@ -25,7 +25,7 @@ The configuration is stored in a single file in YAML format. The script will loo
The config has two main sections :
* general : settings which affects all domains, mainly to configure email notification in case of error
* general : settings which affect all domains, mainly to configure email notifications in case of error
* domains : list of domain to sync, and the settings for each of them
The general section looks like
@ -38,11 +38,11 @@ general:
```
Foreach each domain you defined, you can configure 4 sections :
* ldap : defined where and how to connect to the external LDAP server
* users : define how to search for users in the external LDAP, and which attributes will be mapped to which one in Zimbra
* groups : define how to search for groups in external LDAP, and which attributes will be mapped to which one in Zimbra
* zimbra : define some settings about how the script should behave for this domain (eg, should it create the domain if missing, should it autoconfigure external authentication etc.)
Foreach each domain you define, you can configure 4 sections :
* ldap : defines where and how to connect to the external LDAP server(s)
* users : defines how to search for users in the external LDAP, and which attributes will be mapped to which ones in Zimbra
* groups : defines how to search for groups in external LDAP, and which attributes will be mapped to which ones in Zimbra
* zimbra : defines some settings about how the script should behave for this domain (eg, should it create the domain if missing, should it autoconfigure external authentication etc.)
In most case, the configuration can be minimal, as defaults values are provided. You just have to set the LDAP server, bind DN and password (if applicable), and the schema. The schema can be ad, rfc2307 or rfc2307bis. If one of these schema is specified, adapted defaults values will be used
@ -84,14 +84,14 @@ domains:
servers:
- ldap://ldap1.corp3.net:389
- ldap://ldap3.corp3.net:389
# Use starttls/ Do not set this if using ldaps:// URI
# Use starttls. Do NOT set this if using ldaps:// URI
start_tls: True
# Optional bind DN and bind password for searches
bind_dn: CN=Zimbra,OU=Apps,DC=corp3,DC=net
bind_pass: 'p@ssw0rd'
# the schema used. Can be ad, rfc2307, rfc2307bis or simply ldap.
# ad, rfc2307 and rfc2307bis provides default values for attribute mapping. ldap is when you want
# a complete control, and you'll have to configure the mapping yourself
# a total control, and you'll have to configure the mapping yourself
schema: ad
users:
# Base DN where to look for users
@ -105,7 +105,7 @@ domains:
mail_attr: mail
# The attribute for email aliases
alias_attr: otherMailbox
# A dict of attribute to map from external LDAP to Zimbra.
# A dict of attributes to map from external LDAP to Zimbra.
# The format is ext_attr: zimbra_attr
attr_map:
displayName: displayName
@ -138,7 +138,7 @@ domains:
mail_attr: mail
# The attribute for email aliases
alias_attr: null
# A dict of attribute to map from external LDAP to Zimbra.
# A dict of attributes to map from external LDAP to Zimbra.
# The format is ext_attr: zimbra_attr
attr_map:
displayName: displayName
@ -146,7 +146,7 @@ domains:
zimbra:
# Should zmldapsync create the domain if missing ?
create_if_missing: False
# If the domain in Zimbra exists but is not configured
# If the domain exists in Zimbra but is not configured
# for external auth (either LDAP or AD), should this script configure it ?
setup_ldap_auth: True
# If defined, domain aliases will be added to / removed from Zimbra according to this list
@ -170,3 +170,4 @@ Once a configuration file is ready, the script can be called with the following
* --config : path to the config file (defaults to /opt/zimbra/conf/zmldapsync.yml)
* --quiet : will not print anything except errors
* --verbose : prints aditional info during the sync
* --dry-run : do not apply the changes. Can be used with --verbose to see what would be done