How to see ONLY aliases in the GAL and autocomplete?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Fela
Posts: 8
Joined: Wed Sep 16, 2015 7:22 am

How to see ONLY aliases in the GAL and autocomplete?

Postby Fela » Wed Sep 16, 2015 7:54 am

I am wondering if there is a way to show only aliases in the GAL listing and autocomplete. I am running ZCS Network version 8.6.0 P3.


I have already asked Zimbra support about this. After a lot of back and forth trying to get them to understand the issue, they had no answer. However they did create a bugzilla ticket for me, number 100556. There has been zero activity there though.


In my installation the Zimbra account names match the Active Directory account names (for authentication), but these names are not meant as email addresses. All the Zimbra accounts have aliases assigned to them that provide the "real" email address. However the default for the GAL listing is to show the account names, not the aliases. Autocomplete becomes very confusing for the users because it shows a mix of both account names and aliases.


This has become a serious issue for my company. The account name (AKA unofficial) email addresses are being exposed to clients and the outside world in general, making the situation critical.



chauvetp
Outstanding Member
Outstanding Member
Posts: 350
Joined: Fri Sep 12, 2014 11:28 pm

How to see ONLY aliases in the GAL and autocomplete?

Postby chauvetp » Wed Sep 16, 2015 9:35 am

This may be a nasty hack, but you could do the following:

Set all accounts to hide the GAL address (zmprov ma username@domain zimbraHideInGAL TRUE) or set as false via the class of service.



Then create distribution lists (with a single address) instead of the alias, and have those with zimbraHideInGAL FALSE.



For example, if my real address were: chauvetp@mydomain but I only wanted Paul@mydomain to show instead, I would hide chauvetp, but then create a distribution list for Paul@mydomain (with only a single destination address of chauvetp@mydomain).



It is cumbersome (until you can script/automate it) but should work.
Fela
Posts: 8
Joined: Wed Sep 16, 2015 7:22 am

How to see ONLY aliases in the GAL and autocomplete?

Postby Fela » Thu Sep 17, 2015 6:32 am

Thanks! That is a lot better than what I received from Zimbra support.



I have no problem scripting your method, but I am not sure if I want to go this way yet. Also I could possibly modify all the accounts, where I change the Zimbra account names to match the "real" addresses and make the aliases match the AD accounts.



I have to think about how these changes will impact my overall setup.



Thanks again.
Fela
Posts: 8
Joined: Wed Sep 16, 2015 7:22 am

How to see ONLY aliases in the GAL and autocomplete?

Postby Fela » Thu Sep 17, 2015 7:06 am

Actually exchanging the account names and aliases would break my AD authentication. Paul's method would be better from the AD side of things.
chauvetp
Outstanding Member
Outstanding Member
Posts: 350
Joined: Fri Sep 12, 2014 11:28 pm

How to see ONLY aliases in the GAL and autocomplete?

Postby chauvetp » Thu Sep 17, 2015 8:22 am

I would need to know a bit more about your environment for this to be certain, but this is going on the assumption that each account, if it has an alias, should have that alias set as a distribution list pointing to the real account.


Run the following for each account to obtain the aliases & display name (if you already know, via AD or otherwise what aliases should be created, forget this).  Use your scripting language of choice to pull out the actual responses (if I were using python, I'd run those commands with os.popen).



  • zmprov ga RealAccountName@domain zimbraMailAlias displayName

  • zmprov ma RealAccountName@domain zimbraHideInGal TRUE


For each alias shown, run the following:



  • zmprov removeAccountAlias RealAccountName@domain alias@domain

  • zmprov cdl alias@domain

  • zmprov adlm alias@domain RealAccountName@domain

  • zmprov mdl alias@domain displayName "FirstName LastName"


 

Fela
Posts: 8
Joined: Wed Sep 16, 2015 7:22 am

How to see ONLY aliases in the GAL and autocomplete?

Postby Fela » Thu Sep 17, 2015 9:10 am

I think this is what we are going to do for each account:



  1. Set "zimbraAuthLdapExternalDn" attribute.

  2. Remove the old alias.

  3. Rename the account to the "proper" name (zmprov ra ...)

  4. Maybe add an alias with the old account name, so users can transition to the proper name for authentication.


In the end we should have the proper addresses in the GAL, and we can delete the aliases afterward so they do not show up in autocomplete.


Thanks for your comments - again much better than what I got from Z support [:D]

mszusdziara
Posts: 3
Joined: Tue Nov 03, 2015 1:56 am

How to see ONLY aliases in the GAL and autocomplete?

Postby mszusdziara » Fri Nov 06, 2015 3:06 am

Hi all,


a simple solution is to modify the GAL mapping:


# view current mapping:


/opt/zimbra/bin/zmprov gacf | grep zimbraGalLdapAttr


# add new mapping:


/opt/zimbra/bin/zmprov mcf +zimbraGalLdapAttrMap zimbraMailAlias=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16


I however suggest to keep another option in case no alias is set.


# remove old mapping:


/opt/zimbra/bin/zmprov mcf -zimbraGalLdapAttrMap zimbraMailDeliveryAddress,zimbraMailAlias,mail=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16


# or whatever the output of the first command line would yield


# verify new mapping:


/opt/zimbra/bin/zmprov gacf | grep zimbraGalLdapAttr


Important: Keep the + and - in the zmprov commands otherwise you're in for a restore.


See https://wiki.zimbra.com/wiki/GAL_Attribute_Mapping for how and why this works.



HTH,


Matthias


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 7 guests