GAL search returned no results ZCS 7.1.3 GA Release

[zenu]

It does have a AD option which I've chosen, below are screen shots of my configuration

[blason]

Your BIND DN should be user@domain.com rather than domain\user. Try adding that and see.

e.g blason@example.com not example\blason

[sbhnet]

Hmmmm. My screens look just like that except that I'm using the user@domain.com for the bind and the datasource name for the external GAL is ldap. Can that name make the difference? (I didn't set things up - I'm coming in after the fact as another set of eyes.)

[zenu]

Nope. No luck for me, but thank you for the idea.

[blason]

Well honestly even I tried with that and that didn't work if you refer to OSS Admin guide it was clearly specified that DN should be given in the form of user@domain.name

[sbhnet]

We finally got the GAL to work by changing the mode to "Both" instead of just External. Which says it's pulling from the defined accounts in Zimbra not from AD. Has anyone ever gotten GAL to work using just External?

[50asm]

Quote:

Originally Posted by sbhnet

We finally got the GAL to work by changing the mode to "Both" instead of just External. Which says it's pulling from the defined accounts in Zimbra not from AD. Has anyone ever gotten GAL to work using just External?

I cant make it work even using "both". The test are passing as noted by others, I have configured every thing as shown in the screen shots by zenu with the exception that I am using user@domain.com (with full admin rights) and the bind dn.

I am running ZCS 7.14, do you think this is a bug that needs to be reported?

Any other advice would be apreciated. I have been pulling my hair out for hours tring to figure out what is wrong.

Thank you!!!

[sbhnet]

I've seen so many posts where folks are having problems with this, I really think the Zimbra folks need to address this directly. Maybe a bug report will force the issue?

[50asm]

Quote:

Originally Posted by sbhnet

I've seen so many posts where folks are having problems with this, I really think the Zimbra folks need to address this directly. Maybe a bug report will force the issue?

I will report it now. Thanks!

[davidkillingsworth]

It is important to note that you must use port 389 not 3268 for GAL searches in AD.

Here's what I have for my GAL Configuration. You must have a glsynch@mydomain.com account in Zimbra.

You must also have an account in AD.
CN=GAL Sync,OU=Users & Groups,OU=Service Admins,DC=corp,DC=mydomain,DC=com

GAL Search Settings:

GAL mode: External
Create GAL Sync account: Check
GAL sync account name: glsynch@mydomain.com
Datasource name for external GAL: ExtnernalGAL (can be any name)
External GAL polling interval: 1 Hour (1 day would also probably be ok)
Server type: LDAP (NOT Active Directory, which assumes you also have Exchange schema extensions so GAL search results will always fail)
LDAP URL (enter your addresses):
ldap://xxx.xxx.xxx.x01:389 (these are the IP addresses of your AD domain controllers)
ldap://xxx.xxx.xxx.x02:389
LDAP filter:
(&(objectClass=user)(|(sAMAccountName=%s*)(givenNa me=%s*)(mail=%s*)))
Autocomplete filter:
(|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
LDAP search base (enter the distinguished name to the root of your users in the AD for this email domain):
OU=Users & Groups,OU=US Campus,DC=corp,DC=mydomain,DC=com

GAL Search Settings:

Use DN/Password to bind to external server: Check
Bind DN (enter the DN of the GAL search user you created):
CN=GAL Sync,OU=Users & Groups,OU=Service Admins,DC=corp,DC=mydomain,DC=com

GAL Sync Settings:

Use GAL search settings for GAL sync: Check

GAL Settings Summary:

Here you can test the account works by searching for another user, enter an account name of a user you know exists within the "search base" you entered earlier.