Making GAL's visible cross-domain?

[Baylink]

I have two domains which are closely related; is there any current facility to make it possible for users in each domain to see a view of the server GAL which includes not only the users in their own domain, but also the users in the other one?

Or is this an RFE? :-)

[mmorse]

If you want to allow everyone on your box to see everyone just:
zmprov mcf zimbraGalInternalSearchBase ROOT
(May also do that for zimbraGalSyncInternalSearchBase if you use ZCO/ZD/etc)


On individual domains (inherited from global), by default zimbraGalInternalSearchBase & zimbraGalSyncInternalSearchBase are set to DOMAIN. Thus if you're using multiple domains and still want to leave the GAL enabled, people can only search within their domain for privacy. Say you had multiple domains but managed by one IT department - you might give them the ability to search ROOT so they could find members easier.

(If you're using external LDAP/AD auth that's zimbraGalLdapSearchBase & zimbraGalSyncLdapSearchBase.)

---

If you want to allow lookup in domain.com and any sub.domain.com set that attribute to SUBDOMAINS.

Notice in the below example that for all intensive purposes sub.domain.com can be set to DOMAIN or SUBDOMAINS and there's no difference. That's because SUBDOMAINS isn't intended for the sub to view the parent, just the parent to see the sub. Do read on to understand how that works:

zmprov cd domain.com
zmprov cd subdomain.com
zmprov ca usermain@domain1.com usermain
zmprov ca usersub@sub.domain.com usersub
zmprov md domain1.com zimbraGalInternalSearchBase SUBDOMAINS
zmprov md sub.domain1.com zimbraGalInternalSearchBase SUBDOMAINS
(or mcf to do it globally)

Login to usermain
Type 'u' in a new mail (assuming you have auto complete from GAL enabled) and you'll get back:
usermain@domain.com
usersub@sub.domain.com

Login to usersub
Type 'u' and you'll get back just:
usersub@sub.domain.com

Get it?

And you'll continue to get nothing but usersub@sub.domain.com unless you make an alpha.sub.domain.com & useralphasub@alpha.sub.domain.com

At which point logging in as usersub and typing 'u' will return:
usersub@sub.domain.com
useralphasub@alpha.sub.domain.com

Usermain would then return 3 values:
usermain@domain.com
usersub@sub.domain.com
useralphasub@alpha.sub.domain.com

(When testing refresh your browser every time you set zimbraGalInternalSearchBase.)

---

So what can be done if you can't use ROOT for all, but just want domainA.com & domainB.com to see each other?

You could use both internal & 'external' GAL lookups against yourself so that A<>B and B<>A (use the GAL wizard):

DomainA:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389
LDAP filter: (uid=%u) parenthesis included
Autocomplete filter: It should autofill with externalLdapAutoComplete, but doesn't always do so the first round of setting up; though it will show up after you apply. (but you could add it now if wanted/if it requires you to in an error at the end)
LDAP search base: dc=domainB,dc=com ("" might coax search across all domains)
Bind DN: shouldn't need to bother - but you could always do something like cn=admin,dc=domain,dc=com

DomainB:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389 ssl 636 if desired
LDAP filter: (uid=%n) parenthesis included
Autocomplete filter: ignore unless you can't click finish/test gives error/error in mailbox.log then enter externalLdapAutoComplete
LDAP search base: dc=domainA,dc=com
Bind DN: ignore

LDAP Filter notes:
(uid=%u) - The user has a uid attribute value in the external directory equal to the user portion of the Zimbra user account.
(uid=%n) - Entire Zimbra user account is used to identify user in the external directory.
or even (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*)(zimbraM ailDeliveryAddress=*%s*) (zimbraMailAlias=*%s*)(zimbraMailAddress=*%s*))(|( objectclass=zimbraAccount)(objectclass=zimbraDistr ibutionList)))


And yes to save Matt & myself some time later there's a few RFE's you can vote for:
Bug 7426 -option to search gal across domains
Bug 21750 -search for resources across domains
Bug 13801 - Add support for multiple GALs per domain

In 5.0.3-: Bug 21873 - GAL autocomplete should handle multiple tokens

[Baylink]

Ok, I'll have to look at the big ugly manual method, I guess, because my personal domain is on the server too, and I don't want users in either domain to see it, and neither domain is, purposefully, a subset of the other.

I'll pick one of those bugs and pile-on.

And hey; I've only had 3 bugs out of 25 closed as dupes... (and one of those wasn't really...) I'm not doing that bad. :-)

[mmorse]

Yup so internal & 'external' GAL lookups against yourself so that A<>B and B<>A
OR
If there's no one but you/few others in your personal domain might just set zimbraHideInGal TRUE on your account(s).

It sounds like Bug 7426 - option to search gal across domains is the one to vote for.

(And just joshing with ya, that's a good record, shows you know to search first & thinking of cool ways to enhance Zimbra - everyone here lives on bugzilla.)

[americo]

Zimbra Version: 5.0.11

i configured GAL in outlook 2007, when i do a search with outlook show me all users for all domains but in this search show "people" atribute too like a user, i think this row is matching for their domain, in my installation i have 6 domains and in the search result show me 6 rows with Name=people... and the other fields are empty.

how can i fix this...or how can i hide the domians to exclude from de GAL?

Thanks

[pdn2k5]

I have tried the settings suggested in this post but unfortunately external gallookup is still not happening with ZDC. Evrything works finr with Web Client though.
We have configured different zimbra roles on different machine.
What I could be missing ?

we are on Zimbra 5.0.14