If you want to allow everyone on your box to see everyone just:
zmprov mcf zimbraGalInternalSearchBase ROOT
(May also do that for zimbraGalSyncInternalSearchBase if you use ZCO/ZD/etc)
On individual domains (inherited from global), by default zimbraGalInternalSearchBase & zimbraGalSyncInternalSearchBase are set to DOMAIN. Thus if you're using multiple domains and still want to leave the GAL enabled, people can only search within their domain for privacy. Say you had multiple domains but managed by one IT department - you might give them the ability to search ROOT so they could find members easier.
(If you're using external LDAP/AD auth that's zimbraGalLdapSearchBase & zimbraGalSyncLdapSearchBase.)
---
If you want to allow lookup in domain.com and any sub.domain.com set that attribute to SUBDOMAINS.
Notice in the below example that for all intensive purposes sub.domain.com can be set to DOMAIN or SUBDOMAINS and there's no difference. That's because SUBDOMAINS isn't intended for the sub to view the parent, just the parent to see the sub. Do read on to understand how that works:
zmprov cd domain.com
zmprov cd subdomain.com
zmprov ca
usermain@domain1.com usermain
zmprov ca
usersub@sub.domain.com usersub
zmprov md domain1.com zimbraGalInternalSearchBase SUBDOMAINS
zmprov md sub.domain1.com zimbraGalInternalSearchBase SUBDOMAINS
(or mcf to do it globally)
Login to usermain
Type 'u' in a new mail (assuming you have auto complete from GAL enabled) and you'll get back:
usermain@domain.com usersub@sub.domain.com
Login to usersub
Type 'u' and you'll get back just:
usersub@sub.domain.com
Get it?
And you'll continue to get nothing but
usersub@sub.domain.com unless you make an alpha.sub.domain.com &
useralphasub@alpha.sub.domain.com
At which point logging in as usersub and typing 'u' will return:
usersub@sub.domain.com useralphasub@alpha.sub.domain.com
Usermain would then return 3 values:
usermain@domain.com usersub@sub.domain.com useralphasub@alpha.sub.domain.com
(When testing refresh your browser every time you set zimbraGalInternalSearchBase.)
---
So what can be done if you can't use ROOT for all, but just want domainA.com & domainB.com to see each other?
You could use both internal & 'external' GAL lookups against yourself so that A<>B and B<>A (use the GAL wizard):
DomainA:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389
LDAP filter: (uid=%u) parenthesis included
Autocomplete filter: It should autofill with externalLdapAutoComplete, but doesn't always do so the first round of setting up; though it will show up after you apply. (but you could add it now if wanted/if it requires you to in an error at the end)
LDAP search base: dc=domainB,dc=com ("" might coax search across all domains)
Bind DN: shouldn't need to bother - but you could always do something like cn=admin,dc=domain,dc=com
DomainB:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389 ssl 636 if desired
LDAP filter: (uid=%n) parenthesis included
Autocomplete filter: ignore unless you can't click finish/test gives error/error in mailbox.log then enter externalLdapAutoComplete
LDAP search base: dc=domainA,dc=com
Bind DN: ignore
LDAP Filter notes:
(uid=%u) - The user has a uid attribute value in the external directory equal to the user portion of the Zimbra user account.
(uid=%n) - Entire Zimbra user account is used to identify user in the external directory.
or even (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*)(zimbraM ailDeliveryAddress=*%s*) (zimbraMailAlias=*%s*)(zimbraMailAddress=*%s*))(|( objectclass=zimbraAccount)(objectclass=zimbraDistr ibutionList)))
And yes to save Matt & myself some time later
there's a few RFE's you can vote for:
Bug 7426 -option to search gal across domains Bug 21750 -search for resources across domains Bug 13801 - Add support for multiple GALs per domain
In 5.0.3-:
Bug 21873 - GAL autocomplete should handle multiple tokens 
Bugzilla
Wiki
Source
Making GAL's visible cross-domain? 
Linear Mode
