Thread: Zimbra GAL and GALSync Questions Since Upgrading to 6.0
View Single Post
  #3 (permalink)  
Old 01-13-2010, 12:31 PM
mmorse mmorse is offline
Moderator
  
Posts: 6,236
Default
Quote:
Originally Posted by chewie71
Do I understand this correctly....if I add GalSync accounts...GAL lookups automatically look in the GALSync folders first before going out to the external LDAP data source?

Is this exclusive....as in it only checks GALSync Contacts...unless it is unavailable in which case it checks the external LDAP source? Or does it check both at the same time?
This was 6.0.0 Bug 37167- SyncGal needs to be pageable
------- Comment #10 -------
With this fix, all the old ZCO and ZD clients will sync against LDAP for full sync, and use gal sync account for any incremental sync.
The new clients should set idOnly=true in SyncGalRequest, then even the full sync will use gal sync account and allow paginated retrieval of GAL contacts.

Notes:
-Previously since there were no notifications on deletes. Sync just enumerated through all accounts that had been created/modified since the last sync token/timestamp. If an admin deleted an entry there is nothing for to return, and hence the ZCO/ZD never got notified. This is solved by using contact folders to work against (which get populated with a datasource).
-Search results (soap SyncGalRequest) will page (there are offset & limit attributes). Thus the result can be retrieved a chunk at a time, just like SearchResult for mail items with previous & next buttons.
-Now the content of SyncGal response can come from either LDAP server, or from addressbook of gal sync accounts.

-Traditionally the response would inline all the gal entries modified since last sync. If the client was doing initial gal sync, then it would return the entire gal in single soap response.
-With this new feature, the GAL sync client can fetch the content at a leisurely pace. The client can then use GetContactsRequest and list the ids as a batch, x a time.
-(Also added <deleted/> element to SyncGalResponse so the sync client doesn't have to do full sync as often.)

So:
-All the full sync request (request without syncToken) will sync against LDAP so that the sync client downloading 50k contacts won't hog the mailbox. (But it is still possibly do do full against a galsync account as discussed below).
-With this fix, all the old ZCO and ZD clients will sync against LDAP for full sync, and use gal sync account for any incremental sync.
-If the new clients should set idOnly=true in SyncGalRequest, then even the full sync will use the galsync account and allow paginated retrieval of GAL contacts.


Could either ditch that global zimbraGalSyncLdapURL or at least set it the same on datasource(s), else your limiting all clients to see only employee but not students.

Bug 39456 - Unable to add attributes to CreateGalSyncAccountRequest
------- Comment #3 -------
The following LDAP attrs are not available on galDataSource by design. Use
zimbraGalSync* version instead.

zimbraGalLdapURL
zimbraGalLdapSearchBase
zimbraGalLdapBindDn
zimbraGalLdapBindPassword
zimbraGalLdapFilter


soap-admin.txt around CheckGalConfigRequest:
- zimbraGalMode must be set to ldap, even if you eventually want to set it to "both".
- <action> is optional. GAL-action can be autocomplete|search|sync. Default is search.
- <query> is ignored if <action> is "sync".
zimbraGalSyncLdapXXX attributes are for GAL sync. They are ignored if <action> is not sync.
For GAL sync, if a zimbraGalSyncLdapXXX attribute is not set, server will fallback to the corresponding zimbraGalLdapXXX attribute.
Quote:
Originally Posted by soap-admin.txt
<CreateGalSyncAccountRequest name="{identifier}" domain="{domain-name}" type="zimbra|ldap" [folder="{contact-folder-name}"] >
<account by="id|name">...</account>
<a n="attr-name">...</a>+
</CreateGalSyncAccountRequest>

<CreateGalSyncAccountResponse>
<name>...</name>
<account name="{name}" id="{id}"/>
</CreateGalSyncAccountResponse>

Notes:

- if the referenced account is not found it will be created.
- the identifier used in name attr is used for SyncGal and SearchGal.
- name attribute is for the name of the data source.
- if folder attr is not present it'll default to Contacts folder.
- passed in attrs in <a/> are used to initialize the gal data source.


example for creating gal sync account for Zimbra LDAP server.

<CreateGalSyncAccountRequest name="zimbra" domain="mydomain.com" type="zimbra">
<account by="name">gal@mydomain.com</account>
</CreateGalSyncAccountRequest>

example for creating domain gal sync account.

<CreateGalSyncAccountRequest name="mydomain" domain="mydomain.com" type="ldap">
<account by="name">gal@mydomain.com</account>
<a n="zimbraGalSyncLdapURL">ldap://ldap.mydomain.com</a>
<a n="zimbraGalSyncLdapStartTlsEnabled">TRUE</a>
<a n="zimbraGalSyncLdapSearchBase">cn=users</a>
<a n="zimbraGalSyncLdapAuthMech">simple</a>
<a n="zimbraGalSyncLdapBindDn">uid=admin,cn=users</a>
<a n="zimbraGalSyncLdapBindPassword">password</a>
<a n="zimbraGalSyncLdapFilter">(&amp;(mail=*)(objectC lass=user))</a>
<a n="zimbraGalLdapAttrMap">whenChanged,modifyTimeSta mp=modifyTimeStamp</a>
<a n="zimbraGalLdapAttrMap">whenCreated,createTimeSta mp=createTimeStamp</a>
<a n="zimbraGalLdapAttrMap">zimbraMailDeliveryAddress ,zimbraMailAlias,mail=email,email2,email3,email4,e mail5,email6,email7,email8,email9,email10,email11, email12,email13,email14,email15,email16</a>
</CreateGalSyncAccountRequest>
Originally added in 5.0.2 Bug 21247 -; Different LDAP config for Gal Sync vs Gal Search
------- Comment #3 -------
1) add zimbraGalSyncLdapFilter
2) when doing a gal sync, use zimbraGalSyncLdapFilter if set, otherwise use
zimbraGalLdapFilter



Bug 14531 - GAL via contacts folders with sorting, browsing and real sync
------- Comment #81 -------
- added zimbraSync filter def in zimbraGalLdapFilterDef
- added an upgrade step for that
- changed GalSearchConfig to use the configured zimbraSync filter, if not set, fallback to the hardcoded one.


Quote:
Originally Posted by chewie71
If I have multiple GALSync folders...as my example above shows (employee filter and student filter go to two different GALSync folders)...when a GAL query comes through does it look in all folders?
It should look at all folders as far as I know. We do this here for Zimbra & Yahoo GAL's: Adding_Additional_Datasources - GAL Sync Account - Zimbra :: Wiki (If you ever wanted to share say galsync@domain.com/employees with people you could then easier to have 2 datasource folders.) Might file an rfe for controls by cos instead of domain/who has access to that datasource, you could try setting permissions on the folder with distribution groups - never done it.


Quote:
Originally Posted by chewie71
What about AutoComplete? Does it check against the GALSync account or only the external ldap source?
Bug 14531 - GAL via contacts folders with sorting, browsing and real sync
------- Comment #72 ------ checkpoint for autocomplete using gal sync account.//depot/main/ZimbraServer/src/java/com/zimbra/cs/mailbox/ContactAutoComplete.java#25



See you opened a ticket(s) so some notes on those:

Just completed for 6.0.5: Bug 43776 - ZCB should continue syncing in the presence of SyncGalRequest errors

If you need to throttle a client here are the registry attributes: Bug 38637 - ZCO Should Self-Throttle Depending on GAL size 5.0.19 (re-fixed in 6.0.2 Bug 39587 - throttling of GAL sync frequency does not work)

Open issues:

A) If zimbraGalSyncLdapFilter isn't working without implementing a galsyncaccount then I'd be inclined to classify that as a bug. (Note this from 5.0.6, might those bits be a contributing factor? Bug 27074 - SyncGalRequest NPE when zimbraAccountSync and zimbraResourceSync filter defs are missing)

B) If zimbraGalTokenizeAutoCompleteKey/zimbraGalTokenizeSearchKey set to 'and' Bug 21873 - GAL autocomplete should handle multiple tokens aren't working with galsyncaccounts I'd file a new bug.

http://www.zimbra.com/forums/users/31243-gal-browsing-6-0-a-2.html#post146263 > GAL Sync Account - Zimbra :: Wiki
Reply With Quote