Mgolfieri-GalSyncAccount notes: Difference between revisions
Raunaq Malik (talk | contribs) |
|||
Line 9: | Line 9: | ||
To create the basic galsync account for the newly created example2.com domain (only @example2.com user emails found) | To create the basic galsync account for the newly created example2.com domain (only @example2.com user emails found) | ||
zmgsautil createAccount -a galsync@example2.com -n InternalGAL --domain example2.com -t zimbra -f _InternalGAL | zmgsautil createAccount -a galsync@example2.com -n InternalGAL --domain example2.com -s server.name -t zimbra -f _InternalGAL | ||
zmgsautil forceSync -a galsync@example2.com -n InternalGAL | zmgsautil forceSync -a galsync@example2.com -n InternalGAL | ||
Revision as of 12:30, 10 April 2014
Introduction
This is a collection of steps for configuring a second domain while addressing some particular needs (for example, showing only aliases within a domain, etc). Main and official reference for GalSync operations remains http://wiki.zimbra.com/wiki/GAL_Sync_Account
When creating a new domain (example2.com here), a new galsync account is needed in most custom scenarios and it's generally recommended for performance reasons as well.
Creating the basic galsync account
To create the basic galsync account for the newly created example2.com domain (only @example2.com user emails found)
zmgsautil createAccount -a galsync@example2.com -n InternalGAL --domain example2.com -s server.name -t zimbra -f _InternalGAL zmgsautil forceSync -a galsync@example2.com -n InternalGAL
Adding another GAL from another domain
If we want to add users from other domains, there are other ways, but the following permits you to control almost any detail (see further below). In this case, we want to retrieve @example.com addresses as well:
zmmailbox -z -m galsync@example2.com createFolder --view contact /_OtherDomainGAL zmgsautil createAccount -a galsync@example2.com -n OtherDomainGAL --domain example2.com -t ldap -f _OtherDomainGAL # This is to retrieve the $zimbra_ldap_password and $zimbra_ldap_userdn source bin/zmshutil zmsetvars zmprov mds galsync@example2.com OtherDomainGAL \ zimbraGalSyncLdapBindDn uid=zimbra,cn=admins,cn=zimbra \ zimbraGalSyncLdapBindPassword $zimbra_ldap_password \ zimbraGalSyncLdapFilter '(&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))' \ zimbraGalSyncLdapSearchBase dc=example,dc=com \ zimbraGalSyncLdapURL ldap://zcs7-ga.cork.zimbralab.com:389 zmprov mds galsync@example2.com OtherDomainGAL zimbraDataSourceEnabled TRUE zmgsautil forceSync -a galsync@example2.com -n OtherDomainGAL
[you can follow the above for any other datasource you want]
Enabling both GAL types
zmprov md example2.com zimbraGALMode both
At this point you might get an error within the logs about "Caused by: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL". In that case you have to:
zmprov mds galsync@example2.com InternalGAL zimbraDataSourceEnabled TRUE
Autocompletion not working?
If you don't see autocompletion working, it might just be a matter of setting:
Preferences-> Composing -> Include addresses in the GAL
DataSources Checkpoint
To sum up, now the datasources for our galsync@example2.com user look like:
zimbra@zcs7-ga:~$ zmprov gds galsync@example2.com # name InternalGAL # type gal objectClass: zimbraDataSource objectClass: zimbraGalDataSource zimbraCreateTimestamp: 20111006122111Z zimbraDataSourceEnabled: TRUE zimbraDataSourceFolderId: 257 zimbraDataSourceId: b4deebab-8ef8-4296-9aba-363917764a9b zimbraDataSourceName: InternalGAL zimbraDataSourceType: gal zimbraGalLastSuccessfulSyncTimestamp: 20111011095955Z zimbraGalStatus: enabled zimbraGalType: zimbra # name OtherDomainGAL # type gal objectClass: zimbraDataSource objectClass: zimbraGalDataSource zimbraCreateTimestamp: 20111006122636Z zimbraDataSourceEnabled: TRUE zimbraDataSourceFolderId: 259 zimbraDataSourceId: a2038d31-990d-4d3b-8df0-617fde2ccb02 zimbraDataSourceName: OtherDomainGAL zimbraDataSourceType: gal zimbraGalLastFailedSyncTimestamp: 20111006122724Z zimbraGalLastSuccessfulSyncTimestamp: 20111006123118Z zimbraGalStatus: enabled zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra zimbraGalSyncLdapBindPassword: DRWzNVVYYp zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE))) zimbraGalSyncLdapSearchBase: dc=example,dc=com zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389 zimbraGalType: ldap
Customizing the LDAP query
Transforming the internal GAL to an external type
Now we want to see only aliases for the main domain (the pre-existing example.com) we need to switch the internal gal to an external type to get full control on any aspect:
# This is to retrieve the $zimbra_ldap_password and $zimbra_ldap_userdn source bin/zmshutil zmsetvars zmprov mds galsync@example2.com InternalGAL zimbraGalType ldap \ zimbraGalSyncLdapBindDn $zimbra_ldap_userdn \ zimbraGalSyncLdapBindPassword $zimbra_ldap_password \ zimbraGalSyncLdapSearchBase dc=example2,dc=com \ zimbraGalSyncLdapURL ldap://zcs7-ga.cork.zimbralab.com:389 \ zimbraDataSourceType gal
Query filter customization
zmprov mds galsync@example2.com InternalGAL +zimbraGalSyncLdapFilter '(&(zimbraMailAlias=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))'
Attribute mappings
We now customize the Attribute mapping as well. In this case, we'll just map the basic displayName, zimbraMailAlias tuple:
zmprov mds galsync@example2.com InternalGAL +zimbraGalLdapAttrMap zimbraMailAlias=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16 zmprov mds galsync@example2.com InternalGAL +zimbraGalLdapAttrMap displayName,cn=fullName,fullName2,fullName3,fullName4,fullName5,fullName6,fullName7,fullName8,fullName9,fullName10
[...]
DataSources Checkpoint
To sum up once again, now the datasources for our galsync@example2.com user look like:
zimbra@zcs7-ga:~$ zmprov gds galsync@example2.com # name InternalGAL # type gal objectClass: zimbraDataSource objectClass: zimbraGalDataSource zimbraCreateTimestamp: 20111006122111Z zimbraDataSourceEnabled: TRUE zimbraDataSourceFolderId: 257 zimbraDataSourceId: b4deebab-8ef8-4296-9aba-363917764a9b zimbraDataSourceName: InternalGAL zimbraDataSourceType: gal zimbraGalLastFailedSyncTimestamp: 20111011120032Z zimbraGalLastSuccessfulSyncTimestamp: 20111011121437Z zimbraGalLdapAttrMap: telephoneNumber=workPhone zimbraGalLdapAttrMap: zimbraMailAlias=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16 zimbraGalLdapAttrMap: displayName,cn=fullName,fullName2,fullName3,fullName4,fullName5,fullName6,fullName7,fullName8,fullName9,fullName10 zimbraGalStatus: enabled zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra zimbraGalSyncLdapBindPassword: DRWzNVVYYp zimbraGalSyncLdapFilter: (&(zimbraMailAlias=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE))) zimbraGalSyncLdapSearchBase: dc=example2,dc=com zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389 zimbraGalType: ldap # name OtherDomainGAL # type gal objectClass: zimbraDataSource objectClass: zimbraGalDataSource zimbraCreateTimestamp: 20111006122636Z zimbraDataSourceEnabled: TRUE zimbraDataSourceFolderId: 259 zimbraDataSourceId: a2038d31-990d-4d3b-8df0-617fde2ccb02 zimbraDataSourceName: OtherDomainGAL zimbraDataSourceType: gal zimbraGalLastFailedSyncTimestamp: 20111006122724Z zimbraGalLastSuccessfulSyncTimestamp: 20111006123118Z zimbraGalStatus: enabled zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra zimbraGalSyncLdapBindPassword: DRWzNVVYYp zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE))) zimbraGalSyncLdapSearchBase: dc=example,dc=com zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389 zimbraGalType: ldap
Deleting a GAL datasource
Assuming you followed the above steps to get GALs configured:
zmprov deleteDataSource galsync@example2.com OtherDomainGAL zmmailbox -z -m galsync@example2.com deleteFolder _OtherDomainGAL
Deleting a GAL sync account
zmgsautil ra galsync@example2.com
zmprov gd example2.com zimbraGalAccountId # name example2.com zimbraGalAccountId: <ID> [...] zmprov md example2.com -zimbraGalAccountId <ID>