Results 1 to 3 of 3

Thread: External GAL Sync help

  1. #1
    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    2

    Default External GAL Sync help

    Hi,

    ZCS 8.04 Trial Appliance.
    I've downloaded the appliance and I'm trialling ZCS in our organization. We currently have Exchange 2003.
    I've installed Zimbra. Configured a domain, "whatever.com.au"
    Authentication to our AD, (different domain name), is working.

    I'm trying to setup an external GAL. I've looked at;
    GAL Sync Account - Zimbra :: Wiki
    http://www.zimbra.com/forums/install...directory.html

    Plus other wiki/forum posts. I'm trying to configure the GAL through both the Admin GUI and the CLI.
    The GALsync account in setup.

    Even with the GAL for the domain configured as "External" through the GUI, output from "zmprov gds galsync@whatever.com.au" still shows only the InternalGAL data source.

    Currently, I'm really at a loss. When I run through the Configure GAL GUI, all the search and sync tests come back successful.

    Through webmail, I can see AD groups. If I do a search, it will find the user.
    Outlook with the ZCS Connector only shows the internal users.
    Through Zimbra Desktop, I'm getting "OFFLINE - Gal not ready"

    I've also tried deleting the datastore and the sync account and starting again, but something just seems stuck. I've rebooted the server as a last resort and still no joy.

    Any help is appreciated.

    Thanks.

  2. #2
    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    2

    Default

    OK, I went through this document again;

    GAL Sync Account - Zimbra :: Wiki

    and redid the steps. For some reason it is now working. I'm not sure what it is with the GUI, but I am unable to add/modify an External GAL using the GUI. I can only do it with the "zmprov mds" command.

    I checked the zmprov gds command and it now correctly shows the ExternalGAL I created.

    I'm now trying to narrow down the LDAP filter. Currently it is;

    zimbraGalSyncLdapFilter: (&(objectClass=user)(|sAMAccountName=%s*)(givenNam e=%s*)(mail=%s*)))
    zimbraGalSyncLdapSearchBase: DC=internal,DC=lan


    When I look in the GAL now, I can see all of our Exchange users, Groups, DL's etc, but I'm also seeing objects that don't have an email address attached to their AD object.
    The search base is at the top level of our domain. I've got objects I'd like to grab under two separate OU's at the top level. Can I create two search bases, or do I just look for an LDAP filter that can weed out what I don't want. And what is that filter!!

    Thanks.

  3. #3
    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    2

    Default

    OK, I will reply to my own thread and solve my own thread.

    Lots of trial and error. Reading through the wiki a hundred times, creating another test domain and setting up GAL again for myself to see how it works.
    I think because I used both a mix of the GUI and the command line to setup the GAL, it caused confusion. When I compared a good domain to my non-working domain, I could see the differences.
    Eg, using the zmprov gds command, showed that with the good domain, that was configured only using the GUI, there were no hard coded values for things like the LDAPFilter, LDAPSearchBase etc.
    These values were I'm guessing hard coded into my non-working domain, when I was issuing commands on the CLI.

    I used zmprov mds galsync@internal.lan ActiveDirectoryGAL -zimbraGalSyncLdapSearchBase dc=internal,dc=lan to remove the hard-coded value, and did the same for the other attributes I needed to remove, to make it look like the good domain.

    Once that was done, performed a force-sync, and was good to go.

Similar Threads

  1. External GAL, gal sync account and autocomplete
    By yasanthau in forum Administrators
    Replies: 0
    Last Post: 03-14-2013, 11:51 PM
  2. Replies: 1
    Last Post: 06-11-2012, 03:00 AM
  3. GAL sync with multiple external sources
    By sangamc in forum Administrators
    Replies: 1
    Last Post: 10-24-2010, 09:47 AM
  4. Replies: 1
    Last Post: 03-26-2010, 12:31 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •