Main Nav

Message from william.eubank@uah.edu

For us we had to offer an opt-in period, not an all or nothing.  So again we wrote a web based tool so user's could login with their LDAP and click a button to "Switch" from our old unix system to Google.

The switch behind the scenes set their Google password and put a forward in their account on the old server(ssh in and set .forward file) to point to an alias domain that routed to their Google account.  It did increase the "hop" count of email delivery slightly but still well within the typical 25 limit.

When they logged into the web tool with their LDAP, we took the opportunity to capture their current LDAP password as plain text, from the password input box on the page, and stored it temporarily in their web session on the server.  The session expired over time or upon logout as you would expect, so we never had more than a few at a time.

-W



Comments

On Mar 14, 2013 at 16:48 -0400, Ricardo Stella wrote: =>We use an external LDAP that allows authentication to other things as =>well. So reset of those passwords is not an option. We thought about =>pointing to a different ldap (cloned of the existing one) with passwords =>reset, however we can expect the transfer to take quite a long time, and =>hence email will not be available at all during that time (days?) We =>have 12,000 accounts. => =>But, the option of two passwords in the password field is something we =>might test - not sure what else it would break, but an option I guess. Not sure about the Google side, but Zimbra's IMAP server does support IMAP's PROXYAUTH. i.e. you have a super user that you auth with and it can proxy to the user your are migrating. This is in the imapsync perl script by Gilles LAMIRAL. (Not sure of the current home page for it, but a search engine should get you there. Used to be free, but I think a few years ago, newer version cost a small amount - like $200 for code and support.) So you with imapsync you can suck the mail out of Zimbra withOUT knowing the user's password. What I don't know is if Google supports proxy auth for pushing it in. -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ *********************************************************************** ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

We are planning a migration from Zimbra to Google Apps.  Anyone done this and transferred emails?  We are trying to figure out what tool to use.  Google's Migration Tool is useless for us unless we reset the zimbra user's passwords to a default one or 'know' their passwords.

Thank you in advance.

Ricardo

PS:  Also, if you've migrated calendar from Oracle Calendar, please let me know.  That's next for us.



--
°((( = (( ===°°° ((( ================================================

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from william.eubank@uah.edu

We have not done Zimbra, but did do plain old unix pop/imap to Google Apps.  At the time Google Apps offered a migration tool within cpanel, but that is no more.  It required the password for the user on the unix side.

Since then, we developed our own data migration tool.  We based, you login to the tool, then fill out the credentials for both of your accounts, the source and destination, and check any/all choices for email, docs, calendar, contacts.  Behind the scenes a java thread runs connecting to both accounts via standard IMAP for email, and Google API for the others, and copies the data.  We used the email message id to prevent duplicates.  We use this now for folks who migrate to alumni accounts or students that leave and want to copy their University data to a private gmail account.





When we migrated, we had users on Oracle calendar as well as Luminis calendar.  We made a web based tool to allow them to migrate their data with the export file from either system.  I think Oracle calendar offered an iCal export option.

-William



Thanks William,

Is this code something you guys are willing to share?  As we move forward, we are looking at possibly offering options to migrate out alumni to their own google apps setup, and this would help tremendously.

Thanks in advance.

Ricardo.

--
°((( = (( ===°°° ((( ================================================

On 3/14/2013 3:18 PM, William Eubank wrote:
We have not done Zimbra, but did do plain old unix pop/imap to Google Apps.  At the time Google Apps offered a migration tool within cpanel, but that is no more.  It required the password for the user on the unix side.

Since then, we developed our own data migration tool.  We based, you login to the tool, then fill out the credentials for both of your accounts, the source and destination, and check any/all choices for email, docs, calendar, contacts.  Behind the scenes a java thread runs connecting to both accounts via standard IMAP for email, and Google API for the others, and copies the data.  We used the email message id to prevent duplicates.  We use this now for folks who migrate to alumni accounts or students that leave and want to copy their University data to a private gmail account.





When we migrated, we had users on Oracle calendar as well as Luminis calendar.  We made a web based tool to allow them to migrate their data with the export file from either system.  I think Oracle calendar offered an iCal export option.

-William



Message from usdgk@vt.edu

I second that request. William, I’m sure there are other schools that would love to have that code if you are able to share it. Thanks for your consideration.

 

VTVTVTVTVTVTVTVTVTVTVTVTVTVT

--Greg Kroll, PMP

   Assoc Dir for IT Project Management & Planning

   Virginia Tech

   1700 Pratt Drive (0214)

   Blacksburg, VA. 24061

   office: 540.231.9654

   fax: 540.231.7413

 

From: The EDUCAUSE Google Apps Constituent Group Listserv [mailto:GOOGLEAPPS@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ricardo Stella
Sent: Thursday, March 14, 2013 3:31 PM
To: GOOGLEAPPS@LISTSERV.EDUCAUSE.EDU
Subject: Re: [GOOGLEAPPS] Zimbra anyone?

 

Thanks William,

Is this code something you guys are willing to share?  As we move forward, we are looking at possibly offering options to migrate out alumni to their own google apps setup, and this would help tremendously.

Thanks in advance.

Ricardo.

--

°((( = (( ===°°° ((( ================================================

 

On 3/14/2013 3:18 PM, William Eubank wrote:

We have not done Zimbra, but did do plain old unix pop/imap to Google Apps.  At the time Google Apps offered a migration tool within cpanel, but that is no more.  It required the password for the user on the unix side.

 

Since then, we developed our own data migration tool.  We based, you login to the tool, then fill out the credentials for both of your accounts, the source and destination, and check any/all choices for email, docs, calendar, contacts.  Behind the scenes a java thread runs connecting to both accounts via standard IMAP for email, and Google API for the others, and copies the data.  We used the email message id to prevent duplicates.  We use this now for folks who migrate to alumni accounts or students that leave and want to copy their University data to a private gmail account.

 

 

 

 

When we migrated, we had users on Oracle calendar as well as Luminis calendar.  We made a web based tool to allow them to migrate their data with the export file from either system.  I think Oracle calendar offered an iCal export option.

 

-William

 

 

Message from william.eubank@uah.edu

Yes, sharing is approved by management here, after sanitizing.  :-)

Attached are the two servlet thread classes, one for calendar import, luminis and Oracle types, and one class for the newer Google to Google account migration.  Please be forgiving in your code review, the GoogleMigrationThread.java code was written much later after we learned a bit more about Google API's.  :-)

The user interface is integrated into our webtool along with other features so I can't easily carve it out for standalone use.  The web interface is written using Google Web Toolkit, which is free.

Regards,
William



We did Zimbra to Google.

We reset their passwords.  Everyone had to reset or resync on Go Live day.  

Also, when we migrated in July, the GAMME tool had just begun officially supporting Zimbra.  We were working with Appirio as our vendor.  Ours was the first migration they did with the updated tool.  We had a number of users (somewhere around 50) that had errors that GAMME didn't report and they didn't fully migrate.  We had to make the vendor dig through all the logs.  I don't remember what all of them were but 1 was caused by folder sharing, another was a "folder does not exist" error and a third was malformed headers.

I don't know if you are doing it yourself or with a vendor but it'd be wise to test migrate some complex accounts and check them well.

Good Luck!

folder sharing


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

Tel: 845-437-7743
jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational


I haven't done Zimbra specifically, but it looks like Zimbra can use both its internal LDAP and an external LDAP source together. Perhaps the migration script could temporarily set a password it knows in whichever you don't normally use? If OpenLDAP is your normal LDAP store, it can also can handle multiple password attribute values on a user object (at the cost of more things being able to use that password for the user). I've used both techniques to connect using IMAP for email migrations in the past.



I would like to have it as well.  Thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: "Greg Kroll" <usdgk@VT.EDU>
To: GOOGLEAPPS@LISTSERV.EDUCAUSE.EDU
Sent: Thursday, March 14, 2013 3:39:59 PM
Subject: Re: [GOOGLEAPPS] Zimbra anyone?

I second that request. William, I’m sure there are other schools that would love to have that code if you are able to share it. Thanks for your consideration.

 

VTVTVTVTVTVTVTVTVTVTVTVTVTVT

--Greg Kroll, PMP

   Assoc Dir for IT Project Management & Planning

   Virginia Tech

   1700 Pratt Drive (0214)

   Blacksburg, VA. 24061

   office: 540.231.9654

   fax: 540.231.7413

 

From: The EDUCAUSE Google Apps Constituent Group Listserv [mailto:GOOGLEAPPS@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ricardo Stella
Sent: Thursday, March 14, 2013 3:31 PM
To: GOOGLEAPPS@LISTSERV.EDUCAUSE.EDU
Subject: Re: [GOOGLEAPPS] Zimbra anyone?

 

Thanks William,

Is this code something you guys are willing to share?  As we move forward, we are looking at possibly offering options to migrate out alumni to their own google apps setup, and this would help tremendously.

Thanks in advance.

Ricardo.

--

°((( = (( ===°°° ((( ================================================

 

On 3/14/2013 3:18 PM, William Eubank wrote:

We have not done Zimbra, but did do plain old unix pop/imap to Google Apps.  At the time Google Apps offered a migration tool within cpanel, but that is no more.  It required the password for the user on the unix side.

 

Since then, we developed our own data migration tool.  We based, you login to the tool, then fill out the credentials for both of your accounts, the source and destination, and check any/all choices for email, docs, calendar, contacts.  Behind the scenes a java thread runs connecting to both accounts via standard IMAP for email, and Google API for the others, and copies the data.  We used the email message id to prevent duplicates.  We use this now for folks who migrate to alumni accounts or students that leave and want to copy their University data to a private gmail account.

 

 

 

 

When we migrated, we had users on Oracle calendar as well as Luminis calendar.  We made a web based tool to allow them to migrate their data with the export file from either system.  I think Oracle calendar offered an iCal export option.

 

-William

 

 


Thanks Jeremy,

We use an external LDAP that allows authentication to other things as well.  So reset of those passwords is not an option.   We thought about pointing to a different ldap (cloned of the existing one) with passwords reset, however we can expect the transfer to take quite a long time, and hence email will not be available at all during that time (days?)  We have 12,000 accounts.

But, the option of two passwords in the password field is something we might test - not sure what else it would break, but an option I guess.

Ricardo.


--
°((( = (( ===°°° ((( ================================================

On 3/14/2013 4:00 PM, Jeremy Mooney wrote:
I haven't done Zimbra specifically, but it looks like Zimbra can use both its internal LDAP and an external LDAP source together. Perhaps the migration script could temporarily set a password it knows in whichever you don't normally use? If OpenLDAP is your normal LDAP store, it can also can handle multiple password attribute values on a user object (at the cost of more things being able to use that password for the user). I've used both techniques to connect using IMAP for email migrations in the past.


Message from william.eubank@uah.edu

For us we had to offer an opt-in period, not an all or nothing.  So again we wrote a web based tool so user's could login with their LDAP and click a button to "Switch" from our old unix system to Google.

The switch behind the scenes set their Google password and put a forward in their account on the old server(ssh in and set .forward file) to point to an alias domain that routed to their Google account.  It did increase the "hop" count of email delivery slightly but still well within the typical 25 limit.

When they logged into the web tool with their LDAP, we took the opportunity to capture their current LDAP password as plain text, from the password input box on the page, and stored it temporarily in their web session on the server.  The session expired over time or upon logout as you would expect, so we never had more than a few at a time.

-W



On Mar 14, 2013 at 16:48 -0400, Ricardo Stella wrote: =>We use an external LDAP that allows authentication to other things as =>well. So reset of those passwords is not an option. We thought about =>pointing to a different ldap (cloned of the existing one) with passwords =>reset, however we can expect the transfer to take quite a long time, and =>hence email will not be available at all during that time (days?) We =>have 12,000 accounts. => =>But, the option of two passwords in the password field is something we =>might test - not sure what else it would break, but an option I guess. Not sure about the Google side, but Zimbra's IMAP server does support IMAP's PROXYAUTH. i.e. you have a super user that you auth with and it can proxy to the user your are migrating. This is in the imapsync perl script by Gilles LAMIRAL. (Not sure of the current home page for it, but a search engine should get you there. Used to be free, but I think a few years ago, newer version cost a small amount - like $200 for code and support.) So you with imapsync you can suck the mail out of Zimbra withOUT knowing the user's password. What I don't know is if Google supports proxy auth for pushing it in. -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ *********************************************************************** ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.