The collaboration system of any firm heavily depends on its global address list (GAL) which is a shared address book containing information about employees’ job title, location, phone numbers, and email address.
Implementation of such an important feature makes a huge difference in the flexibility of what administrators can do. As a Zimbra OSE user, you might have already run into some problems syncing your address book to external clients. For instance, this is a common issue of Microsoft Outlook users that Zimbra Global Address List is not available to external clients such as Microsoft Outlook and Mozilla Thunderbird.
In order to solve this problem, some workarounds have been previously introduced in order to make it possible to connect external desktop clients to Zimbra Global Address List, however, none of them is perfect. Previous workarounds either largely compromise the security or add additional steps to be performed by the system administrators. The Zextras Suite Address Book Service tries to address this problem with no security issue and no additional hassle for the administrators.
In the following, you will learn more about this service and why this is considered to be a better solution for the problem.
Why We Need a Better Solution
To put it simply, system administrators have already found some workaround to fix this problem that desktop clients such as Microsoft Outlook and Mozilla Thunderbird are not able to access the centralized Zimbra Global Address List. The most common workaround is to expose the Zimbra LDAP in order to make it accessible for desktop clients. Exposing the LDAP comes with a major impact on security. An attacker could gain a mountain of information from a published LDAP. Even if we neglect the security issue, the Zimbra LDAP schema and the clients are not necessarily compatible with each other, furthermore, the credential formats are different.
How Zextras Suite Solves It
Zextras Suite introduces a feature called Address Book which defines an emulated LDAP server that acts as a public address book, to ensure a comfortable experience for the end-users of Zimbra OSE by making the Global Address List and custom address books of the users available to external clients like Microsoft Outlook. This way there is no more concern for the security problems mentioned before while it has further advantages too.
Zextras Address Book Advantages
First and foremost, Zextras Address Book does not expose the LDAP. It also accepts only the contact search queries therefore, there would be no risk of escalation, and it does not have access to other LDAP objects. Furthermore, the Address Book feature, makes it possible to use the same credentials used in Exchange ActiveSync. Another advantage would be that it makes multiple address books available, including the Global Address List, custom address books of the user, and additional addressed books defined by the administrator.
Zextras Address Book Service
Zextras Address Book service is the core of the Address Book feature, which provides an endpoint for Microsoft Outlook clients to connect. The endpoint provided by the service is read-only, to improve the system’s security. By default, it provides access to the user’s GAL and the user’s own address book and contacts. Other users’ address books such as shared ones are not visible in the Address Book. Additional Address Books can be also exposed by the Administrator at the domain and global level. With Zextras Address Book the Outlook users would be able to search all the internal accounts and Distribution Lists that are included in the GAL and the contacts of shared AddresBook in their account or defined by the administrator.
The Address Book service can either work in conjunction with IMAP/POP or EAS. Microsoft Outlook can take advantage of Address Book service and EAS to provide an Outlook connector experience without any plugin on the client-side.
Desktop clients can access the service by connecting to port 8389 of the mailbox server hosting their mailbox. It requires mailbox to be exposed, otherwise, the following NAT rules must be added to it
iptables -t nat -A PREROUTING -p tcp --dport 8389 -j DNAT --to-destination mailbox_ipaddress:8389 iptables -A FORWARD -p tcp --dport 8389 -m state --state NEW,ESTABLISHED,RELATED
To learn how to access the Address Book from Outlook, please refer to Zextras Addressbook Outlook Setup.
Zextras Address Book can be accessed by the Outlook clients through the same credentials used for Exchange ActiveSync connection which can be either the email/password or a dedicated Mobile password set in Zextras Auth since the Address Book authentication is integrated with the Zextras Auth.
To learn more about the Zextras Address Book feature and its functionalities refer to Zextras Address Book Feature Documentation.