Results 1 to 6 of 6

Thread: Making GAL's visible cross-domain?

  1. #1
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default Making GAL's visible cross-domain?

    I have two domains which are closely related; is there any current facility to make it possible for users in each domain to see a view of the server GAL which includes not only the users in their own domain, but also the users in the other one?

    Or is this an RFE? :-)
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    If you want to allow everyone on your box to see everyone just:
    zmprov mcf zimbraGalInternalSearchBase ROOT

    (May also do that for zimbraGalSyncInternalSearchBase if you use ZCO/ZD/etc)


    On individual domains (inherited from global), by default zimbraGalInternalSearchBase & zimbraGalSyncInternalSearchBase are set to DOMAIN. Thus if you're using multiple domains and still want to leave the GAL enabled, people can only search within their domain for privacy. Say you had multiple domains but managed by one IT department - you might give them the ability to search ROOT so they could find members easier.

    (If you're using external LDAP/AD auth that's zimbraGalLdapSearchBase & zimbraGalSyncLdapSearchBase.)

    ---

    If you want to allow lookup in domain.com and any sub.domain.com set that attribute to SUBDOMAINS.


    Notice in the below example that for all intensive purposes sub.domain.com can be set to DOMAIN or SUBDOMAINS and there's no difference. That's because SUBDOMAINS isn't intended for the sub to view the parent, just the parent to see the sub. Do read on to understand how that works:

    zmprov cd domain.com
    zmprov cd subdomain.com
    zmprov ca usermain@domain1.com usermain
    zmprov ca usersub@sub.domain.com usersub
    zmprov md domain1.com zimbraGalInternalSearchBase SUBDOMAINS
    zmprov md sub.domain1.com zimbraGalInternalSearchBase SUBDOMAINS
    (or mcf to do it globally)

    Login to usermain
    Type 'u' in a new mail (assuming you have auto complete from GAL enabled) and you'll get back:
    usermain@domain.com
    usersub@sub.domain.com

    Login to usersub
    Type 'u' and you'll get back just:
    usersub@sub.domain.com

    Get it?

    And you'll continue to get nothing but usersub@sub.domain.com unless you make an alpha.sub.domain.com & useralphasub@alpha.sub.domain.com

    At which point logging in as usersub and typing 'u' will return:
    usersub@sub.domain.com
    useralphasub@alpha.sub.domain.com

    Usermain would then return 3 values:
    usermain@domain.com
    usersub@sub.domain.com
    useralphasub@alpha.sub.domain.com

    (When testing refresh your browser every time you set zimbraGalInternalSearchBase.)

    ---

    So what can be done if you can't use ROOT for all, but just want domainA.com & domainB.com to see each other?


    You could use both internal & 'external' GAL lookups against yourself so that A<>B and B<>A (use the GAL wizard):

    DomainA:
    GAL: both
    Server type: LDAP
    LDAP url: ldap://serverwithldapservice.domain.com:389
    LDAP filter: (uid=%u) parenthesis included
    Autocomplete filter: It should autofill with externalLdapAutoComplete, but doesn't always do so the first round of setting up; though it will show up after you apply. (but you could add it now if wanted/if it requires you to in an error at the end)
    LDAP search base: dc=domainB,dc=com ("" might coax search across all domains)
    Bind DN: shouldn't need to bother - but you could always do something like cn=admin,dc=domain,dc=com

    DomainB:
    GAL: both
    Server type: LDAP
    LDAP url: ldap://serverwithldapservice.domain.com:389 ssl 636 if desired
    LDAP filter: (uid=%n) parenthesis included
    Autocomplete filter: ignore unless you can't click finish/test gives error/error in mailbox.log then enter externalLdapAutoComplete
    LDAP search base: dc=domainA,dc=com
    Bind DN: ignore

    LDAP Filter notes:
    (uid=%u) - The user has a uid attribute value in the external directory equal to the user portion of the Zimbra user account.
    (uid=%n) - Entire Zimbra user account is used to identify user in the external directory.
    or even (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*)(zimbraM ailDeliveryAddress=*%s*) (zimbraMailAlias=*%s*)(zimbraMailAddress=*%s*))(|( objectclass=zimbraAccount)(objectclass=zimbraDistr ibutionList)))


    And yes to save Matt & myself some time later there's a few RFE's you can vote for:
    Bug 7426 -option to search gal across domains
    Bug 21750 -search for resources across domains
    Bug 13801 - Add support for multiple GALs per domain

    In 5.0.3-: Bug 21873 - GAL autocomplete should handle multiple tokens

  3. #3
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Ok, I'll have to look at the big ugly manual method, I guess, because my personal domain is on the server too, and I don't want users in either domain to see it, and neither domain is, purposefully, a subset of the other.

    I'll pick one of those bugs and pile-on.

    And hey; I've only had 3 bugs out of 25 closed as dupes... (and one of those wasn't really...) I'm not doing that bad. :-)
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Yup so internal & 'external' GAL lookups against yourself so that A<>B and B<>A
    OR
    If there's no one but you/few others in your personal domain might just set zimbraHideInGal TRUE on your account(s).

    It sounds like Bug 7426 - option to search gal across domains is the one to vote for.

    (And just joshing with ya, that's a good record, shows you know to search first & thinking of cool ways to enhance Zimbra - everyone here lives on bugzilla.)
    Last edited by mmorse; 09-23-2008 at 01:43 PM.

  5. #5
    Join Date
    Mar 2006
    Posts
    26
    Rep Power
    9

    Default GAL Multiple Domain - Outlook Problem

    Zimbra Version: 5.0.11

    i configured GAL in outlook 2007, when i do a search with outlook show me all users for all domains but in this search show "people" atribute too like a user, i think this row is matching for their domain, in my installation i have 6 domains and in the search result show me 6 rows with Name=people... and the other fields are empty.

    how can i fix this...or how can i hide the domians to exclude from de GAL?

    Thanks

  6. #6
    Join Date
    Jun 2011
    Posts
    4
    Rep Power
    4

    Default External GAL Lookup issue in Desktop Client

    I have tried the settings suggested in this post but unfortunately external gallookup is still not happening with ZDC. Evrything works finr with Web Client though.
    We have configured different zimbra roles on different machine.
    What I could be missing ?

    we are on Zimbra 5.0.14
    Last edited by pdn2k5; 06-25-2011 at 01:29 PM. Reason: Need to set the track

Similar Threads

  1. Replies: 7
    Last Post: 04-27-2009, 02:49 AM
  2. Virtual Host - exclude cross domain login
    By opichon in forum Administrators
    Replies: 0
    Last Post: 08-29-2008, 09:22 AM
  3. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  4. [SOLVED] Remove main domain!
    By zibra in forum Administrators
    Replies: 11
    Last Post: 09-27-2007, 08:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •