ZCS Administrator's Guide, Open Source Edition, 6.0.8
Table of Contents Previous Next Index


Managing ZCS Configuration : Managing Domains

Managing Domains
One domain is identified during the installation process and additional domains can be easily added to the Zimbra system from the administration console.
For domains, you configure the following. These settings can be set from the admin console:
A domain can be renamed and all account, distribution list, alias and resource addresses are changed to the new domain name. The CLI utility is used to changing the domain name. See Renaming a Domain.
General Information
In this tab you configure the following:
The default time zone for the domain. If a time zone is configured in a COS or for an account, the domain time zone setting is ignored.
Inbound SMTP host name. If your MX records point to a spam-relay or any other external non-zimbra server, enter the name of the server here.
Default Class of Service (COS) for the domain. This COS is automatically assigned to accounts created on the domain if another COS is not set.
Domain status. The domain status is active in the normal state. Users can log in and mail is delivered. Changing the status can affect the status for accounts on the domain also. The domain status is displayed on the Domain General tab. Domain status can be set as follows :
Active. Active is the normal status for domains. Accounts can be created and mail can be delivered. Note: If an account has a different status setting than the domain setting, the account status overrides the domain status.
Closed. When a domain status is marked as closed, Login for accounts on the domain is disabled and messages are bounced. The closed status overrides an individual account’s status setting.
Locked. When a domain status is marked as locked, users cannot log in to check their email, but email is still delivered to the accounts. If an account’s status setting is marked as maintenance or closed, the account’s status overrides the domain status setting.
Maintenance. When the domain status is marked as maintenance, users cannot log in and their email is queued at the MTA. If an account’ status setting is marked as closed, the account’s status overrides the domain status setting.
Suspended. When the domain status is marked as suspended, users cannot log in, their email is queued at the MTA, and accounts and distribution lists cannot be created, deleted, or modified. If an account’s status setting is marked as closed, the account’s status overrides the domain status setting.
Setting up a Public Service Host Name
You can configure each domain with the public service host name to be used for REST URLs. This is the URL that is used when sharing Documents Notebooks, email folders and Briefcase folders, as well as sharing task lists, address books, and calendars.
When users share a ZCS folder, the default is to create the URL with the Zimbra server hostname and the Zimbra service host name. This is displayed as http://server.domain.com/service/home/username/sharedfolder. The attributes are generated as follows:
When you configure a public service host name, this name is used instead of the server/service name, as http://publicservicename.domain.com/home/username/sharedfolder. The attributes to be used are:
You can use another FQDN as long as the name has a proper DNS entry to point at ‘server’ both internally and externally.
Global Address List (GAL) Mode
The Global Address List (GAL) is your company-wide listing of users that is available to all users of the email system. See Zimbra Directory Service.
GAL is configured on a per-domain basis. The GAL mode setting for each domain determines where the GAL lookup is performed.
Select one of the following GAL configurations:
Internal. The Zimbra LDAP server is used for directory lookups.
External. External directory servers are used for GAL lookups. You can configure multiple external LDAP hosts for GAL. All other directory services use the Zimbra LDAP service (configuration, mail routing, etc.). When you configure the external GAL mode, you can configure GAL search and GAL sync separately.
Both. Internal and external directory servers are used for GAL lookups.
GAL sync accounts
When you configure and internal or external GAL, you create a GAL sync account with an address book where the LDAP contact data can be syncd. Syncing the LDAP to this account gives users faster access to the GAL data and makes it easier for them to search the GAL.
If Both is selected, a GAL sync account with an address book is created for each LDAP data source. These accounts display in the administration console’s Accounts list.
You enter the GAL datasource for each account. When a datasource is configured on an account, the GAL configuration on the domain is overridden.
The internal GAL polling interval for the GAL sync determines how often the GALsync account syncs with the LDAP server. The sync intervals can be in x days, hours, minutes, or seconds.
When the GAL sync account syncs to the LDAP, all GAL contacts from the LDAP are added to the GAL address book. During the sync, the GAL sync account is updated with new contact, modified contact and deleted contact information. You should not modify the GAL sync account address book directly. When the LDAP syncs the GAL to the account, changes you make to the address book are deleted.
If the GALsync account is not available for some reason, the traditional LDAP based search is run.
See Appendix A Command-Line Utilities, the CLI zmgsautil for information about the GALsync CLI command.
Configuring GAL Search for External GALs
When you configure an external GAL, you can configure different search settings and sync settings. You may want to configure different search settings if your LDAP environment is set up to optimize LDAP searching by setting up an LDAP cache server, but users also will need to be able to sync to the GAL.
Authentication Modes
Authentication is the process of identifying a user or a server to the directory server and granting access to legitimate users based on user name and password information provided when users log in. Zimbra Collaboration Suite offers the following three authentication mechanisms:
Internal. The Internal authentication uses the Zimbra directory server for authentication on the domain. When you select Internal, no other configuration is required.
External LDAP. The user name and password is the authentication information supplied in the bind operation to the directory server. You must configure the LDAP URL, LDAP filter, and to use DN password to bind to the external server.
External Active Directory. The user name and password is the authentication information supplied to the Active Directory server. You identify the Active Directory domain name and URL.
On the administration console, you use an authentication wizard to configure the authentication settings on your domain.
Virtual Hosts
Virtual hosting allows you to host more than one domain name on a server. The general domain configuration does not change. When you create a virtual host, this becomes the default domain for a user login. Zimbra Web Client users can log in without having to specify the domain name as part of their user name.
Virtual hosts are entered on the Domains>Virtual Hosts tab on the administrator’s console. The virtual host requires a valid DNS configuration with an A record. Not required for Virtual Hosts.
To open the Zimbra Web Client log in page, users enter the virtual host name as the URL address. For example, https://mail.company.com.
When the Zimbra login screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
Documents
Zimbra Documents is a document sharing and collaboration application. Users can create, organize, and share web documents. Images, spreadsheets, and other rich web content objects can be embedded into Documents via the AJAX Linking and Embedding (ALE) specification.
The Documents application consists of a global Documents account that includes the Document templates and the global notebook, one optional Documents account per domain, and individual accounts’ Documents notebooks. The global Documents account is automatically created when ZCS is installed. The domain Documents account is not automatically created.
One Documents account can be created per domain. You can easily add the account from the administration console when you create a domain. When you create the account, you configure who can access this Documents account and what access rights these users can have.
The following users can be selected to access the Documents account:
Except for Public, which is view-only, you can select the access privileges these users can have: view, edit, remove, and add pages to the Documents notebook. You can view and change these access permissions from the administration console.
Free/Busy Interoperability
The Zimbra Free/Busy Module to connect with Microsoft Exchange pulls the free/busy schedule of users on Exchange and also pushes the free/busy schedule of ZCS users to the Exchange server. You complete the Interop tab for the domain to enable this feature for the domain. For more information see Zimbra Free/Busy Interoperability.
You configure the following on the domain Interop tab:
Exchange user name and password. This is the name of the account and password that has access to the public folders.
Note: Domain settings overwrite Global settings.
Zimlets on the Domain
Zimbra Collaboration Suite includes pre configured Zimlets, see Working with Zimlets. These Zimlets are enabled in the default COS. Additional Zimlets can be added and enabled by COS or by account. All Zimlets that are deployed are displayed in the Domain>Zimlets tab. If you do not want all the deployed Zimlets made available for users on the domain, select from the list the Zimlets that are available for the domain. This overrides the Zimlet settings in the COS or for an account.
 
 
Renaming a Domain
When you rename a domain you are actually creating a new domain, moving all accounts to the new domain and deleting the old domain. All account, alias, distribution list, and resource addresses are changed to the new domain name. The LDAP is updated to reflect the changes.
How to Rename a Domain
Before you rename a domain
After the domain has been renamed
Update external references that you have set up for the old domain name to the new domain name. This may include automatically generated emails that were sent to the administrator’s mailbox such as backup session notifications
You rename the domain using the CLI utility zmprov. To rename a domain, type
zmprov -l rd [olddomain.com] [newdomain.com]
Domain Rename Process
When you run this zmprov command, the domain renaming process goes through the following steps:
1.
The status of the old domain is changed to an internal status of shutdown, and mail status of the domain is changed to suspended. Users cannot login, their email is bounced by the MTA, and accounts, calendar resources and distribution lists cannot be created, deleted or modified.
2.
3.
4.
5.
6.

Managing ZCS Configuration : Managing Domains

Table of Contents Previous Next Index
ZCS Administrator's Guide, Open Source Edition, 6.0.8
Copyright © 2010 Zimbra Inc.