Creating & Updating Distribution Lists in Zimbra from Active Directory

One of the downfalls of Zimbra is its poor integration with Active Directory, at least for the OSS version. This can be solved though with some scripting.

The basis of this script comes from “Zimbra autocreate accounts with Active Directory or LDAP” which was a good start for me but was much more complicated than I needed.

The purpose of this document is to document the method that I used to dynamically update the distribution lists from the OU membership on our Active Directory Server.

Assumptions of this Document

I am using:

• Ubuntu Server 12.04 LTS
• Zimbra version 8.0 OSS Version
• Python
• Microsoft Active on Windows 2008 Server R2

Modify / Create the Distribution Group and Add Members from AD

First thing is to create the script that gets a list of the users from AD and creates the necessary groups. A word of caution here is that you need to be careful of the indentation in Python. If the indentation of the lines is wrong (not what I have here) the script won’t work.

The values in RED should be changed to match your site.

$ sudo mkdir /opt/import
$ cd /opt/import
$ sudo vi groups.py

#!/usr/bin/python
import ldap,sys,os,time

# Address of LDAP Server
ldapHost = "ldap://adServer.domain.local:389"

#DN and Password of user to bind to AD with
user = "CN=UserName,CN=Users,DC=domain,DC=local"
password = "PASSWORD"

fqdn = "mailhost.domain.local" # FQDN of Zimbra Domain Configured

filter = "sn=*"

pathtozmprov="/opt/zimbra/bin/zmprov"

#--------------END VAR--------------------
groupName = str(sys.argv[1])
baseDN = str(sys.argv[2])
f = os.popen(pathtozmprov +' -l gaa ')
zmprovgaa = []
zmprovgaa = f.readlines()

try:    
  l = ldap.initialize(ldapHost) 
  l.simple_bind_s(user, password)
  result = l.search_s(baseDN, ldap.SCOPE_SUBTREE,filter)
  delete_group =  pathtozmprov + " ddl " + groupName + "@" + fqdn
  create_group =  pathtozmprov + " cdl " + groupName + "@" + fqdn
  populate_group = pathtozmprov + " adlm " + groupName + "@" + fqdn

  for (dn, vals) in result:
    try:
      mail = vals['mail'][0]
    except:
      mail = vals['sAMAccountName'][0].lower() + "@" + fqdn

    sys.stdout.flush()
    populate_group = populate_group + " " + mail

  os.system (delete_group)
  os.system (create_group)
  os.system (populate_group)

except ldap.LDAPError, error_message:
  print error_message     

l.unbind_s()

$ sudo chmod 755 groups.py

Example usage:

$ sudo su zimbra -
$ cd /opt/import
$./groups.py staff "OU=Staff,OU=Users,DC=domain,DC=local"

Specifically, this will create a Distribution List with the name of “staff” which contains all of the users in the OU listed. It’s assumed that you will already have the users created in Zimbra. The script to do this will be documented soon. If you need it now, you can email me antony@street.id.au.

Finishing Up

You could call groups.py directly from cron but it’s better to create a shell script to call it and then add the shell script to cron. This way you can easily add and edit the required OUs.

$ sudo vi batch_groups.sh

#!/bin/bash
/opt/import/groups.py staff "OU=Staff,OU=Users,DC=domain,DC=local"

Finally we’ll schedule the command to run by adding it to crontab. To complete this:

$ sudo su zimbra -
$ crontab -e

Insert the following line at the beginning of the file.

@daily /opt/import/batch_groups.sh