Setting Up Free Busy Interop with Exchange 2007: Difference between revisions

Line 5: Line 5:
===To setup===
===To setup===


1. Create a role account in Exchange to be used by Zimbra
1. Create a role account (or service account) in Exchange to be used by Zimbra


2. Configure Zimbra using zmprov modifyConfig
2. Configure Zimbra using zmprov modifyConfig
*Exchange Role account:  
*Exchange Role (service) account:  
  zmprov mcf zimbraFreebusyExchangeAuthUsername [role account name]
  zmprov mcf zimbraFreebusyExchangeAuthUsername myexchangezmfreebusyacct
*Role account password:  
*Role account password:  
  zmprov mcf zimbraFreebusyExchangeAuthPassword [role account password]
  zmprov mcf zimbraFreebusyExchangeAuthPassword [role account password]
*Exchange Authorization Schema:  
*Exchange Authorization Schema:  
  zmprov mcf zimbraFreebusyExchangeAuthScheme form
  zmprov mcf zimbraFreebusyExchangeAuthScheme basic
The '''form ''' is either basic or form. '''Basic''' is authentication to Exchange via HTTP basic authentication. '''Form''' is authentication to Exchange as HTML form based authentication.  
The '''form ''' is either basic or form. '''Basic''' is authentication to Exchange via HTTP basic authentication. '''Form''' is authentication to Exchange as HTML form based authentication.  
*URL to Exchange 2007 CAS server:  
*URL to Exchange 2007 CAS server:  
Line 19: Line 19:
*'''legacydn''' attribute in Exchange 2007:  
*'''legacydn''' attribute in Exchange 2007:  
  zmprov mcf zimbraFreebusyExchangeUserOrg "/o=first organization/ou=exchange administrative group (fydibohf23spdlt)"
  zmprov mcf zimbraFreebusyExchangeUserOrg "/o=first organization/ou=exchange administrative group (fydibohf23spdlt)"
You can verify your Exchange User Org by using adsiedit on a domain controller and looking at the legacyExchangeDN attribute on the Configuration/Services/Microsoft Exchange/??/Administrative Groups


You will also need to ensure that the CAS server is forwarding requests to the webdav service back to the backend Mailbox server.
You will also need to ensure that the CAS server is forwarding requests to the webdav service back to the backend Mailbox server.

Revision as of 21:28, 6 August 2010

Zimbra Lookup Exchange Free Busy

Zimbra can lookup Exchange Free/Busy (F/B) by using the legacy webdav interface. This returns F/B information from Exchange’s F/B public folder.

To setup

1. Create a role account (or service account) in Exchange to be used by Zimbra

2. Configure Zimbra using zmprov modifyConfig

  • Exchange Role (service) account:
zmprov mcf zimbraFreebusyExchangeAuthUsername myexchangezmfreebusyacct 
  • Role account password:
zmprov mcf zimbraFreebusyExchangeAuthPassword [role account password]
  • Exchange Authorization Schema:
zmprov mcf zimbraFreebusyExchangeAuthScheme basic

The form is either basic or form. Basic is authentication to Exchange via HTTP basic authentication. Form is authentication to Exchange as HTML form based authentication.

  • URL to Exchange 2007 CAS server:
zmprov mcf zimbraFreebusyExchangeURL https://[URL of CAS server] 
  • legacydn attribute in Exchange 2007:
zmprov mcf zimbraFreebusyExchangeUserOrg "/o=first organization/ou=exchange administrative group (fydibohf23spdlt)"

You can verify your Exchange User Org by using adsiedit on a domain controller and looking at the legacyExchangeDN attribute on the Configuration/Services/Microsoft Exchange/??/Administrative Groups

You will also need to ensure that the CAS server is forwarding requests to the webdav service back to the backend Mailbox server.

Zimbra pushes F/B information to Exchange using the legacy public folder interface via webdav. This is similar to how an Exchange 2003 server would push F/B information to an Exchange 2007 server. This requires that an Exchange mail contact be created for each Zimbra account that is participating in F/B sharing.

Exchange Lookup Zimbra Free Busy

Exchange users will view the F/B information that is associated with the mail contact that has been created for the Zimbra user.

To setup

1.A role account needs to exist in Exchange with permission to update the Exchange F/B public folder. This can be done via Powershell:

add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First
Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" -user zimbra -accessrights owner 

2.Tell Exchange to search public folders for Zimbra domains.

Add-AvailabilityAddressSpace -forestname [zimbra domain] -accessmethod publicfolder 

3.Create mail contact for Zimbra user new-mailcontact

New-MailContact -name [zimbra account]_zimbra -alias [zimbra account]_[optional suffix] -firstname [firstname]
-lastname [lastname] -ExternalEmailAddress [zimbra account]@[host] -OrganizationalUnit [OU for Zimbra mail contacts]
-domaincontroller [domain controller] set-mailcontact -id [zimbra account]_zimbra -displayname "[display name]"
-UseMapiRichTextFormat never -emailaddresspolicyenabled $false -ExternalEmailAddress [zimbra account]@[host]
-EmailAddresses [zimbra account]@[host] -customattribute15 [optional tag] -domaincontroller [domain controller] 

The above will create a mail contact that will be used by Zimbra. To reduce the risk of a collision in namespace a suffix can be added to denote a Zimbra account (i.e. “_zimbra”). A custom attribute can be added to assist in merging of Exchange and Zimbra GAL

4.Configure Zimbra account to push F/B to Exchange. This assumes that the role account has already been configured. This can be done via zmprov:

zmprov ma [zimbra account] +zimbraForeignPrincipal ad:[exchange mail contact]

Merged Zimbra/Exchange GAL

Once F/B sharing has been setup, the last step is to merge the GAL on the two systems. In Exchange no further work needs to be done since all Zimbra accounts should be appearing as a mail contact in the GAL. In Zimbra you need to setup an external LDAP source. To set this up:

1.Configure zimbra domain:

zmprov md [zimbra domain] zimbraGalLdapFilter 
(&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(!(msExchHideFromAddressLists=TRUE))
(!(extensionAttribute15=[optionaltag]))(mailNickname=*)(|(objectClass=user)(objectCla
ss=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributio
nList)(objectClass=group)(objectClass=publicFolder))) 
zmprov md [zimbra domain] zimbraGalLdapSearchBase [AD base DN] 
zmprov md [zimbra domain] zimbraGalLdapURL ldaps://[domain controller]:636 
zmprov md [zimbra domain] zimbraGalMode both 
zmprov md [zimbra.example.com] zimbraGalLdapBindDn [zimbra role account in Exchange] 
zmprov md [zimbra.example.com] zimbraGalLdapBindPassword [zimbra role account password]

Once this is configured, Zimbra will be able to see entries from the Exchange GAL. The custom tag is used to exclude Zimbra mail contacts to avoid duplicate entries. This requires that the Exchange domain controllers are searchable via LDAP and have a valid SSL certificate that Zimbra recognizes.

If you are using self-signed certificates or a different CA you’ll need to import it into Zimbra: [run as the user “zimbra”]

/opt/zimbra/java/bin/keytool -import -trustcacerts -alias "[alias for CA]" \ -file [CA file] -keystore
/opt/zimbra/java/jre/lib/security/cacerts
Verified Against: ZCS 5.0. Date Created: 4/28/2009
Article ID: https://wiki.zimbra.com/index.php?title=Setting_Up_Free_Busy_Interop_with_Exchange_2007 Date Modified: 2010-08-06



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search