One of the first problems I had to resolve after installing Zimbra, was how to keep Zimbra’s internal LDAP directory in sync with our Open Directory server. This problem was compounded by the fact that out of the box, all Zimbra mail boxes have to be provisioned by hand. Granted, there are command line tools and scripts that can be used to batch provision accounts but who wants to manually put together scripts to do the bulk provisioning? Authentication and GAL lookups from an external source are working beautifully so far and to me, Zimbra’s lack of an auto-provisioning from an external directory feature is almost insane.
Currently there is an RFE in Zimbra’s bug tracker for such a feature, but that doesn’t help those of us who could use a solution now.
After a great deal of searching through the forums and bug tracker, I literally stumbled across Bug 14772 – include zmexternaldirsync in build. It’s a discussion about including a Perl script called zmexternaldirsync in the Zimbra builds. From what I can tell, the team was getting it ready to include it in a build and then decided against it. I grabbed the script and documentation and fiddled around with it and got it working.
And now I’m posting it here to (hopefully) make someone else’s life a little easier.
WARNING: This script is provided as-is. The author of this blog is not responsible for any potential damage it may do to your install. The author of this blog is also not responsible for supporting this script. Be aware that any future Zimbra updates could break this script. I doubt it’s supported by the Zimbra team since it isn’t included in any of the available builds (AFAIK). Use it at your own risk!
With that said… I’ve been using it since earlier this year. So far it’s auto-provisioned new mail accounts for every new user I’ve added to our directory server. It’s made my job a lot easier than I thought it was going to be. It’s survived two software updates and an OS/hardware migration. It’s everything that should’ve been included with Zimbra to help system administrators maintain user accounts.
When I first set it up, I was running Zimbra on an Xserve running Tiger server (10.4.11). I had to install the Perl modules referenced in the spartan documentation. I also had to modify the script itself – I’ll be honest, it’s been so long I can’t remember what I had to change and I was bad about keeping notes… I think it was a case change in three lines of the script. I’ve included my modified script in the zip file to save you the time and trouble. I’ve set the script up to pull the cn from our directory and set that value to Zimbra LDAP’s displayName value… I’ve found it handy to have full names in the account listing screens. I just finished migrating to a newer Xserve running Leopard server (10.5.4) and haven’t run into any problems with the script so far. If I do, I’ll post them here.
zmexternalsync.zip (67 KB)
Awsome article.
I’m trying the script now.
Although I setup Zimbra as a Samba/LDAP auth point for my general population (Linux, OSX, Windows boxes), I need to update Zimbra LDAP via a 3rd party web app and not the Zimbra admin console.
Seeing that this is a real PIT(F)A, I’ve setup an standard Centos LDAP server which I can update its LDAP db all day long via a custom written web app, I’ll then sync it with Zimbra LDAP so that emails work properly.
If it weren’t for the fact that Zimbra has a great collaborative calendar, I’d chuck it. I’m using the free open source version btw.
Would you mind giving me an example of the values?
Hi Brian – Sorry for the delayed response. What values did you need examples for? You can email me with questions – dave@io-blog.com.