ZCS Administrator's Guide 8.0.4
ZCS Administrator's Guide 8.0.4
Open Source Edition


Managing Configuration > Working With Domains

Working With Domains
One domain is identified during the installation process. You can add domains after installation. From the administration console you can manage the following domain features.
*
*
*
*
*
*
*
A domain can be renamed and all account, distribution list, alias and resource addresses are changed to the new domain name.
Note:
Domain General Information Settings
The Domain>General Information page includes the following options:
*
*
*
*
*
Active. Active is the normal status for domains. Accounts can be created and mail can be delivered. Note: If an account has a different status setting than the domain setting, the account status overrides the domain status.
Closed. When a domain status is marked as closed, Login for accounts on the domain is disabled and messages are bounced. The closed status overrides an individual account’s status setting.
Locked. When a domain status is marked as locked, users cannot log in to check their email, but email is still delivered to the accounts. If an account’s status setting is marked as maintenance or closed, the account’s status overrides the domain status setting.
Maintenance. When the domain status is marked as maintenance, users cannot log in and their email is queued at the MTA. If an account’ status setting is marked as closed, the account’s status overrides the domain status setting.
Suspended. When the domain status is marked as suspended, users cannot log in, their email is queued at the MTA, and accounts and distribution lists cannot be created, deleted, or modified. If an account’s status setting is marked as closed, the account’s status overrides the domain status setting.
Setting up a Public Service Host Name
You can configure each domain with the public service host name to be used for REST URLs. This is the URL that is used when sharing email folders and Briefcase folders, as well as sharing task lists, address books, and calendars.
When users share a ZCS folder, the default is to create the URL with the Zimbra server hostname and the Zimbra service host name. This is displayed as http://server.domain.com/service/home/username/sharedfolder. The attributes are generated as follows:
*
*
*
When you configure a public service host name, this name is used instead of the server/service name, as http://publicservicename.domain.com/home/username/sharedfolder. The attributes to be used are:
*
*
*
You can use another FQDN as long as the name has a proper DNS entry to point at ‘server’ both internally and externally.
Global Address List (GAL) Mode
The Global Address List (GAL) is your company-wide listing of users that is available to all users of the email system. GAL is configured on a per-domain basis. The GAL mode setting for each domain determines where the GAL lookup is performed.
The GAL Configuration Wizard in the administration console is used to configure the GAL attributes. The three GAL modes that can be configured include the following:
*
Internal. The Zimbra LDAP server is used for directory lookups.
*
External. External directory servers are used for GAL lookups. You can configure multiple external LDAP hosts for GAL. All other directory services use the Zimbra LDAP service (configuration, mail routing, etc.). When you configure an external GAL, you can configure different search settings and sync settings.You might want to configure different search settings if your LDAP environment is set up to optimize LDAP searching by setting up an LDAP cache server, but users also will need to be able to sync to the GAL.
*
Both. Internal and external directory servers are used for GAL lookups.
Using GAL sync accounts for faster access to GAL
A GAL sync account is created for the domain when an internal or external GAL is created, and if you have more than one mailbox server, you can create a GAL sync account for each mailbox server in the domain. Using the GAL sync account gives users faster access to auto complete names from the GAL.
When a GAL sync account is created on a server, GAL requests are directed to the server’s GAL sync account instead of the domain’s GAL sync account. The GalSyncResponse includes a token which encodes the GAL sync account ID and current change number. The client stores this and then uses it in the next GalSyncRequest. Users perform GAL sync with the GAL sync account they initially sync with. If a GALsync account is not available for some reason, the traditional LDAP-based search is run.
Note:
When you configure the GAL sync account, you define the GAL datasource and the contact data is syncd from the datasource to the GAL sync accounts’ address books. If the mode Both is selected, an address book is created in the account for each LDAP data source.
The GAL polling interval for the GAL sync determines how often the GALsync account syncs with the LDAP server. The sync intervals can be in x days, hours, minutes, or seconds. The polling interval is set for each data source.
When the GAL sync account syncs to the LDAP directory, all GAL contacts from the LDAP are added to the address book for that GAL. During the sync, the address book is updated with new contact, modified contact and deleted contact information. You should not modify the address book directly. When the LDAP syncs the GAL to the address book, changes you made directly to the address book are deleted.
You create GALsync accounts from the administration console. The CLI associated with this feature is zmgsautil.
Creating Additional GALsync Accounts
When ZCS is configured with more than one server, you can add an additional GAL sync account for each server.
1.
2.
3.
4.
Click Add a GAL account.
5.
6.
7.
Enter the GAL datasource name, If the GAL mode is BOTH, enter the data source name for both the internal GAL and the external GAL.
8.
Set the GAL polling interval to how often the GAL sync account should sync with the LDAP server to update.
9.
Click Finish.
Changing GAL sync account name.
The default name for the GAL sync account is galsync. When you configure the GAL mode, you can specify another name. After the GAL sync account is created, you cannot rename the account because syncing the data fails.
To change the account name delete the existing GAL sync account and configure a new GAL for the domain.
1.
2.
3.
In the gear box, select Configure GAL to open the configuration wizard and change the GAL mode to internal. Do not configure any other fields. Click Finish.
4.
5.
Authentication Modes
Authentication is the process of identifying a user or a server to the directory server and granting access to legitimate users based on user name and password information provided when users log in. offers the following three authentication mechanisms:
*
Internal. The Internal authentication uses the Zimbra directory server for authentication on the domain. When you select Internal, no other configuration is required.
*
External LDAP. The user name and password is the authentication information supplied in the bind operation to the directory server. You must configure the LDAP URL, LDAP filter, and to use DN password to bind to the external server.
*
External Active Directory. The user name and password is the authentication information supplied to the Active Directory server. You identify the Active Directory domain name and URL.
The authentication method type is set on a per-domain basis. On the administration console, you use an authentication wizard to configure the authentication settings on your domain.
To configure authentication modes, go to the administration console Configure>Domains, and in the gear box select, Configure Authentication.
Virtual Hosts
Virtual hosting allows you to host more than one domain name on a server. The general domain configuration does not change. When you create a virtual host, this becomes the default domain for a user login. Zimbra Web Client users can log in without having to specify the domain name as part of their user name.
Virtual hosts are entered on the administration console for a domain on the Domains>Virtual Hosts page. The virtual host requires a valid DNS configuration with an A record. Not required for Virtual Hosts.
To open the Zimbra Web Client log in page, users enter the virtual host name as the URL address. For example, https://mail.company.com.
When the Zimbra login screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
Renaming a Domain
When you rename a domain you are actually creating a new domain, moving all accounts to the new domain and deleting the old domain. All account, alias, distribution list, and resource addresses are changed to the new domain name. The LDAP is updated to reflect the changes.
Before you rename a domain
*
*
After the domain has been renamed
*
*
Rename the domain
zmprov -l rd [olddomain.com] [newdomain.com]
Domain Rename Process
When you run this zmprov command, the domain renaming process goes through the following steps:
1.
The status of the old domain is changed to an internal status of shutdown, and mail status of the domain is changed to suspended. Users cannot login, their email is bounced by the MTA, and accounts, calendar resources and distribution lists cannot be created, deleted or modified.
2.
3.
4.
5.
6.
Adding a Domain Alias
A domain alias allows different domain names to direct to a single domain address. For example, your domain is domain.com, but you want users to have an address of example.com, you can create example.com as the alias for the domain.com address. Sending mail to user@example.com is the same as sending mail to user@domain.com.
Note:
To add a domain alias, go to the administration console Configure>Domains, and in the gear box select, Add a Domain Alias.
Zimlets on the Domain
All Zimlets that are deployed are displayed in the domain’s Zimlets page. If you do not want all the deployed Zimlets made available for users on the domain, select from the list the Zimlets that are available for the domain. This overrides the Zimlet settings in the COS or for an account.
Copyright © 2013 VMware Inc.