GAL Question

[tbullock]

I have deployed Zimbra as a mail server, but I still allow users to use Outlook via POP.

There are some using the web interface and we have question about the GAL.

I run two mail Domains: maildomain1.ca and maildomain2.ca

If you have an address that belongs to domain1 and you search via a period (.) in the GAL, you only see the accounts belonging to domain1.

Obviously vice-versa with domain2.

Is there a way to get the GAL to encompass all mail domains for all users, regardless of which domain their account was created under?

Cheers,

Travis

[rsharpe]

Could you not just configure the GAL to lookup on both the internal as well as external... your external being the same ldap server, but different ldap search query.

[tbullock]

I don't know....that is why I am asking...lol

[tbullock]

Actually I don't have an external LDAP server. The domains I am discussing are all local e-mail domains that exist on the Zimbra server. So if I am a user whose e-mail address ends with @domain1.com and I use the GAL all I see are the @domain1.com users. I cannot see the @domain2.com users and vice-versa.

What I want is for all mail domain users to be able to see all of my mail domains in the GAL.

I do not see a place to change the LDAP query, unless I was to specify "External" on configuration. As I am not running LDAP externally of Zimbra, this is not an option.

Can I change the queries any other way?

[rsharpe]

You should still be able to specify it as external, you will just be pointing it back to the same server, and requesting a different branch of the same tree.

[schemers]

As mentioned, just configure your GAL as external, but point it at your Zimbra LDAP server. Set the search base to "dc=ca". You'll need to set the search filter to either "zimbra" or "zimbraAccounts", depending on what version you are using.

To figure out which one, run this:

Code:

/opt/zimbra/bin/zmprov gacf|grep zimbraGalLdapFilterDef

And see if you get:

Code:

zimbraGalLdapFilterDef: zimbraAccounts:(...long ldap filter)
...

Or:

And see if you get:

Code:

zimbraGalLdapFilterDef: zimbra:(...long ldap filter)
...

I just fixed bug 7426 and added a new config option to control the search base for internal GAL searches, This should be in the next major release (i.e., 3.2).

[tbullock]

I see:

[root@webmail bin]# ./zmprov gacf | grep zimbraGalLdapFilterDef
zimbraGalLdapFilterDef: ad&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(!(m sExchHideFromAddressLists=TRUE))(mailnickname=*)(| (&(objectCategory=person)(objectClass=user)(!(home MDB=*))(!(msExchHomeServerName=*)))(&(objectCatego ry=person)(objectClass=user)(|(homeMDB=*)(msExchHo meServerName=*)))(&(objectCategory=person)(objectC lass=contact))(objectCategory=group)(objectCategor y=publicFolder)(objectCategory=msExchDynamicDistri butionList)))
zimbraGalLdapFilterDef: zimbraAccounts&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mai l=*%s*)(zimbraMailDeliveryAddress=*%s*)(zimbraMail Alias=*%s*)(zimbraMailAddress=*%s*))(|(objectclass =zimbraAccount)(objectclass=zimbraDistributionList ))(!(objectclass=zimbraCalendarResource)))
zimbraGalLdapFilterDef: zimbraResources&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(ma il=*%s*)(zimbraMailDeliveryAddress=*%s*)(zimbraMai lAlias=*%s*)(zimbraMailAddress=*%s*))(objectclass= zimbraCalendarResource))

Do I just add that entire string to the LDAP Filter* section in the GAL Wizard when configuring for external LDAP? Would I change the "Search Base" as well?

For example change it from: dc=avmax, dc=ca

TO: dc=ca, dc=com

??

[schemers]

If you see "zimbraAccounts" then you can set the gal filter to be "zimbraAccounts". The GAL code will check to see if there a filter def with that name and use it if so.

If you have a domain called "foo.ca" and "bar.ca" you want the base to be "dc=ca". If they are "foo.com" and "bar.com", you'd want it to be "dc=com".

[tbullock]

Quote:

Originally Posted by schemers

If you see "zimbraAccounts" then you can set the gal filter to be "zimbraAccounts". The GAL code will check to see if there a filter def with that name and use it if so.

If you have a domain called "foo.ca" and "bar.ca" you want the base to be "dc=ca". If they are "foo.com" and "bar.com", you'd want it to be "dc=com".

OK. I do see ZimbraAccounts. But I don't know what to paste into the 'LDAP Filter*' section of the GAL configuration Wizard.

Also, I have both .ca and .com domains.....so can I use both, dc=ca and dc=com in the search base section?

Cheers,

Travis

[tbullock]

I have done a search in the Forum for a history on this, but can't seem to find anything in regards to setting up the external LDAP.

Is there a HOWTO I could read that would explain the GAL Wizard? And specifically, what it is expecting in the "LDAP Filter*" field?