Zimbra save all account and profile information on the LDAP database. Zimbra has no function for only import and export it’s account, although they have bundled Zimbra to Zimbra migration command. The Zimbra to Zimbra migration command export all mailbox and account while I only need a list of account with some primary fields like password, first name, full name, etc, especially for testing purpose only.
I decided to create a simple script that look for related information on Zimbra LDAP with the following algorithm :
- Check Zimbra version, because Zimbra 5 and Zimbra 6 has different method for accessing LDAP and also these are a few changes on Zimbra CLI. Zimbra 6 need paramater for command while Zimbra 5 doesn’t need it, e.g, on Zimbra 5, running zmprov gaa will list all Zimbra account but on Zimbra 6 we must use zmprov -l gaa to display same result.
- Export all account profile to temporary parameter and loop for all account
- Skip all system account : admin, ham, spam, galsync and wiki. All these system account doesn’t need to be exported because Zimbra will create all system account on installation process.
- Get all account identity/fields from Zimbra LDAP by using LDAPsearch command
- Create a text file with zmp extension. This file will contains zmprov ca command with proper parameter from step 4
- Create ldif file for updating Zimbra LDAP password, because Zimbra LDAP using SSHA encryption and the better method for updating Zimbra LDAP password is using ldapmodify command.
- Finish
Algorithm for Import Account
- Check whether user are already on Zimbra user environment or not
- Check is there existing zmp and ldif file (the result from export script)
- Import zmp file
- Run ldapmodify command to change Zimbra LDAP password by using ldif data
- Finish
Please remember that you must running export script by using root privilege but the import account must be run within Zimbra user environment (su – zimbra).
Look at following example to run Zimbra Account export script :
[code language=’cpp’]
su
cd /srv
wget -c http://vavai.com/wp-content/uploads/exim-acc-zcs.tar.gz
tar -zxvf exim-acc-zcs.tar.gz
cd exim-acc-zcs
./export-acc-zcs.sh
[/code]
The above command will produce zcs-acc-add.zmp and zcs-acc-mod.ldif file. Copy all four file (the last two are script file) onto some folder on target server and run the following command to import the account and it’s profile :
[code language=’cpp’]
su
su – zimbra
cd /home/vavai
./import-acc-zcs.sh
[/code]
Script has been sucessfully tested on Zimbra 6.0.5, 6.0.6 dan 6.0.7 on SUSE Linux Enterprise Server 11 and openSUSE 11.
Download Zimbra Account Export-Import Script by click on the download icon belows :
Script for export :
[code language=’cpp’]
#!/bin/sh
#Hapus Layar
clear
echo -e “###################################################################################”
echo -e “# Zimbra export-acc-zcs.sh ver 0.0.2 #”
echo -e “# Skrip untuk export account Zimbra berikut profile dan password #”
echo -e “# Masim ‘Vavai’ Sugianto – vavai@vavai.com – http://www.vavai.com #”
echo -e “# Untuk saran dan pertanyaan silakan menggunakan Milis Komunitas Zimbra Indonesia #”
echo -e “# Link Komunitas : http://www.zimbra.web.id – http://www.opensuse.or.id #”
echo -e “###################################################################################”
# /* Variable untuk bold */
ibold=”�33[1m””n===> ”
ebold=”�33[0m”
# /* Parameter */
echo “”
echo -n “Enter Domain Name (ex : vavai.com) : ”
read NAMA_DOMAIN
echo -n “Enter path folder for exported account (ex : /home/vavai/) : ”
read FOLDER
# /* Membuat file hasil export dan mengisi nama domain */
NAMA_FILE=”$FOLDER/zcs-acc-add.zmp”
LDIF_FILE=”$FOLDER/zcs-acc-mod.ldif”
rm -f $NAMA_FILE
rm -f $LDIF_FILE
touch $NAMA_FILE
touch $LDIF_FILE
echo “createDomain $NAMA_DOMAIN” > $NAMA_FILE
# /* Check versi Zimbra yang digunakan */
VERSION=`su – zimbra -c ‘zmcontrol -v’`;
ZCS_VER=”/tmp/zcsver.txt”
# get Zimbra LDAP password
ZIMBRA_LDAP_PASSWORD=`su – zimbra -c “zmlocalconfig -s zimbra_ldap_password | cut -d ‘ ‘ -f3″`
touch $ZCS_VER
echo $VERSION > $ZCS_VER
echo -e $ibold”Retrieve Zimbra User…………………………”$ebold
grep “Release 5.” $ZCS_VER
if [ $? = 0 ]; then
USERS=`su – zimbra -c ‘zmprov gaa’`;
LDAP_MASTER_URL=`su – zimbra -c “zmlocalconfig -s ldap_master_url | cut -d ‘ ‘ -f3″`
fi
grep “Release 6.” $ZCS_VER
if [ $? = 0 ]; then
USERS=`su – zimbra -c ‘zmprov -l gaa’`;
LDAP_MASTER_URL=”ldapi:///”
fi
echo -e $ibold”Processing account, please wait…………………………”$ebold
# /* Proses insert account kedalam file hasil export */
for ACCOUNT in $USERS; do
NAME=`echo $ACCOUNT`;
DOMAIN=`echo $ACCOUNT | awk -F@ ‘{print $2}’`;
ACCOUNT=`echo $ACCOUNT | awk -F@ ‘{print $1}’`;
ACC=`echo $ACCOUNT | cut -d ‘.’ -f1`
if [ $NAMA_DOMAIN == $DOMAIN ] ;
then
OBJECT=”(&(objectClass=zimbraAccount)(mail=$NAME))”
dn=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep dn:`
displayName=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep displayName: | cut -d ‘:’ -f2 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
givenName=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep givenName: | cut -d ‘:’ -f2 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
userPassword=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep userPassword: | cut -d ‘:’ -f3 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
cn=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep cn: | cut -d ‘:’ -f2 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
initials=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep initials: | cut -d ‘:’ -f2 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
sn=`/opt/zimbra/bin/ldapsearch -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep sn: | cut -d ‘:’ -f2 | sed ‘s/^ *//g’ | sed ‘s/ *$//g’`
if [ $ACC == “admin” ] || [ $ACC == “wiki” ] || [ $ACC == “galsync” ] || [ $ACC == “ham” ] || [ $ACC == “spam” ]; then
echo “Skipping system account, $NAME…”
else
echo “createAccount $NAME passwordtemp displayName ‘$displayName’ givenName ‘$givenName’ sn ‘$sn’ initials ‘$initials’ zimbraPasswordMustChange FALSE” >> $NAMA_FILE
echo “$dn
changetype: modify
replace: userPassword
userPassword:: $userPassword
” >> $LDIF_FILE
echo “Adding account $NAME”
fi
else
echo “Skipping account $NAME”
fi
done
echo -e $ibold”All account has been exported sucessfully into $NAMA_FILE and $LDIF_FILE…”$ebold
[/code]
Script for import :
[code language=’cpp’]
#!/bin/sh
#Hapus Layar
clear
echo -e ‘###################################################################################’
echo -e ‘# Zimbra import-zcs-acc.sh ver 0.0.1 #’
echo -e ‘# Skrip untuk import data account Zimbra #’
echo -e ‘# Masim ‘Vavai’ Sugianto – vavai@vavai.com – http://www.vavai.com #’
echo -e ‘# Untuk saran dan pertanyaan silakan menggunakan Milis Komunitas Zimbra Indonesia #’
echo -e ‘# Link Komunitas : http://www.zimbra.web.id – http://www.opensuse.or.id #’
echo -e ‘###################################################################################’
# /* Variable untuk bold */
ibold=”�33[1m””n===> ”
ebold=”�33[0m”
if [ “$USER” != “zimbra” ]
then
echo -e $ibold”You need to be user zimbra to run this script…”$ebold
exit
fi
CURRENT_FOLDER=`pwd`;
echo “”
echo -e “Please verify that you have copied zcs-acc-add.zmp & zcs-acc-mod.ldif on current folder !”
echo -e “Current Folder : $CURRENT_FOLDER, Please change to your folder before running this script.”
echo -e “Press ENTER to continue…”
read jawab
if [ -f ./zcs-acc-add.zmp ];
then
if [ -f ./zcs-acc-add.zmp ];
then
echo -e $ibold”Importing account…”$ebold
ZIMBRA_LDAP_PASSWORD=`zmlocalconfig -s zimbra_ldap_password | cut -d ‘ ‘ -f3`
# cat ./zcs-acc-add.zmp | su – zimbra -c zmprov
zmprov < $CURRENT_FOLDER/zcs-acc-add.zmp
echo -e $ibold"Modify password..."$ebold
ldapmodify -f "$CURRENT_FOLDER/zcs-acc-mod.ldif" -x -H ldapi:/// -D cn=config -w $ZIMBRA_LDAP_PASSWORD
# su - zimbra -c '$LDAP_CMD'
echo -e $ibold"Zimbra account has been modified sucessfully ..."$ebold
else
echo "Sorry, file $CURRENT_FOLDER/zcs-acc-mod.ldif does not exists, import process will not be continue..."
exit
fi
else
echo "Sorry, file $CURRENT_FOLDER/zcs-acc-add.zmp does not exists, import process will not be continue..."
exit
fi
[/code]
16 Comments
[…] Masim Sugianto: Script for Export-Import Zimbra Mail Server Account […]
[…] is the script modified from articles Script for Export-Import Zimbra Account + Password. I modify the script to insert some attribute, such as home directory, GID, UID and others […]
merci bien pour ce script,
il marche bien mais j’ai constaté pour quelque compte le mot de passe est incorrect
Did you try to restart the Zimbra services after importing account & password?
Thanks for this script. After migration the password is incorrect. I tried restarting services too but its not helped.
Ok, I found the issue. If you have a single domain only you don’t want to use the ‘user’@domain.com for the login username, just use the ‘user’ and that will work. If you have multiple domains you can use the email id as the login name. Thanks
I have already installed on Centos 8.6 zimbra 7 found a script to import and export accounts and passwords from 6..013 zimbra – debian 5. By far so good, but the problem that I have is that when I try logearme with username and password now if or if I have to enter the user @ domain.
Check with the administrator account and saw that one had two domains: dominio.algo and two: my_computer-dominio.algo
When asked if having two domains or user @ domain.
What I did was eliminiar the domain Two: my_computer-dominio.algo
Now I have one but I keep asking domain user @ domain
All this I did from the web consolta administrator.
Is there any way to prevent user @ domain ask me?
Thank you.-
Cristian.-
j’ai redémarrer zimbra, mais toujours le même pb,
qlq comptes ne sont pas importer (nom utilisateur n’existe pas), qlq mot de passe ne sont pas correct
@Houria,
Which Zimbra version and what is OS currently using for Zimbra?
merci pour votre aide
le 1er serveur son os est redhat entreprise 6 avec zimbra 7.1.4
Release 7.1.4_GA_2555.RHEL5_20120105094627 RHEL5 FOSS edition, Patch 7.1.4_P1.
le 2 eme serveur est
Release 8.0.5.GA.5839.UBUNTU12.64 UBUNTU12_64 FOSS edition.
l’exportation se déroule bien tous les comptes sont exportés j’ai 627 comptes
le pb est dans l’importation j’ai juste 487 sont importé et parmi les comptes importés j’ai vérifié un compte son mot de passe est incorrect
voila le message affiche
ldap_modify: No such object (32) matched DN
bonjour
j’ai trouvé la solution le pb est dans un displayname qui contient un apostrophe , j’ai enlevé l’apostrophe et le transfert déroule bien mais le pb est dans le mot de passe tous les nouveau comptes leurs mot de passe est incorrect
merci bien pour le script il marche très bien, même pour les mots de passe incorrect j’ai réglé le pb
Pak Vavai..saya sudah coba dari export dari zimbra versi 7 ..dan sudah berhasil dalam exportnya… saya coba import di versi 8.. dan prosesnya sudah berhasil.
tetapi ketika saya coba login error user dan password..
servicenya sudah juga saya restart.. kira-kira salah dimana pak Vavai…
Do you have any script to take HOt backup of zimbra Foss 8.6 server?
Hi,
I am trying to use you script. I followed each and every step, but got the following error:-
###################################################################################
# Zimbra export-acc-zcs.sh ver 0.0.2 #
# Skrip untuk export account Zimbra berikut profile dan password #
# Masim ‘Vavai’ Sugianto – vavai@vavai.com – http://www.vavai.com #
# Untuk saran dan pertanyaan silakan menggunakan Milis Komunitas Zimbra Indonesia #
# Link Komunitas : http://www.zimbra.web.id – http://www.opensuse.or.id #
###################################################################################
Enter Domain Name (ex : vavai.com) : iari.res.in
Enter path folder for exported account (ex : /home/vavai/) : /home/account
rm: cannot remove `/home/account/zcs-acc-add.zmp’: Permission denied
rm: cannot remove `/home/account/zcs-acc-mod.ldif’: Permission denied
touch: cannot touch `/home/account/zcs-acc-add.zmp’: Permission denied
touch: cannot touch `/home/account/zcs-acc-mod.ldif’: Permission denied
./export-acc-zcs.sh: line 35: /home/account/zcs-acc-add.zmp: Permission denied
Password:
su: incorrect password
Password:
su: incorrect password
===> Retrieve Zimbra User…………………………
===> Processing account, please wait…………………………
===> All account has been exported sucessfully into /home/account/zcs-acc-add.zmp and /home/account/zcs-acc-mod.ldif…
I am trying to run this script on zcs 7.2 running on RHEL5.
Please check and help me ASAP.
Regards
Hello, very good contribution. It’s just what I need. I have zimbra currently running 6.0.13 on Debian 5 and I have installed CentOS 8.6 zimbra July.
I just need respecitve accounts and passwords.
This script work?
Thank you.-
Hello. At the end probe and the script it seems to be working. But I generated two problems:
One is that the passwords have% $ # “- these symbols seems not accept
Two, when the amount, I could see that generated me and now I have another domain:
1_ domain
2_ my_computer-domain
This meant that every time I try loguearme if or if users have to enter the username @ domain
What I did was delete the domain 2 (my_computer-domain) .. restart todo..lo off the server but the problem keeps coming to me, that is, keeps asking me domain user with user @ domain
I have installed on Centos 8.6 zimbra 7, apply your script to import and export accounts and passwords from 6..013 zimbra – debian 5.
Check with the administrator account and saw that one had two domains: dominio.algo and two: my_computer-domain
When asked if having two domains or user @ domain.
What I did was eliminiar the domain Two: my_computer-dominio.algo
Now I have one but I keep asking domain user @ domain
All this I did from the web consolta administrator.
Is there any way to prevent user @ domain ask me?
Thank you.-
Cristian.-