAutoProvAttrMap “cn=displayName”
md myzimbradomainname +zimbraAutoProvAttrMap “givenName=givenName”
md myzimbradomainname +zimbraAutoProvAttrMap “sn=sn”
md myzimbradomainname +zimbraAutoProvAttrMap “description=description”
md myzimbradomainname zimbraAutoProvAuthMech “LDAP”
md myzimbradomainname zimbraAutoProvLdapAdminBindDn “cn=Administrateur,cn=users,dc=myADdomainname”
md myzimbradomainname zimbraAutoProvLdapAdminBindPassword “myADpassword”
md myzimbradomainname zimbraAutoProvLdapBindDn “cn=administrateur,cn=users,dc=myADdomainname”
md myzimbradomainname zimbraAutoProvLdapSearchBase “dc=myADdomainname”
md myzimbradomainname zimbraAutoProvLdapURL “ldap://myIPAD:389”
md myzimbradomainname zimbraAutoProvMode “LAZY”
md myzimbradomainname zimbraAutoProvNotificationBody “Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}.”
md myzimbradomainname zimbraAutoProvNotificationFromAddress “admin@myzimbradomainname”
md myzimbradomainname zimbraAutoProvNotificationSubject “New account auto provisioned”
Hi Ouaipa,
What version of Zimbra that are you using?
Hi,
8.6.0 OSE
Thanks
ANy idea?
Thanks 🙂
Hi Ouaipa,
Sorry for a late response. I will try on my machine first. 😉
Thanks for the precision 😉 I tested it but it’s doesn’t work.. i gonna search why (yn) 🙂
Hi Bret,
Sorry for a late response. I will try on my machine first. 😉
thank you so much iman 😉
and don’t worry :3
i have an other question ^^’
Does it works with an OpenLdap or only with Active Directory LDAP??
hello??
Feedback?
Hi Iman,
I have configured the following regarding auto provisioning:
[zimbra@m1 log]$ zmprov gd onlinebcits.com | grep AutoProv
zimbraAutoProvBatchSize: 20
zimbraAutoProvLdapAdminBindDn: cn=Directory Manager,dc=bcits,dc=co,dc=in
zimbraAutoProvLdapAdminBindPassword: xxxxx
zimbraAutoProvLdapBindDn: cn=Directory Manager,dc=bcits,dc=co,dc=in
zimbraAutoProvLdapSearchBase: dc=bcits,dc=co,dc=in
zimbraAutoProvLdapURL: ldap://192.168.10.230:389
zimbraAutoProvMode: LAZY
zimbraAutoProvNotificationBody: Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}.
zimbraAutoProvNotificationFromAddress: admin@onlinebcits.com
zimbraAutoProvNotificationSubject: New account auto provisioned
The mailbox.log shows authentication error and invalid credentials. I am sure about the credentials, am I making any mistake in configuration? How to debug it?
Regards,
Seenu.
Hi Below is my configuration…. I had tried server referral documents on net ..But no luck…!!…left a hope on this forum..please help.
Steps i had done
1.on Zimbra admin log in , configure > Domain>selected already added domain and right click ‘configure Authentication” .
2.Selected “external Active Directory” click “next”
3.Provided AD domain name IP of AD ldap server with port 389 clicked “next ” rest all DN/password bind, Filters etc on that wizard left empty.
4.Tested with AD user name and password. its successfully authenticated.. click finish
5.Created a txt file in /srv/autoprov.txt with below entries and run “zmprov < /srv/autoprov.txt"
command .
6.Try to login from zimbra user interface it says "The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password."
7.Also checked in zimbra admin login …no new account provisioned there.
Zimbra version 8.8.12_GA_3866.FOSS
autoprov.txt entries
md test.com zimbraAutoProvMode LAZY
md test.com zimbraAutoProvAccountNameMap "sAMAccountName"
md test.com zimbraAutoProvAttrMap "sn=sn"
md test.com +zimbraAutoProvAttrMap "description=description"
md test.com +zimbraAutoProvAttrMap "cn=cn"
md test.com +zimbraAutoProvAttrMap "givenName=givenName"
md test.com zimbraAutoProvBatchSize "20"
md test.com zimbraAutoProvLdapAdminBindDn "cn=ldaptest,dc=test,dc=com"
md test.com zimbraAutoProvLdapAdminBindPassword "xxxxx"
md test.com zimbraAutoProvLdapBindDn "ldaptest@test.com"
md test.com zimbraAutoProvLdapSearchBase "dc=test,dc=com"
md test.com zimbraAutoProvLdapSearchFilter "(objectClass=*)"
md test.com zimbraAutoProvLdapURL "ldap://192.xxx.xxx.xxx:389"
md test.com zimbraAutoProvNotificationBody "Your account has been auto provisioned. Your email address is ${ACCOUNT_ADDRESS}."
md test.com zimbraAutoProvNotificationFromAddress "admin@test.com"
md test.com zimbraAutoProvNotificationSubject "New account auto provisioned"
ms mailnew.test.com zimbraAutoProvPollingInterval "1m"
ms mailnew.test.com zimbraAutoProvScheduledDomains "test.com"
mail .log entries
Caused by: com.zimbra.common.service.ServiceException: system failure: unable to send or receive startTLS extended operation
ExceptionId:qtp1647809929-85982:http://localhost:8080/service/soap/AuthRequest:1572074505045:586f6a60daacca2c
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.ldapAuthenticate(UBIDLdapContext.java:857)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.externalLdapAuthenticate(UBIDLdapContext.java:892)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.externalLdapAuthenticateImpl(UBIDLdapClient.java:124)
at com.zimbra.cs.ldap.LdapClient.externalLdapAuthenticate(LdapClient.java:190)
at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5643)
at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5832)
… 60 more
2019-10-26 12:51:45,049 INFO [qtp1647809929-85982:http://localhost:8080/service/soap/AuthRequest%5D [oip=192.168.1.55;ua=zclient/8.8.12_GA_3866;soapId=54a112de;] SoapEngine – handler exception: authentication failed for [636@test.com], account not found
2019-10-26 12:51:45,049 INFO [qtp1647809929-85982:http://localhost:8080/service/soap/AuthRequest%5D [oip=192.168.1.55;ua=zclient/8.8.12_GA_3866;soapId=54a112de;] soap – AuthRequest elapsed=15018
2019-10-26 12:51:45,066 INFO [qtp1647809929-85981:https:https://localhost:7071/service/admin/soap/GetDomainInfoRequest%5D [ua=ZCS/8.8.12_GA_3866;soapId=54a112df;] soap – GetDomainInfoRequest elapsed=0
2019-10-26 12:51:55,003 INFO [MailboxPurge] [name=ham.fwu9mgssf@mailnew.kimshisnet.com;mid=3;] purge – Purging messages.
Hello,
Please check on this section “zimbraAutoProvLdapAdminBindDn “cn=ldaptest,dc=test,dc=com”. AFAIK, AD using cn=Adminuser and so on for Administrator User
Thanks for your replay…I had tried to move to another OU that is “cn=ldaptest,cn=Users,dc=test,dc=com”…still no luck…also give admin privilege to the user “ldaptest”………..also create a user like u mentioned Administrator (cn=Administrator,cn=Users,dc=test,dc=com”…still no luck…any hope?