AD autoprovision pr...
 
Notifications
Clear all

AD autoprovision problem

2 Posts
2 Users
0 Reactions
339 Views
(@regul8or)
Joined: 2 years ago
Posts: 16
Topic starter  

I successfully configured AD authentication and now have a problem creating configuration for auto provisioning AD accounts.

Those are attributes from our current Zimbra OSE config:

zimbraAutoProvAttrMap: displayName=displayName
zimbraAutoProvAttrMap: givenName=sn
zimbraAutoProvAttrMap: sn=givenName

 (yes, sn and givenName in our AD are misplaced)

The following are corresponding Carbonio commands:

carbonio prov md company.com zimbraAutoProvAttrMap 'cn=displayName'
carbonio prov md company.com +zimbraAutoProvAttrMap 'displayName=displayName'
carbonio prov md company.com +zimbraAutoProvAttrMap 'givenName=sn'
carbonio prov md company.com +zimbraAutoProvAttrMap 'sn=givenName'

When I try to auto provision a used, I have the following exception in the logs:

2024-05-13 13:42:08,098 INFO  [qtp808447015-14] [ip=ip1;oip=ip2;port=60006;soapId=2789d590;] autoprov - auto creating account in LAZY mode: testuser@company.com
2024-05-13 13:42:08,118 INFO  [qtp808447015-14] [ip=ip1;oip=ip2;port=60006;soapId=2789d590;] account - unable to auto provisioing acct testuser
com.zimbra.cs.ldap.LdapException$LdapInvalidAttrValueException: invalid attr value - unable to create entry: ldap host=host.domain.local:389: displayName: multiple values provided
        at com.zimbra.cs.ldap.LdapException.INVALID_ATTR_VALUE(LdapException.java:94) ~[zimbrastore.jar:?]
        at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:46) ~[zimbrastore.jar:?]
        at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:228) ~[zimbrastore.jar:?]
        ... a whole lot of diagnostics

If I remove a command with displayName=displayName, everything's working, but I don't like an idea to manually set Display Name for hundreds of users


   
Quote
(@stefanodavid)
Joined: 3 years ago
Posts: 227
 

@regul8tor (and whoever is interested in the topic): we are working on LDAP/AD documentation, please be patient and give us some time!


   
ReplyQuote