Current thoughts - I'm shifting away from the id10t error and getting more into student vs faculty/staff GAL abilities to look one another up to keep personal info safe etc:
Idea 1) In the COS of whomever you want to restrict, prevent 'auto-complete from gal' You can still leave 'GAL access' on if they want to find other in say the main search bar etc.
Or if this user finds that they are so worried about doing it again:
This can be done per individual settings page plus they can also turn off auto-complete from their options/prefs tab.
Idea 2) Separate GAL's:
There's a setting called the GalInternalSearchBase, which is set to DOMAIN by default so that hosting providers can access multiple domains.
You'd have like 3-4 domains:
@employee.uarts.edu (or split into @faculty.uarts.edu & @staff.uarts.edu)
You would however still set up aliasing and canonical addressing (displays in the 'From:" field of messages that are sent)
-So that they could receive mail to firstname.lastname@example.org or email@example.com of course.
You can have some interesting setup's domain wide as well: ManagingDomains - ZimbraWiki
And at this point, if you wanted everyone see each other you would set the search base to ROOT:
(SUBDOMAIN is comming in v5)
zmprov mcf zimbraGalInternalSearchBase ROOT
-Mix and match to your desired privacy