Difference between revisions of "GAL Sync Account"

(New page: Insert GAL sync write up here. {{Article_Footer|ZCS 6.0.x|09/25/2009}} Category:Administration Category:GAL)
 
Line 1: Line 1:
Insert GAL sync write up here.
+
=Description=
 +
Enabling a GAL sync account will permit browsing and paging of the global address list when selecting contacts during message composition with the Zimbra web client. Contact data from Zimbra's internal GAL and external sources can be synced to the account. The galsync account is a resource account and does not consume a Zimbra license.
 +
 
 +
To setup an account properly for sync, there must be
 +
*A GAL sync account
 +
*An internal or external datasource on the GAL sync account.
 +
 
 +
=Setting Up Internal GAL Sync=
 +
For the internal setup, the internal datasource is automatically created when using the following steps.
 +
==Admin Console==
 +
#In the server admin console, select a domain for GAL sync under "Domains".
 +
#Click "Configure GAL".
 +
#Set "GAL mode:" "Internal".
 +
#Enter a value for "Most results returned by GAL Search".
 +
#Set "Datasource" name to ''InternalGAL''.
 +
#Enter a GAL polling interval. The GAL polling interval is the time between syncs to the internal LDAP.
 +
#Next, then Finish.
 +
#To force sync, go to the CLI and use zmgsautil
 +
zmgsautil forceSync -a galsync@domain.com -n InternalGAL
 +
 
 +
==Command Line==
 +
zmgsautil createAccount -a galsync@domain.com -n InternalGAL --domain domain.com -t zimbra -f _InternalGAL
 +
zmgsautil forceSync -a galsync@domain.com -n InternalGA
 +
 
 +
=Setting Up External GAL Sync=
 +
Every domain in the Zimbra installation can have a single Active Directory or external LDAP GAL configuration. The '''first''' external ''datasource'' for the galsync account will use the external LDAP or Active Directory GAL configuration. Additional datasources require the configuration for the external source to be within the datasource itself. For example, consider this external GAL configuration for AD:
 +
 
 +
<pre>
 +
## Get Domain
 +
zmprov gd domain.com | grep -i gal
 +
zimbraGalLdapBindDn: CN=galsync, OU=Service Accounts, OU=Servers, DC=Corp, DC=domain, DC=com
 +
zimbraGalLdapBindPassword: thePassword
 +
zimbraGalLdapFilter: ad
 +
zimbraGalLdapPageSize: 1000
 +
zimbraGalLdapSearchBase: DC=Corp, DC=domain, DC=com
 +
zimbraGalLdapURL: ldap://ds1.corp.domain.com:3268
 +
zimbraGalMaxResults: 100
 +
zimbraGalMode: both
 +
zimbraGalSyncInternalSearchBase: DOMAIN
 +
 
 +
## Get Datasource
 +
zmprov gds galsync@domain.com
 +
# name ActiveDirectoryGAL
 +
# type gal
 +
objectClass: zimbraDataSource
 +
objectClass: zimbraGalDataSource
 +
zimbraCreateTimestamp: 20090728211318Z
 +
zimbraDataSourceEnabled: TRUE
 +
zimbraDataSourceFolderId: 257
 +
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
 +
zimbraDataSourceName: ActiveDirectoryGAL
 +
zimbraDataSourcePollingInterval: 1d
 +
zimbraDataSourceType: gal
 +
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
 +
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
 +
zimbraGalStatus: enabled
 +
zimbraGalType: ldap
 +
</pre>
 +
The ''ActiveDirectoryGAL'' datasource uses the GAL configuration stored in the domain's GAL configuration attributes.
 +
 
 +
==Admin Console==
 +
#Specify "GAL mode:" as one of "External" or "Both".
 +
#Choose a datasource name. ''E.g., ActiveDirectoryGAL or ExternalGAL''.
 +
#Enter a polling interval.
 +
#Specify "Server type" and configure the the rest of the external GAL settings.
 +
 
 +
==Command Line==
 +
If the external GAL was configured on the command line, or is already configured without a datasource, ''zmgsautil'' can be used to setup the external LDAP datasource. If the galsync account is being created for the first time and external GAL is configured, the datasource will be setup with the ''zmgsautil createAccount'' command.
 +
<pre>
 +
zmgsautil createAccount -a galsync@domain.com -n ExternalGAL --domain domain -t ldap -f _ExternalGAL
 +
</pre>
 +
 
 +
==Adding Additional Datasources==
 +
Additional datasources can be configured manually with ''zmprov''.
 +
*Retrieve current datasources for the galsync account.
 +
<pre>
 +
## Get Datasource
 +
zmprov gds galsync@domain.com
 +
# name ActiveDirectoryGAL
 +
# type gal
 +
objectClass: zimbraDataSource
 +
objectClass: zimbraGalDataSource
 +
zimbraCreateTimestamp: 20090728211318Z
 +
zimbraDataSourceEnabled: TRUE
 +
zimbraDataSourceFolderId: 257
 +
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
 +
zimbraDataSourceName: ActiveDirectoryGAL
 +
zimbraDataSourcePollingInterval: 1d
 +
zimbraDataSourceType: gal
 +
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
 +
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
 +
zimbraGalStatus: enabled
 +
zimbraGalType: ldap
 +
</pre>
 +
*Optionally create a new contact folder in the galsync account to store the GAL with ''zmmailbox''. Note the return folder Id.
 +
<pre>
 +
zmmailbox -z -m galsync@domain.com createFolder --view contact /_AnotherGAL
 +
257
 +
</pre>
 +
*Add new datasource with ''zmprov''.
 +
<pre>
 +
zmprov cds galsync@domain.com gal AnotherGAL zimbraDataSourceEnabled TRUE zimbraDataSourceFolderId 257 \
 +
zimbraDataSourcePollingInterval 1d \
 +
zimbraGalStatus enabled
 +
zimbraGalSyncLdapBindDn uid=zimbra,cn=admins,cn=zimbra \
 +
zimbraGalSyncLdapBindPassword thePassword \
 +
zimbraGalSyncLdapFilter '(&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))' \
 +
zimbraGalSyncLdapPageSize 100 \
 +
zimbraGalSyncLdapSearchBase dc=anotherdomain,dc=com \
 +
zimbraGalSyncLdapURL ldap://ldap.anotherdomain.com:389 \
 +
zimbraGalType ldap
 +
</pre>
 +
*Finally, show all datasources for the galsync account.
 +
<pre>
 +
zmprov gds galsync@domain.com
 +
# name ActiveDirectoryGAL
 +
# type gal
 +
objectClass: zimbraDataSource
 +
objectClass: zimbraGalDataSource
 +
zimbraCreateTimestamp: 20090728211318Z
 +
zimbraDataSourceEnabled: TRUE
 +
zimbraDataSourceFolderId: 257
 +
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
 +
zimbraDataSourceName: ActiveDirectoryGAL
 +
zimbraDataSourcePollingInterval: 1d
 +
zimbraDataSourceType: gal
 +
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
 +
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
 +
zimbraGalStatus: enabled
 +
zimbraGalType: ldap
 +
 
 +
# name AnotherGAL
 +
# type gal
 +
objectClass: zimbraDataSource
 +
objectClass: zimbraGalDataSource
 +
zimbraCreateTimestamp: 20090729085331Z
 +
zimbraDataSourceEnabled: TRUE
 +
zimbraDataSourceFolderId: 25212
 +
zimbraDataSourceId: 1fb50a98-7168-4ade-98e0-fccd414047a2
 +
zimbraDataSourceName: AnotherGAL
 +
zimbraDataSourcePollingInterval: 1d
 +
zimbraDataSourceType: gal
 +
zimbraGalLastSuccessfulSyncTimestamp: 20090925124604Z
 +
zimbraGalStatus: enabled
 +
zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra
 +
zimbraGalSyncLdapBindPassword: thePassword
 +
zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))
 +
zimbraGalSyncLdapPageSize: 100
 +
zimbraGalSyncLdapSearchBase: dc=anotherdomain,dc=com
 +
zimbraGalSyncLdapURL: ldap://ldap.anotherdomain.com:389
 +
zimbraGalType: ldap
 +
</pre>
 +
 
 +
The server providing data to the ''AnotherGAL'' datasource just happens to be an external Zimbra server, but could be any other LDAP or AD. Be sure to use ''zimbraGALType '''ldap''''' and not '''zimbra''' if the external LDAP is Zimbra. The '''zimbra''' GAL type is reserved for the internal GAL only.
 +
 
 +
=References=
 +
http://www.zimbra.com/forums/users/31243-gal-browsing-6-0-a-2.html
  
 
{{Article_Footer|ZCS 6.0.x|09/25/2009}}
 
{{Article_Footer|ZCS 6.0.x|09/25/2009}}

Revision as of 03:56, 26 September 2009

Description

Enabling a GAL sync account will permit browsing and paging of the global address list when selecting contacts during message composition with the Zimbra web client. Contact data from Zimbra's internal GAL and external sources can be synced to the account. The galsync account is a resource account and does not consume a Zimbra license.

To setup an account properly for sync, there must be

  • A GAL sync account
  • An internal or external datasource on the GAL sync account.

Setting Up Internal GAL Sync

For the internal setup, the internal datasource is automatically created when using the following steps.

Admin Console

  1. In the server admin console, select a domain for GAL sync under "Domains".
  2. Click "Configure GAL".
  3. Set "GAL mode:" "Internal".
  4. Enter a value for "Most results returned by GAL Search".
  5. Set "Datasource" name to InternalGAL.
  6. Enter a GAL polling interval. The GAL polling interval is the time between syncs to the internal LDAP.
  7. Next, then Finish.
  8. To force sync, go to the CLI and use zmgsautil
zmgsautil forceSync -a galsync@domain.com -n InternalGAL

Command Line

zmgsautil createAccount -a galsync@domain.com -n InternalGAL --domain domain.com -t zimbra -f _InternalGAL
zmgsautil forceSync -a galsync@domain.com -n InternalGA

Setting Up External GAL Sync

Every domain in the Zimbra installation can have a single Active Directory or external LDAP GAL configuration. The first external datasource for the galsync account will use the external LDAP or Active Directory GAL configuration. Additional datasources require the configuration for the external source to be within the datasource itself. For example, consider this external GAL configuration for AD:

## Get Domain
zmprov gd domain.com | grep -i gal
zimbraGalLdapBindDn: CN=galsync, OU=Service Accounts, OU=Servers, DC=Corp, DC=domain, DC=com
zimbraGalLdapBindPassword: thePassword
zimbraGalLdapFilter: ad
zimbraGalLdapPageSize: 1000
zimbraGalLdapSearchBase: DC=Corp, DC=domain, DC=com
zimbraGalLdapURL: ldap://ds1.corp.domain.com:3268
zimbraGalMaxResults: 100
zimbraGalMode: both
zimbraGalSyncInternalSearchBase: DOMAIN

## Get Datasource 
zmprov gds galsync@domain.com
# name ActiveDirectoryGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20090728211318Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 257
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
zimbraDataSourceName: ActiveDirectoryGAL
zimbraDataSourcePollingInterval: 1d
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
zimbraGalStatus: enabled
zimbraGalType: ldap

The ActiveDirectoryGAL datasource uses the GAL configuration stored in the domain's GAL configuration attributes.

Admin Console

  1. Specify "GAL mode:" as one of "External" or "Both".
  2. Choose a datasource name. E.g., ActiveDirectoryGAL or ExternalGAL.
  3. Enter a polling interval.
  4. Specify "Server type" and configure the the rest of the external GAL settings.

Command Line

If the external GAL was configured on the command line, or is already configured without a datasource, zmgsautil can be used to setup the external LDAP datasource. If the galsync account is being created for the first time and external GAL is configured, the datasource will be setup with the zmgsautil createAccount command.

zmgsautil createAccount -a galsync@domain.com -n ExternalGAL --domain domain -t ldap -f _ExternalGAL

Adding Additional Datasources

Additional datasources can be configured manually with zmprov.

  • Retrieve current datasources for the galsync account.
## Get Datasource 
zmprov gds galsync@domain.com
# name ActiveDirectoryGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20090728211318Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 257
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
zimbraDataSourceName: ActiveDirectoryGAL
zimbraDataSourcePollingInterval: 1d
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
zimbraGalStatus: enabled
zimbraGalType: ldap
  • Optionally create a new contact folder in the galsync account to store the GAL with zmmailbox. Note the return folder Id.
zmmailbox -z -m galsync@domain.com createFolder --view contact /_AnotherGAL
257
  • Add new datasource with zmprov.
zmprov cds galsync@domain.com gal AnotherGAL zimbraDataSourceEnabled TRUE zimbraDataSourceFolderId 257 \
zimbraDataSourcePollingInterval 1d \
zimbraGalStatus enabled
zimbraGalSyncLdapBindDn uid=zimbra,cn=admins,cn=zimbra \
zimbraGalSyncLdapBindPassword thePassword \
zimbraGalSyncLdapFilter '(&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))' \
zimbraGalSyncLdapPageSize 100 \
zimbraGalSyncLdapSearchBase dc=anotherdomain,dc=com \
zimbraGalSyncLdapURL ldap://ldap.anotherdomain.com:389 \
zimbraGalType ldap
  • Finally, show all datasources for the galsync account.
zmprov gds galsync@domain.com
# name ActiveDirectoryGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20090728211318Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 257
zimbraDataSourceId: 4c94f205-43fb-4706-a13b-8ce64eadde4e
zimbraDataSourceName: ActiveDirectoryGAL
zimbraDataSourcePollingInterval: 1d
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20090818071009Z
zimbraGalLastSuccessfulSyncTimestamp: 20090925155938Z
zimbraGalStatus: enabled
zimbraGalType: ldap

# name AnotherGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20090729085331Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 25212
zimbraDataSourceId: 1fb50a98-7168-4ade-98e0-fccd414047a2
zimbraDataSourceName: AnotherGAL
zimbraDataSourcePollingInterval: 1d
zimbraDataSourceType: gal
zimbraGalLastSuccessfulSyncTimestamp: 20090925124604Z
zimbraGalStatus: enabled
zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra
zimbraGalSyncLdapBindPassword: thePassword
zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))
zimbraGalSyncLdapPageSize: 100
zimbraGalSyncLdapSearchBase: dc=anotherdomain,dc=com
zimbraGalSyncLdapURL: ldap://ldap.anotherdomain.com:389
zimbraGalType: ldap

The server providing data to the AnotherGAL datasource just happens to be an external Zimbra server, but could be any other LDAP or AD. Be sure to use zimbraGALType ldap and not zimbra if the external LDAP is Zimbra. The zimbra GAL type is reserved for the internal GAL only.

References

http://www.zimbra.com/forums/users/31243-gal-browsing-6-0-a-2.html

Verified Against: ZCS 6.0.x Date Created: 09/25/2009
Article ID: https://wiki.zimbra.com/index.php?title=GAL_Sync_Account Date Modified: 2009-09-26



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search