Have you ever found yourself scrambling to find a WebEx meeting invite minutes before the meeting is set to begin? Or if you are scheduling a meeting, you are constantly switching between WebEx and your calendar to create the meeting & calendar invite?

Well, those days are gone with the new WebEx Zimlet. The WebEx Zimlet now brings the power of WebEx right into your Zimbra calendar. To see the WebEx Zimlet in action, checkout this video.

Or to experience first hand, download the WebEx Zimlet at the Zimbra Gallery at http://gallery.zimbra.com/type/zimlet/webex.

Create WebEx meeting just like you would create a regular meeting.

Typically you would switch between Zimbra and WebEx to create a meeting. With the WebEx Zimlet, when creating your appointment in Zimbra, simply press the “Save as WebEx” button to create a WebEx meeting. The Zimlet automatically selects the configured WebEx account to be use (see below for information on multiple WebEx account setup), creates a WebEx meeting, inserts all the WebEx details (WebEx url, phone, passcode, etc) into the appointment body and saves the meeting.

Create a Quick meeting.

Allows users to quickly invite people and create a WebEx meeting.

Start or Join an existing meeting.

You do not have to scramble to find that WebEx invite or goto the WebEx site to find a meeting. You can view a list of meetings on your Webex Calendar and Start (as a host) or Join (as an attendee).

Manage multiple WebEx accounts.

You can store up to 5 WebEx accounts (with related conference calling information). This is especially useful if you are managing multiple shared calendars. For example, if you create a WebEx meeting in the CEO Calendar, the Zimlet will automatically uses CEO WebEx account information.

Full support for recurring meetings.

The WebEx Zimlet supports all of the WebEx recurring types and end-by patterns. Therefore, you can create virtually any kind of recurring meetings in Zimbra and the WebEx Zimlet creates an exact replica on WebEx.

Automatic time-zone configuration.

The WebEx Zimlet maps the 82 supported Zimbra time zones to the WebEx 61 time zones. This allows users to select a time zone and leave the setup of the WebEx meeting to the Zimlet.

Add meeting and tele-conference information to Subject/Location fields.

Lot of times its useful to just put the WebEx meeting and conference information in the location field itself. The WebEx Zimlet has a preference to select what you want to be appended and Zimlet automatically inserts the information.

As you can see, the WebEx Zimlet provides an awesome integration between Zimbra and WebEx. And will greatly simply your day-to-day online meetings.

Note: due to a technical difficulties, we apologize for the many updates and Tweets to this blog post.

A common integration question we hear is how to handle “sign-on” between an external enterprise application and Zimbra? This scenario is when a user has signed-on to an enterprise application (for example, a Customer Relationship Management system) and that application needs to access data stored in the user mailbox hosted on a Zimbra server. To transition from the enterprise application to Zimbra, you could prompt the user to re-enter a username/password but that is not a very seamless experience. To automatically “sign-on” the user as they move between systems requires a trusted third party to “vouch for” or “assert” the user identity.

Zimbra includes a proprietary protocol for achieving this assertion, which is referred to as “Preauth“.  Preauth works by having a key that is shared between a third party application/system and Zimbra. The third party specifies the userid, a timestamp, optionally an expiration time, and an SHA-1 HMAC value computed over that data using the shared key. The Zimbra server, after successfully validating the HMAC value received in the request, redirects the user to the target Zimbra service.

There is also an alternative: SAML. SAML (Security Assertion Markup Language) can be thought of as a standard way of achieving what Zimbra Preauth protocol does.

SAML is a standard that defines an XML-based framework for exchange of security information between various business services (see http://saml.xml.org/saml-technical-overview). It is a widely adopted standard for Single Sign-On (SSO) and Federated Identity use cases. So one can envision that in scenarios such as above, a SAML assertion could be issued for the user by a central/trusted Identity Management System within the enterprise, and that assertion could be used to allow access to Zimbra. A SAML assertion typically contains security information about a subject/principal and could, for example, convey information like “This user is John Doe, he has an email address of john.doe@example.com, he was authenticated into this system using a password mechanism, at this time and date, etc”.

Example Zimbra SAML Interactions

SAML interactions/exchanges take place between entities referred to as the SAML asserting party and the SAML relying party. An asserting party is an entity that creates/issues SAML assertions. It is also sometimes called a SAML authority. A relying party is an entity that uses assertions it has received.

The picture below illustrates a setup where a user accesses a Zimbra service using a SAML assertion without any Zimbra-proprietary authentication token/cookie or Preauth. In this configuration, the Zimbra server acts as the SAML relying party.

Here’s a brief description of the interactions happening in this setup:

1. User authenticates and requests a SAML assertion from the SAML authority. [Note: This step happens outside Zimbra]
2. The SAML authority makes sure that the user has been authenticated (by some means) and then issues a SAML assertion for the user. [Note: This step happens outside Zimbra]
3. The user’s client sends a SOAP request containing an assertion identifier to the Zimbra server:

   <soap:Envelope xmlns:soap='http://www.w3.org/2003/05/soap-envelope'>
       <soap:Header>
           <context xmlns='urn:zimbra'>
               <authToken type='SAML_AUTH_PROVIDER'>b07b804c-7c29-ea16-7300-4f3d6f7928ac</authToken>
           </context>
       </soap:Header>
       <soap:Body>
           <SomeRequest xmlns='urn:zimbraMail'>…</SomeRequest>
       </soap:Body>
   </soap:Envelope>
   

   [Note: The client could have alternatively sent the SAML assertion itself inside the request. Also, we are designating the auth token type as SAML_AUTH_PROVIDER, which is a custom authentication provider you must create for your environment. Later in this blog, we describe how to use Zimbra Server Extensions to implement a custom SAML Auth Provider.]

4. Zimbra server calls the SAML Authority and inquires about the assertion by passing the identifier:

   <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
       <soap:Body>
           <samlp:AssertionIDRequest ID="id-1268148042731" Version="2.0" ... >
               <samlp:AssertionIDRef>b07b804c-7c29-ea16-7300-4f3d6f7928ac</samlp:AssertionIDRef>
           </samlp:AssertionIDRequest>
       </soap:Body>
   </soap:Envelope>
   

5. The SAML Authority trusts the Zimbra server (relying party) and looks up its store of issued assertions and responds with the assertion:

   <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
       <soap:Body>
           <samlp:Response ID="id-1268148042741" ... >
               <samlp:Status>
                   <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
               </samlp:Status>
               <saml:Assertion ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac" ... >
                   <saml:Issuer>http://samlAuthority</saml:Issuer>
                   <saml:Subject>
                       <saml:NameID>user1@domain.com</saml:NameID>
                       <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
                   </saml:Subject>
                   <saml:Conditions NotBefore="2010-03-09T09:22:05Z" NotOnOrAfter="2020-12-05T09:27:05Z">
                       <saml:AudienceRestriction>
                           <saml:Audience>http://zimbra</saml:Audience>
                       </saml:AudienceRestriction>
                   </saml:Conditions>
                   <saml:AuthnStatement AuthnInstant="2010-03-09T09:22:00Z">
                       <saml:AuthnContext>
                       <saml:AuthnContextClassRef>...SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
                       </saml:AuthnContext>
                   </saml:AuthnStatement>
               </saml:Assertion>
           </samlp:Response>
       </soap:Body>
   </soap:Envelope>
   

6. Based on its trust on the SAML authority, the Zimbra server validates the SAML assertion and sends back a response to the client:

   <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
       <soap:Header>…</soap:Header>
       <soap:Body>
           <SomeResponse xmlns="urn:zimbraMail">…</SomeResponse>
       </soap:Body>
   </soap:Envelope>
   

Note: The sample messages shown above are very simplistic. In the real world, the message exchanges, especially those between the relying party and the SAML authority, are secured using TLS and/or message-level security mechanisms.

Implementing the SAML Auth Provider

The Zimbra server provides various extension points to allow extending the Zimbra server functionality (see Extending Zimbra with Server Extensions). One such extension point is the com.zimbra.cs.service.AuthProvider abstract class and an abstract sub-class the ZimbraAuthProvider. These classes know how to process/validate the Zimbra proprietary authentication tokens (or cookies).

To support SAML assertions (or tokens) within Zimbra, you can write a SamlAuthProvider class that extends AuthProvider:

public class SamlAuthProvider extends AuthProvider {

    protected SamlAuthProvider() {
        super("SAML_AUTH_PROVIDER");
    }

    protected AuthToken authToken(Element soapCtxt, Map engineCtxt) throws AuthProviderException, AuthTokenException {
        // Extract SAML assertion identifier from soap context
        // Call SAML authority and request for the SAML assertion corresponding to the identifier
        // Validate and return the SAML assertion (token)
    }
    ...
}

The SamlAuthProvider can be registered with the Zimbra server by doing the following inside the ZimbraExtension.init() method:

AuthProvider.register(new SamlAuthProvider());
AuthProvider.refresh();

Additionally, the  “zimbra_auth_provider” localconfig property needs to be modified (using the Zimbra Command Line Interface) to add your custom saml auth provider to the list of registered “zimbra auth providers”:

zmlocalconfig -e zimbra_auth_provider=SAML_AUTH_PROVIDER,Zimbra

As you can see, this is a powerful mechanism for extending Zimbra to support SAML and create a seamless Single-Sign-On experience. Although the AuthProvider class is not officially supported yet in a production environment yet, it is fine to use it in a proof of concept or an experimental project.

As you may have noticed, we have just posted the recording of the Zimbra Collaboration Suite 6-to-7 and VMware Overview webinar. This was hugely popular — hundreds of customers, partners and community members attended — because it covered three critical areas of Zimbra’s future:

• What’s in ZCS 6.0 (powerful new admin features, Enterprise support and usability improvements) as well as near-term additions (such as support for Android, BES 5.0, BES Express, and Outlook 2010).
• The roadmap of ZCS 7.0 and beyond: a fascinating discussion of calendar wizards, powerful distribution lists, workspaces, and IM changes.
• The future with VMware: how Zimbra fits within the VMware stack and the value it brings to the Zimbra environment (notably an appliance, vSphere integration for DR, HA and site recovery).

 
We also received many excellent questions – too many to answer during the live session, so we’ll cover the remaining here:

Q: Zimlets, IMHO, should allow push as well as pull; akin to what IM does at the moment.  Realtime phone apps require that capability to allow popups in a client session.
A: Real-time push and pull updates are fully supported in the ZWC, Zimlet should be able to do the same.

Q: Is the IM server connection change slated for the Network or Open Source Edition?
A: External XMPP proxy/interop it is scheduled for both.

Q: Do you have public calendars for appointments or a conference room? And only certain people can reserve timeframe and all others can view?
A: The use case here is akin to a “board room” where only certain people have rights to book the room, but everyone can view the availability of that room. The answer is yes: you can create a public calendar for the conference room as a resource, and then permit only specific users to reserve that resource.

Q: Better quarantining of emails, AS/AV stats. and per user prefs. akin to MailScanner and MailWatch
A: Zimbra team is expanding its anti-spamming and anti-virus functionality. Stay tuned for more information. In the meantime, you may want to consider using some postfix capable methods.

Q: Any word on per-user read state on messages?
A: The use case here is when multiple users have access to a single account, one user clicking on a message will mark it as read for all other future users. The feature enhancement (individual user state on shared messages) takes significant effort, has not been committed yet, but is discussed thoroughly in bugzilla. If this is a feature you feel is crucial, please vote for it or mention so in a support case.

Q: Would email tracking likely to be a feature that will be added back in; since zmmsgtrace was pulled?
A: There is a enhancement request for a tracing replacement, but have not yet released a schedule; stay tuned for more details. If you feel this is a key feature, please comment on its implementation in bugzilla.

Q: Which of the features are targeted @ the FOSS or the Network Edition?
A: We generally don’t make final decisions until we approach the release date. Check pm.zimbra.com for specific feature release information, and vote for the features you see as most valuable.

Q: Will Zimbra DR allow realtime replication and from a multi-tenant experience allow geo connection to the most appropriate server ?
A: We are going to leverag all of the High Availability and Data Recovery options that are provided by vSphere (and partners). We’re also looking at additional capabilities beyond that using direct server sync – stay tuned.

Q: VMware recommends single processor vms for best performance. Looking forward to easier multi-component zimbra installation or guide.
A: The VMware team suggests using the fewest number of virtual cpus required to satisfy the workload. If you need four, you should use four. See the new Zimbra on vSphere Recommendations wiki article for more information.

Q: Will VMware Update Manager take care of the updates?
A: Look for future announcements – perhaps for a release sometime in 2011.

Q: With respect to the appliance, would one be allowed to tune SA and CLAMAV?
A: By design, there is no CLI or shell in the Zimbra Appliance. It’s built for simplicity of management, so all configuration and administration will be done through a new web-based streamlined UI; likewise if something is not in our current admin console it’s probably not built into the appliance yet either.

Q: Could you expand on the AD / External Auth changes that you will be making? In connection with that, will you be able to deploy Zimbra and have it automatically keep in sync with users in Active Directory?
A: For the appliance, there will be a one time bulk import.
Here are the RFE’s: 44835 | 45223 | 45174 Please vote for the features that are important to you.
For ZCS, we are not making any AD/ External Auth changes. Zmexternaldirsync does this today.

Q: Any plans to improve the management console for zimbra network edition, i.e. Monitoring and Status tools? I would like to see the kind of admin tools you’d find with mdaemon or other similar apps. Right now it’s slow and doesn’t provide much visual feedback.
A: We’re working with Hyperic for additional monitoring and reporting capabilities. We have not released a schedule yet, more details soon.

Q: Are there firm time lines on 32 bit phaseout?
A: The end of 7.0 will be the last time 32-bit is supported, and the dates are not yet finalized. Therefore, it will be quite some time before 32-bit is depreciated. We recommend that you move to 64-bit if you are new to Zimbra or planning an upgrade. See the phase out FAQ for more details.

Q: Will migration from physical 32 bit system to Appliance be built in to appliance? or have migration tool to perform this?
A: The zimbra-to-zimbra migration tool is completely independent of the hardware. You should be able to migrate from a 32-bit machine to the appliance without a problem.

Q: There has been a lot of contention on the forums about the priority of particular rfe’s/bugs; now with greater resources would Zimbra look at a different type of voting mechanism?
A: If you are having trouble with the current methods or a hitting ’show-stopper’ issue please contact the community mangers to help you. (As always, customers also have the option of directing inquires through support to raise their urgency.) Having said this, we’re always open to new ideas for the community process. If you prefer a specific voting mechanism, we’d like to hear about it – and the 7.0 detailed roadmap will be open soon.

Q: Scaling on VMWare… it’s going to be 2011 before we’ll be able to run mailbox servers on VM with thousands of accounts per mailbox?
A: Zimbra already supports thousands of mailboxes in a virtualized environment. The Zimbra Appliance, which will require little-to-no configuration or administration — a “cloud in a box” — is slated for small- to medium-sized businesses.

Q: What about official CentOS support?
A: Since one cannot get support at the operating system provider level, our technical staff can’t 100% support it. Having said that, it should perform similarly to RHEL.

Q: Is HSM going to change?
A: The Hierarchical Storage Management in the Network Edition doesn’t have any major changes targeted till 8.0 server. (We did add the ability to offload other items besides messages in 6.0 with a search type query.) There are no plans on adding HSM to the Open Source Edition.

Q: Are there plans to allow installation on big iron like HP IA64 ? (RX range)
A: Not yet, as there does not appear to be a business case to build and test on big iron. You can file this as a feature enhancement and ask others to vote for it.

Q: How do I find new zimlets?
A: We have a renewed Zimlet plugins site with more than 80 contributions. Look for future additions such as a revamp social & IM zimlets, additional salesforce integration, webex changes, smart scheduler and many others: gallery.zimbra.com

Q: ZCS web question: Being able to separate windows from Zimbra is nice for emails. How about having that for all of the other apps (contacts, calendar etc)?
A: Yes, this is something we are working on. An example is tabbed calendaring, which is slated for version 7.

Q: Will there be tool to bulk loading documents into Briefcase, especially if supporting collaborating workgroups?
A: Yes, there will be a migration tool. And at some point in the future, we’ll have multi-file import in the web-client. If you are looking for convenient file sync today, so far we’ve built-in webDAV support.

Q: Looking forward to whitepapers and wiki for vmware/zimbra. Encourage?. mailto is also a problem for us.
A: Whitepapers and wikis are soon to come. Were looking into EWS for Entourage. The Zimbra Desktop does work with mailto links. It is defaulted off (to change it, go to the preferences and select zimbra desktop as the default mailto handler).

Q: Can you mention the URL for the new dev Wiki?
A: A good place to start wiki.zimbra.com/wiki/ZCS_6.0:Zimlet_Developers_Guide:Introduction

With over 55 million commercial Zimbra mailboxes deployed worldwide, and millions more on open source, there are many users reaping the benefits of our next-generation collaboration experience. Many factors contributed to our rapid adoption — such as integrated conversation views, tagging, sharing, powerful search, and mobility — but one of the most important is the ability to customize and extend Zimbra.

To promote extensibility, the Zimbra platform exposes powerful Theme, Data and Zimlet APIs. With these APIs, you can customize everything from branding and interface styles…to integrating external applications & services…to implementing new features. And with a vibrant Community continually using these technologies to enhance Zimbra, the customization you are looking for might already be available.

To that end, we have been busy at work leveraging new resources from our friends at VMware and are pleased to announce the new Zimbra Gallery as the destination for sharing Zimbra product extensions.

The new Gallery includes improved navigation and search capabilities so it is easier than ever to find extensions for Zimbra. The Gallery supports ratings and reviews so Community members can share their feedback and experiences. It is also much easier to share extensions, update status and highlight your work with improved extension “landing pages.”

Checkout the new Gallery at http://gallery.zimbra.com

The Gallery includes new Zimlets & Themes as well as some updated favorites such as Appointment Summary, Birthday Reminder, Email Attachment Alert, Email Downloader and Email Quotes.

Please visit the Gallery, download extensions, provide feedback and contribute. We look forward to seeing the library of available extensions in the Zimbra Gallery expand in the weeks and months to come. Enjoy!

Recently we updated our listing on VMware’s Virtual Appliance Marketplace with a trial version of ZCS Network Edition 6.0.6. We packaged it up in two formats – traditional VMX/VMDK and the Open Virtualization Format, OVF for short, using VMware Studio. The traditional VMX/VMDK package can be use with VMware’s desktop products like Workstation for Linux/Windows and Fusion for MAC. You can also go grab VMware Player for FREE and test drive the ZCS trial on either Linux or Windows. The OVF package can be used “out-of-the-box” with VMware vSphere or imported to other VMware desktop and server products using the standalone OVF Tool 1.0 or vCenter Converter.

The OVF 1.0 format is a platform independent, DMTF standard that streamlines the application setup process in a virtual environment.  This makes deploying the ZCS trial fast and simple to testdrive the latest features.

• You can deploy the ZCS trial OVF package right from a URL directly to VMware vSphere using the “Deploy OVF Template” wizard in the vSphere Client or the OVF Tool 1.0.
• The vSphere Client reads the OVF template and auto-configures certain virtual machine settings as well as guides you through mapping the network and storage configurations into your target runtime environment.
• You will also be prompted to answer runtime specific installation parameters like the ZCS server’s hostname and the admin username/password.

All of the captured input is used on “first boot” to automatically configure the ZCS trial as a unique running instance complete with an activated 15 day trial license! This is a good example of the collaboration that’s been happening between the Zimbra and vSphere teams and a sign of good things to come as we are busy building our Zimbra virtual appliance.

The Zimbra virtual appliance will be ready to ship later this year and will feature a

• Simplified Admin experience
• Expanded usage of OVF properties to further streamline the deployment process
• New capabilities to simplify patch management, mailbox creation, and migration

For more information, you can check out the appliance RFEs in bugzilla.

UPDATE: You can now find this at http://www.zimbra.com/products/zimbra-appliance.html

Zimlets and the ability to extend the Zimbra Web Client is a pretty widely known capability. But did you know that Zimbra also has a framework that allows developers to extend Zimbra server-side functionality?

Zimbra Server Extensions provide a mechanism to add functionality to the server in lieu of modifying web.xml and other web server configuration files. By implementing a Server Extension, you can inject or in some cases, intercept, server-side functionality. Some examples include:

• Handling authentication requests against a user store different than the built-in Zimbra LDAP user store. Server Extensions provide a way to “plug-in” your custom authentication mechanism.
• Creating custom SOAP requests to augment the current Zimbra SOAP API.
• Registering custom mime handlers for the processing of message mime components (i.e. body, message and multipart nodes).
• Performing registration or “bootstrapping” of server-side components, such as the Microsoft Exchange Free/Busy resolver.

Getting Started

Writing an extension starts by implementing the com.zimbra.cs.extension.ZimbraExtension interface:

public interface ZimbraExtension {

    /**
     * Defines a name for the extension. It must be an identifier.
     * @return the extension name
     */
    public String getName();

    /**
     * Initializes the extension. Called when the extension is loaded.
     *
     * @throws ServiceException
     */
    public void init() throws ServiceException;

    /**
     * Terminates the extension. Called when the server is shut down.
     *
     */
    public void destroy();
}

To create your Extension:

1. Write a MyZimbraExtension class that implements the ZimbraExtension interface.
2. Create a JAR file (for example: myext.jar) and include the following attribute in the JAR manifest file:
   • Zimbra-Extension-Class: com.example.MyZimbraExtension
3. Place the myext.jar into the {zimbra_install-dir}/lib/ext/{my-ext-dir} directory.

Below are a few examples, though not an exhaustive list, of how the Server Extension framework can be used:

Custom HTTP Handlers

A Server Extension can process HTTP GET/POST/OPTIONS requests by extending the com.zimbra.cs.extension.ExtensionHttpHandler abstract class and registering the subclass in the Extension init() method.

public class MyHttpHandler implements ExtensionHttpHandler {

    // the path under which MyHandler is registered
    public String getPath() {
        return "/myext/myhandler";
    }

    // override doGet/doPost/ doOptions as needed
    ...
}

and in MyZimbraExtension.init(), do the following:

com.zimbra.cs.extension.ExtensionDispatcherServlet.register(this, new MyHttpHandler());

This would result in processing of requests at http://{my-zimbra-server-url}/service/extension/myext/myhandler being delegated to the MyHttpHandler class.

Custom SOAP Requests

If an Extension needs to support extra SOAP requests, it can do so by implementing the com.zimbra.soap.DocumentService interface and registering custom SOAP requests & operations handlers from it.

public class MyDocumentService implements DocumentService {

    /**
     * Registers <code>DocumentHandler<code> instance with document dispatcher.
     */
    public void registerHandlers(DocumentDispatcher dispatcher) {
        dispatcher.registerHandler(HelloWorldOp.REQUEST_QNAME, new HelloWorldOp());
    }
}

and in MyZimbraExtension.init(), do the following:

com.zimbra.soap.SoapServlet.addService("SoapServlet", new MyDocumentService());

Custom Authentication

If your Zimbra deployment needs to authenticate user passwords from, for example, a “home grown” authentication system and not from LDAP (which is the out-of-the-box Zimbra solution), the Extension can do so by extending the com.zimbra.cs.account.auth.ZimbraCustomAuth abstract class.  The subclass would have to implement an authenticate() method to which the plain-text password is passed as one of the arguments.

Learn More

A detailed implementation document is available at ZimbraServer/docs/extensions.txt. Now that we’ve introduced the topic, stay tuned for more information on specific Server Extension implementation examples. 

For years, the Zimbra Collaboration Suite (ZCS) has exposed mailbox data via REST. And lately, a few customers have asked about the Zimbra REST API (e.g. How is the API used? What methods are available? How does the Zimbra REST API compare to the Zimbra SOAP API?). So I thought it would be good to revisit the topic.

Some background: REST (REpresentational State Transfer) is an approach for building application services that make application resources available via a URL. There is more than ample information about REST out there on the web so I’ll just point you to the REST Wikipedia article for simplicity.

The Zimbra REST API is a great mechanism for reading user mailbox data and outputting that data in different formats (everything from XML-and-JSON to RSS-and-Atom to iCal-and-VCF). In addition to reading data, we’ve exposed methods to import items — like contacts and appointments — into a mailbox. This capability is very useful when performing a migration (i.e. “how do I import contacts from one system into Zimbra?”)

Here is an example of using the REST API to read mailbox data: if you want an output of messages from the “john doe” inbox folder, you call the Zimbra REST API like this:

http://localhost:7070/home/john.doe/inbox?fmt=xml

You can try this method against a Zimbra server via a browser but more commonly customers use the REST API methods from perl scripts or PHP applications…or even just from the command line using curl.

Here is an example of importing contacts into the “john doe” account: perform a POST of a CSV file to the “contacts” folder. The following command shows importing contacts using curl:

curl -{username}:{password} --upload-file /tmp/mycontacts.csv http://localhost:7070/home/john.doe/contacts?fmt=csv

That’s just a couple examples and as you can see, the REST API is a simple yet powerful mechanism for accessing mailbox data. For more information on the Zimbra REST API (i.e. information on authentication, output formats or just a list & syntax for the REST API methods), here is a link to Zimbra REST API Reference document:

http://wiki.zimbra.com/index.php?title=ZCS_6.0:Zimbra_REST_API_Reference

One more thing: A very common question is: “why does the SOAP API support so many more functions than the REST API?” Well, the Zimbra REST API is different (in form and function) than the Zimbra SOAP API. At a high level, it’s really an apples-to-oranges comparison. The REST API is for accessing user mailbox data, and the SOAP API is for executing functionality on the server (which can access user mailbox data and also perform account and administrative functions).

The Zimbra SOAP API is the foundational platform service that the Zimbra Web Client uses to communicate between the browser and the Zimbra server. As you can imagine, to create the rich interface experience the Zimbra Web Client delivers, the SOAP API is very complete with advanced and complex functionality, much more than the REST API. To re-create all of this complex functionality in REST API would be a challenge as well as take significant time. So as the alternative, we expose the SOAP API for direct use by our customers & partners.

But that’s another story…I’ll save the Zimbra SOAP API discussion for a different day…until then, enjoy the REST API and happy coding!

Zimbra’s massive user base means our new product releases reach farther than ever before. How far? Consider our 50 million paid mailbox count. With that comes the responsibility to make our solutions exactly what people need when it comes to shaping the future of communication.

So what are some of the top requested features included in the first release of Zimbra Collaboration Suite 6.0?

Sync your phone like never before.

We’ve added user trigger-able device wipe, server policies, and tasks to the existing MobileSync support for email, contacts, and appointments.

Arrange and personalize the interface.

Read and compose multiple messages in tabs without the need for pop-out windows using the advanced AJAX client. Widescreen? Move the reading pane to the side.

 

Presentation Framework.

Create new presentations (as well as documents and spreadsheets) from the briefcase – no need for external software to run them.

 

Calendar views. Direct CalDav connections. Streamlined contacts.

Our feature rich UI has new layouts including fisyeye and a sortable list view. Access an external ICS/CalDAV url – with adjustable automatic update polling frequencies. For the address book: Rather than pages of blanks to fill out, add only the contact fields you want.

 

Lite-client overhauls galore.

The standard HTML client now includes all our primary apps, plus the ability to drag items like it’s AJAX cousin. Using a web-browser on your mobile device? There’s multiple variants based on device type and connection speed. We’ve added appointment management functionality to the portable web-client, a simplified login page, as well as file access.

Role based administration.

Delegate. Empower distribution list managers without worrying about them accidentially changing major server settings. Even let someone add or remove members, but not create or delete existing lists – the views and ACL rights are that customizable. Hosting providers can now give one account permission to manage multiple domains or adjust class-of-service features.

 

Connect with your social world.

Zimlets now have the ability to define application or preferences tabs. So use the new Social Zimlet to manage Twitter, Facebook, or just browse Digg. Try the Discover Zimlet to visit all that Del.icio.us has to offer.

Share Management.

Join a new group? Get up to speed fast – receive and an instant email about all the available shares. Didn’t accept that invite long ago but turns out you need something? Rather than digging it up, just use the new share tool to see what you have permissions on; or have given to others.

 

Server Architecture Improvements.

A few of the powerful under-the-hood changes include a new OpenLDAP engine with the ability to make on the fly config tweaks, SQLite & RRD for logger, customizable hierarchical storage queries. Plus we’ve exposed a UI for the stats service – giving you quick insight on just about everything you can think of.

Someone on the Zimbra freenode channel recently asked: “Why skip the usual numbering scheme?” Well, we felt the above along with several hundred other groundbreaking enhancements made it worthy of a major revision number instead of a more modest 5.5 designation. Be sure to checkout read receipts, browseable company directories (global address list sync folders), on-behalf sending options, print size controls, published (self-enabled) Zimlet settings, fast on-demand/header-first sync in the Outlook connector, and the ability to run filters over existing items.

We’ll have to stop listing improvements there, but the great strides of Zimbra’s growth trajectory can ultimately be traced back to the power of our partner model and community ecosystem. While we don’t reflect Open Source Edition users in our metrics, everyone here certainly recognizes their role in making the Zimbra Server what it is today. So no matter which edition you use, our engineering team invites you to leave us some feedback on version 6.0.1 over in the forums. What features do you want to see implemented next? Let us know below, or test the nightly builds for a glimpse of aspects like pressure based page scrolling, support for the CardDav standard, and the ability to remove attachments but retain an email body; all of which are just a heartbeat away.

With thousands of votes from the Zimbra community submitted to our product management database, and tens of thousands of hours logged by our engineering team, we are excited to officially announce Zimbra Collaboration Suite 6.0.

ZCS 6.0 is chock full of everything you asked for – because we made sure to check off the hit list of top requests. Some of the highlights include improved delegation and share management, increased productivity with three-pane email view, read receipts, remote wipe for mobile devices, and more. Our goal was also to make ZCS 6.0 the most flexible product yet, so we’ve also made it easier than ever to integrate 3^rd party software. You can learn more about the new features in 6.0 later today in a deep-dive blog post.

But that’s not the only recent milestone: Did you ever wonder what Zimbra and South Africa have in common? No it’s not our love for South African Hip Hop or Kwaito … it is that Zimbra just bested their population of 49.3 million because today, we have surpassed the 50,000,000th paid mailbox mark. Meaning if all Zimbra users made up their own country they would be the 25^th most populous in the world, edging up on Italy (Pasta anyone?). It’s amazing that we were able to gain ten million paid mailboxes just six months after reaching 40 million. Those 50 million accounts are spread across over 100,000 organizations that are now using Zimbra throughout the globe. That leap can only be attributed to our wonderful collection of partners and developers who continually remind us what people need so we can deliver the best collaboration product on the market.

We’ve been lucky to have the opportunity to work with a wide range of customers – from enterprises such as Mediacom and WebMD, to new government organizations including The Drug Enforcement Administration (DEA), Greece’s Ministry of Foreign Affairs, and Oman’s Ministry of Health; to educational institutions like Swarthmore College, Ecole Polytechnique de Montreal, and Savannah College of Art and Design.

Below are images a new mash-up built around ZCS 6 platform enhancements enabling Zimlets to be core application tabs.  “Zimbra Social” keeps you on top of all your Facebook, Twitter and Digg goodness.

Get the latest version of the Social Zimlet from the Gallery

Thanks again for all your support and feedback; hope you enjoy ZCS 6.0!
Network Edition server download | Open Source Edition server download

You can also find a bit more about what’s new in ZCS 6 on the Zimbra website.