Ok so, first you have to enable it - as we decided against it in Bug">
http://bugzilla.zimbra.com/show_bug.cgi?id=37600>Bug 37600 - prompt to automatically create GAL accounts (currently neither upgrade nor new installs; though I expect we'll someday re-consider for new installs probably)
[quote]zmgsautil createAccount -a
galsync@domain.com -n zimbra --domain domain.com -t zimbra -p 1d
zmgsautil fullSync -a
galsync@domain.com -n zimbra[/quote]Admin console configuration is added in the soon to be released D4/RC1:
http://i25.tinypic.com/2i0xmba.jpg />
What it is:
Previously since there were no notifications on deletes. Sync just enumerated through all accounts that had been created/modified since the last sync token/timestamp. If an admin deleted an entry there is nothing for to return, and hence the ZCO/ZD never got notified. This is solved by using contact folders to work against (which get populated with a datasource).
Search results (soap SyncGalRequest) will page (there are offset & limit attributes). Thus the result can be retrieved a chunk at a time, just like SearchResult for mail items with previous & next buttons.
Now the content of SyncGal response can come from either LDAP server, or from addressbook of gal sync accounts.To explain that:
-Traditionally the response would inline all the gal entries modified since last sync. If the client was doing initial gal sync, then it would return the entire gal in single soap response.
-With this new feature, the GAL sync client can fetch the content at a leisurely pace. The client can then use GetContactsRequest and list the ids as a batch, x a time.
-(Also added element to SyncGalResponse so the sync client doesn't have to do full sync as often.)
-All the full sync request (request without syncToken) will sync against LDAP so that the sync client downloading 50k contacts won't hog the mailbox. (But it is still possibly do do full against a galsync account as discussed below).
-With this fix, all the old ZCO and ZD clients will sync against LDAP for full sync, and use gal sync account for any incremental sync.
-If the new clients should set idOnly=true in SyncGalRequest, then even the full sync will use the galsync account and allow paginated retrieval of GAL contacts.
What it can do, but wasn't designed for:
Had a convo about what people were expecting in Bug">
http://bugzilla.zimbra.com/show_bug.cgi?id=37115>Bug 37115 - GalSyncAccountUtil forceSync should create non-existant entries if in query in short:
You can add additional/non-zimbra addresses to it (since we never emptyFolder and avoid contacts that don't have a comparable LDAP entry). So 'technically' Bug">
http://bugzilla.zimbra.com/show_bug.cgi?id=29697>Bug 29697 - External (non-Zimbra) addresses in GAL was implemented...
However, you can loose changes to Zimbra internal/external ldap addresses in those contact folders super easily (on next LDAP change & fullSync, or next forceSync - unless you specifically turn sync on the datasource off and manually import, but that kinda makes it useless after all since now your doing more work...) ie: It's one way.
Sub-folder 'department sorting' seems to work ok with both full & force sync (though honestly editing LDAP fields that show in ZWC & ZAC is probably better long term), whomever you have managing the structure should understand they should only move, contact edits won't stay.
So, if someone wants to see everyone in a big folder (rather than search) you can share the galsync account's contact folder at will, but do it read only for the most part.
I know there were a lot of dupes into that RFE; some wanted to allow a few powerusers to add additional data on the gal members. Though actual LDAP entries would be way better, essentially they plan use this for a makeshift bug Bug">
http://bugzilla.zimbra.com/show_bug.cgi?id=19429>Bug 19429 - more detailed access rights to update the GAL & Bug">
http://bugzilla.zimbra.com/show_bug.cgi?id=5953>Bug 5953 - allow user to edit their own LDAP/GAL attributes (Long term we should really grant a specific set attrs right on modifyAccount permission just for the values the poweruser needs to touch.) - Even though it's not the intended purpose someone will use it this way...plus we don't expose every field in the admin console that we do in ZWC contacts app, and they don''t want to hop into the admin console just to update contact info.
To summarize intended usage:
At this time GAL sync accounts (partial syncing & paged results) are not enabled by default; should be manually configured by running zmgsautil.
The tool zmgsautil supports three sync modes, trickleSync, fullSync and forceSync. The default polling interval used by datasource invokes fullSync. trickleSync brings in new and modified contacts. fullSync also updates deleted contacts. forceSync reload the all contacts, and should be used in case GAL search parameters have changed significantly (LDAP filter, search base, etc)
Three main configuration possibilities are Zimbra GAL only, external GAL only, and both Zimbra and external GAL. When GAL sync accounts are not fully configured. e.g. If zimbraGalMode is both but GAL sync account is set up for Zimbra only or if GAL sync accounts are in maintenance, then traditional LDAP based search/sync/autocomplete will be done.