IdentityConnectorZimbra

About

The zimbra connector allows the manipulation of Zimbra accounts by running remote ssh commands against the Zimbra stores using zmprov. The zimbra connector depends upon middleware's OpenLDAP for information about the users account.

The Zimbra connector will ideally be updated to use the SOAP api but there are some challenges.

Definitions

• Account Exists
  • Get account (zmprov ga) and grep for 'uid', look at return code (0=Account Exists)
• Enable
  • If needed create account and set class of service based on OpenLDAP org status
  • Set zimbraAccountStatus to 'active'
• Disable
  • Set zimbraAccountStatus to 'locked'
• Status
  • active: zimbraAccountStatus is set to active
  • inactive: zimbraAccountStatus is set to locked
  • no_account: user account does not exist
  • unknown: something terrible has happened and zimbra has no idea what is going on

Enable Account

Arguments: uid

Tests if the users account exists, and if it is active. If no account exists it is created. If the account is not active it is set to active. The class of service is set based on the users organizational status in OpenLDAP.

Disable Account

Arguments: uid

If the account does not exist nothing is done and the connector reports success. If the account exists it is locked to prevent the user from accessing Zimbra resources.

Account Information

Arguments: None

If the account exists a dictionary of uid, givenName, sn, and account status are returned. If the account does not exist an empty dictionary is returned.

Update Account

Partially implemented pending further discussion. UID must remain read-only, a list of valid attributes should be added to prevent erroneous data from being written to zimbra. This method only pretends to update values but takes no action.

Arguments: uid, dictionary of attributes to update and their new values

Attributes to be updated are passed to this method via a dictionary. The value of each attribute would be updated in Zimbra after a sanity check.