Mgolfieri-GalSyncAccount notes

Revision as of 13:12, 31 March 2015 by Jorge de la Cruz (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

This is a collection of steps for configuring a second domain while addressing some particular needs (for example, showing only aliases within a domain, etc). Main and official reference for GalSync operations remains http://wiki.zimbra.com/wiki/GAL_Sync_Account

When creating a new domain (example2.com here), a new galsync account is needed in most custom scenarios and it's generally recommended for performance reasons as well.

Creating the basic galsync account

To create the basic galsync account for the newly created example2.com domain (only @example2.com user emails found)

zmgsautil createAccount -a galsync@example2.com -n InternalGAL  --domain example2.com -s server.name -t zimbra -f _InternalGAL
zmgsautil forceSync -a galsync@example2.com -n InternalGAL

Adding another GAL from another domain

If we want to add users from other domains, there are other ways, but the following permits you to control almost any detail (see further below). In this case, we want to retrieve @example.com addresses as well:

zmmailbox -z -m galsync@example2.com createFolder --view contact /_OtherDomainGAL
zmgsautil createAccount -a galsync@example2.com -n OtherDomainGAL --domain example2.com -t ldap -f _OtherDomainGAL

# This is to retrieve the $zimbra_ldap_password and $zimbra_ldap_userdn
source bin/zmshutil 
zmsetvars

zmprov mds galsync@example2.com OtherDomainGAL \
 zimbraGalSyncLdapBindDn uid=zimbra,cn=admins,cn=zimbra \
 zimbraGalSyncLdapBindPassword $zimbra_ldap_password \
 zimbraGalSyncLdapFilter '(&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))' \
 zimbraGalSyncLdapSearchBase dc=example,dc=com \
 zimbraGalSyncLdapURL ldap://zcs7-ga.cork.zimbralab.com:389
zmprov mds galsync@example2.com OtherDomainGAL zimbraDataSourceEnabled TRUE 
zmgsautil forceSync -a galsync@example2.com -n OtherDomainGAL

[you can follow the above for any other datasource you want]


Enabling both GAL types

zmprov md example2.com zimbraGALMode both

At this point you might get an error within the logs about "Caused by: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL". In that case you have to:

zmprov mds galsync@example2.com InternalGAL zimbraDataSourceEnabled TRUE

Autocompletion not working?

If you don't see autocompletion working, it might just be a matter of setting:

Preferences-> Composing -> Include addresses in the GAL

DataSources Checkpoint

To sum up, now the datasources for our galsync@example2.com user look like:

zimbra@zcs7-ga:~$ zmprov gds galsync@example2.com
# name InternalGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20111006122111Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 257
zimbraDataSourceId: b4deebab-8ef8-4296-9aba-363917764a9b
zimbraDataSourceName: InternalGAL
zimbraDataSourceType: gal
zimbraGalLastSuccessfulSyncTimestamp: 20111011095955Z
zimbraGalStatus: enabled
zimbraGalType: zimbra 

# name OtherDomainGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20111006122636Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 259
zimbraDataSourceId: a2038d31-990d-4d3b-8df0-617fde2ccb02
zimbraDataSourceName: OtherDomainGAL
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20111006122724Z
zimbraGalLastSuccessfulSyncTimestamp: 20111006123118Z
zimbraGalStatus: enabled
zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra
zimbraGalSyncLdapBindPassword: DRWzNVVYYp
zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))
zimbraGalSyncLdapSearchBase: dc=example,dc=com
zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389
zimbraGalType: ldap


Customizing the LDAP query

Transforming the internal GAL to an external type

Now we want to see only aliases for the main domain (the pre-existing example.com) we need to switch the internal gal to an external type to get full control on any aspect:

# This is to retrieve the $zimbra_ldap_password and $zimbra_ldap_userdn
source bin/zmshutil 
zmsetvars

zmprov mds galsync@example2.com InternalGAL zimbraGalType ldap \
zimbraGalSyncLdapBindDn $zimbra_ldap_userdn \
zimbraGalSyncLdapBindPassword $zimbra_ldap_password \
zimbraGalSyncLdapSearchBase dc=example2,dc=com \
zimbraGalSyncLdapURL ldap://zcs7-ga.cork.zimbralab.com:389 \
zimbraDataSourceType gal


Query filter customization

zmprov mds galsync@example2.com InternalGAL +zimbraGalSyncLdapFilter  '(&(zimbraMailAlias=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))'

Attribute mappings

We now customize the Attribute mapping as well. In this case, we'll just map the basic displayName, zimbraMailAlias tuple:

zmprov mds galsync@example2.com InternalGAL +zimbraGalLdapAttrMap  zimbraMailAlias=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16
zmprov mds galsync@example2.com InternalGAL +zimbraGalLdapAttrMap displayName,cn=fullName,fullName2,fullName3,fullName4,fullName5,fullName6,fullName7,fullName8,fullName9,fullName10

[...]


DataSources Checkpoint

To sum up once again, now the datasources for our galsync@example2.com user look like:

zimbra@zcs7-ga:~$ zmprov gds galsync@example2.com
# name InternalGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20111006122111Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 257
zimbraDataSourceId: b4deebab-8ef8-4296-9aba-363917764a9b
zimbraDataSourceName: InternalGAL
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20111011120032Z
zimbraGalLastSuccessfulSyncTimestamp: 20111011121437Z
zimbraGalLdapAttrMap: telephoneNumber=workPhone
zimbraGalLdapAttrMap: zimbraMailAlias=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16
zimbraGalLdapAttrMap: displayName,cn=fullName,fullName2,fullName3,fullName4,fullName5,fullName6,fullName7,fullName8,fullName9,fullName10
zimbraGalStatus: enabled
zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra
zimbraGalSyncLdapBindPassword: DRWzNVVYYp
zimbraGalSyncLdapFilter: (&(zimbraMailAlias=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))
zimbraGalSyncLdapSearchBase: dc=example2,dc=com
zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389
zimbraGalType: ldap

# name OtherDomainGAL
# type gal
objectClass: zimbraDataSource
objectClass: zimbraGalDataSource
zimbraCreateTimestamp: 20111006122636Z
zimbraDataSourceEnabled: TRUE
zimbraDataSourceFolderId: 259
zimbraDataSourceId: a2038d31-990d-4d3b-8df0-617fde2ccb02
zimbraDataSourceName: OtherDomainGAL
zimbraDataSourceType: gal
zimbraGalLastFailedSyncTimestamp: 20111006122724Z
zimbraGalLastSuccessfulSyncTimestamp: 20111006123118Z
zimbraGalStatus: enabled
zimbraGalSyncLdapBindDn: uid=zimbra,cn=admins,cn=zimbra
zimbraGalSyncLdapBindPassword: DRWzNVVYYp
zimbraGalSyncLdapFilter: (&(mail=*)(zimbraAccountStatus=active)(!(zimbraHideInGAL=TRUE)))
zimbraGalSyncLdapSearchBase: dc=example,dc=com
zimbraGalSyncLdapURL: ldap://zcs7-ga.cork.zimbralab.com:389
zimbraGalType: ldap

Deleting a GAL datasource

Assuming you followed the above steps to get GALs configured:

zmprov deleteDataSource galsync@example2.com OtherDomainGAL
zmmailbox -z -m galsync@example2.com deleteFolder _OtherDomainGAL

Deleting a GAL sync account

zmgsautil ra galsync@example2.com
zmprov gd example2.com zimbraGalAccountId
# name example2.com
zimbraGalAccountId: <ID>
[...]

zmprov md example2.com -zimbraGalAccountId <ID>
Jump to: navigation, search