GAL:
If you want to allow everyone on your box to see everyone:
zmprov mcf zimbraGalInternalSearchBase ROOT
(May also do that for zimbraGalSyncInternalSearchBase if you use ZCO/ZD/etc)
On individual domains (inherited from global), by default zimbraGalInternalSearchBase & zimbraGalSyncInternalSearchBase are set to DOMAIN. Thus if you're using multiple domains and still want to leave the GAL enabled, people can only search within their domain for privacy. Say you had multiple domains but managed by one IT department - you might give them the ability to search ROOT so they could find members easier.
(If you're using external LDAP/AD auth that's zimbraGalLdapSearchBase & zimbraGalSyncLdapSearchBase.)
If you want to allow lookup in domain.com and any sub.domain.com:
-set that attribute to SUBDOMAINS
Notice in the below example that for all intensive purposes sub.domain.com can be set to DOMAIN or SUBDOMAINS and there's no difference. That's because SUBDOMAINS isn't intended for the sub to view the parent, just the parent to see the sub. Do read on to understand how that works:
zmprov cd domain.com
zmprov cd subdomain.com
zmprov ca
usermain@domain1.com usermain
zmprov ca
usersub@sub.domain.com usersub
zmprov md domain1.com zimbraGalInternalSearchBase SUBDOMAINS
zmprov md sub.domain1.com zimbraGalInternalSearchBase SUBDOMAINS
(or mcf to do it globally)
Login to usermain
Type 'u' in a new mail (assuming you have auto complete from GAL enabled) and you'll get back:
usermain@domain.com usersub@sub.domain.com
Login to usersub
Type 'u' and you'll get back just:
usersub@sub.domain.com
Get it?
And you'll continue to get nothing but
usersub@sub.domain.com unless you make an alpha.sub.domain.com &
useralphasub@alpha.sub.domain.com
At which point logging in as usersub and typing 'u' will return:
usersub@sub.domain.com useralphasub@alpha.sub.domain.com
Usermain would then return 3 values:
usermain@domain.com usersub@sub.domain.com useralphasub@alpha.sub.domain.com
(When testing refresh your browser every time you set zimbraGalInternalSearchBase.)
So what can be done if you can't use ROOT for all, but just want domainA.com & domainB.com to see each other?
You could use both internal & 'external' GAL lookups against yourself so that A<>B and B<>A (use the GAL wizard):
DomainA:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389
LDAP filter: (uid=%u) parenthesis included
Autocomplete filter: It should autofill with externalLdapAutoComplete, but doesn't always do so the first round of setting up; though it will show up after you apply. (but you could add it now if wanted/if it requires you to in an error at the end)
LDAP search base: dc=domainB,dc=com ("" might coax search across all domains)
Bind DN: shouldn't need to bother - but you could always do something like cn=admin,dc=domain,dc=com
DomainB:
GAL: both
Server type: LDAP
LDAP url: ldap://serverwithldapservice.domain.com:389 ssl 636 if desired
LDAP filter: (uid=%n) parenthesis included
Autocomplete filter: ignore unless you can't click finish/test gives error/error in mailbox.log then enter externalLdapAutoComplete
LDAP search base: dc=domainA,dc=com
Bind DN: ignore
LDAP Filter notes:
(uid=%u) - The user has a uid attribute value in the external directory equal to the user portion of the Zimbra user account.
(uid=%n) - Entire Zimbra user account is used to identify user in the external directory.
or even (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*)(zimbraM ailDeliveryAddress=*%s*) (zimbraMailAlias=*%s*)(zimbraMailAddress=*%s*))(|( objectclass=zimbraAccount)(objectclass=zimbraDistr ibutionList)))
A few RFE's you can vote for:
Bug 7426 - option to search gal across domains Bug 21750 - search for resources across domains Bug 13801 - Add support for multiple GALs per domain
In 5.0.3-:
Bug 21873 - GAL autocomplete should handle multiple tokens
---
Virtual hosts:
Say you have domainA & domainB:
If you point users at just one address (say it's mail.domainA.com) you just set:
Quote:
|
zmprov mcf zimbraDefaultDomainName domainA.com
|
and users can login with username/pass.
However, user's in domainB.com on the other hand will have to type the full login
username@domainB.com/pass.
To solve that you can create a virtual host. This becomes the default domain for a user login so web-client users can log in without having to specify the domain name as part of their user name.
Admin console GUI > Domains > Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record.
OR
Quote:
|
zmprov md domainB.com zimbraVirtualHostname webmail.domainB.com
|
Users enter the virtual host name as the URL address (webmail.domainB.com) where they enter just their username/pass.
The authentication request searches for a domain with that virtual host name and authentication is completed against that domain.
See also zimbraPublicService[Protocol + Hostname + Port] for REST URL generation, used on shares etc.
Now, if you have a multi server setup you can deploy a login load balancer for the Zimbra server so that all users can log in from any mailstore server instead of having to remember which server their mailbox is on. (See the multi-server docs)
Bugzilla
Wiki
Source
Looking for experienced opinions please 
Linear Mode
