D732.1775252308.diff
No OneTemporary
Actions

Authored By

Unknown

Size

146 KB

Referenced Files

None

Subscribers

None

D732.1775252308.diff
View Options

	diff --git a/.arclint b/.arclint
	--- a/.arclint
	+++ b/.arclint
	@@ -19,11 +19,13 @@
	"E131": "disabled",
	"E201": "disabled",
	"E202": "disabled",
	+ "E221": "disabled",
	"E225": "disabled",
	"E231": "disabled",
	"E251": "disabled",
	"E261": "disabled",
	"E265": "disabled",
	+ "E266": "disabled",
	"E302": "disabled",
	"E303": "disabled",
	"E402": "disabled",
	diff --git a/conf/kolab.conf b/conf/kolab.conf
	--- a/conf/kolab.conf
	+++ b/conf/kolab.conf
	@@ -226,7 +226,7 @@

	; The same as for users, but applicable to groups
	group_base_dn = ou=Groups,%(base_dn)s
	-group_filter = (\|(objectclass=groupofuniquenames)(objectclass=groupofurls))
	+group_filter = (\|(objectclass=%(group_objectclass)s)(objectclass=groupofurls))
	group_scope = sub
	kolab_group_filter = (\|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))

	diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
	--- a/pykolab/auth/__init__.py
	+++ b/pykolab/auth/__init__.py
	@@ -49,7 +49,6 @@
	Login is a simple list of username, password, service and,
	optionally, the realm.
	"""
	-
	if len(login) == 3:
	# The realm has not been specified. See if we know whether or not
	# to use virtual_domains, as this may be a cause for the realm not
	@@ -58,12 +57,12 @@

	# TODO: Insert debug statements
	#if use_virtual_domains == "userid":
	- #print "# Derive domain from login[0]"
	+ # print "# Derive domain from login[0]"
	#elif not use_virtual_domains:
	- #print "# Explicitly do not user virtual domains??"
	+ # print "# Explicitly do not user virtual domains??"
	#else:
	- ## Do use virtual domains, derive domain from login[0]
	- #print "# Derive domain from login[0]"
	+ # ## Do use virtual domains, derive domain from login[0]
	+ # print "# Derive domain from login[0]"

	if len(login[0].split('@')) > 1:
	domain = login[0].split('@')[1]
	@@ -86,7 +85,7 @@
	back to the primary domain specified by the configuration.
	"""

	- log.debug(_("Called for domain %r") % (domain), level=8)
	+ log.debug(_("Called for domain %r") % (domain), level=5)

	if not self._auth == None:
	return
	@@ -99,14 +98,10 @@
	section = 'kolab'
	domain = conf.get('kolab', 'primary_domain')
	else:
	+ log.debug(_("Getting list of domains for %s ...") % (domain), level=5)
	self.list_domains(domain)
	section = domain

	- log.debug(
	- _("Using section %s and domain %s") % (section,domain),
	- level=8
	- )
	-
	if not self.domains == None and self.domains.has_key(domain):
	section = self.domains[domain]
	domain = self.domains[domain]
	@@ -116,13 +111,6 @@
	level=8
	)

	- log.debug(
	- _("Connecting to Authentication backend for domain %s") % (
	- domain
	- ),
	- level=8
	- )
	-
	if not conf.has_section(section):
	section = 'kolab'

	@@ -142,21 +130,32 @@
	level=8
	)

	+ _auth_mechanism = conf.get(section, 'auth_mechanism')
	+
	# Get the actual authentication and authorization backend.
	- if conf.get(section, 'auth_mechanism') == 'ldap':
	- log.debug(_("Starting LDAP..."), level=8)
	+ if _auth_mechanism == 'ldap':
	+ log.debug(_("Initializing LDAP..."), level=8)
	from pykolab.auth import ldap
	self._auth = ldap.LDAP(self.domain)

	- elif conf.get(section, 'auth_mechanism') == 'sql':
	+ elif _auth_mechanism == 'sql':
	+ log.debug(_("Initializing SQL..."), level=8)
	from pykolab.auth import sql
	self._auth = sql.SQL(self.domain)

	else:
	- log.debug(_("Starting LDAP..."), level=8)
	+ log.debug(_("Fallback to LDAP. Initializing ..."), level=5)
	from pykolab.auth import ldap
	self._auth = ldap.LDAP(self.domain)

	+ log.debug(
	+ _("Connecting to Authentication %s backend for domain %s") % (
	+ _auth_mechanism,
	+ domain
	+ ),
	+ level=5
	+ )
	+
	self._auth.connect()

	def disconnect(self, domain=None):
	@@ -277,6 +276,8 @@
	for secondary in secondaries:
	self.domains[secondary.lower()] = primary.lower()

	+ log.debug(_("List of domains for %s is: %s") % (domain, ", ".join(self.domains)), level=8)
	+
	return self.domains

	def synchronize(self, mode=0, callback=None):
	@@ -291,6 +292,9 @@
	def primary_domain_for_naming_context(self, domain):
	return self._auth._primary_domain_for_naming_context(domain)

	+ def add_entry(self, domain, entry):
	+ return self._auth._add_entry(entry)
	+
	def get_entry_attribute(self, domain, entry, attribute):
	return self._auth.get_entry_attribute(entry, attribute)

	diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
	--- a/pykolab/auth/ldap/__init__.py
	+++ b/pykolab/auth/ldap/__init__.py
	@@ -1525,6 +1525,26 @@
	log.debug(_("bind_priv() called but already bound"), level=8)
	return True

	+ def _add_entry(self, entry):
	+ """
	+ Add generic type of entry.
	+
	+ Initialy created for setup-kolab to be able to add AD schema
	+ by parsing Kolab AD schema ldif file
	+
	+ entry - dictionary, same as search results
	+ """
	+ self._bind()
	+
	+ entry_dn, entry_attrs = entry
	+
	+ log.debug(_("Entry DN: %s, with attributes: %s") % (entry_dn, entry_attrs), level=8)
	+
	+ self.ldap.add_s(
	+ entry_dn,
	+ entry_attrs
	+ )
	+
	def _change_add_group(self, entry, change):
	"""
	An entry of type group was added.
	diff --git a/pykolab/conf/__init__.py b/pykolab/conf/__init__.py
	--- a/pykolab/conf/__init__.py
	+++ b/pykolab/conf/__init__.py
	@@ -223,8 +223,10 @@
	log.error(_("Configuration file %s not readable") % config_file)

	config = SafeConfigParser()
	- log.debug(_("Reading configuration file %s") % config_file, level=8)
	+ log.debug(_("Setting default configuration options: %s") % config.sections(), level=8)
	+ config.readfp(self.defaults.default_conf())
	try:
	+ log.debug(_("Reading configuration file %s") % config_file, level=8)
	config.read(config_file)
	except:
	log.error(_("Invalid configuration file %s") % config_file)
	@@ -329,7 +331,7 @@
	if self.cli_args:
	if len(self.cli_args) >= 1:
	if hasattr(self,"command_%s" % self.cli_args[0].replace('-','_')):
	- exec("self.command_%s(%r)" % (self.cli_args[0].replace('-','_'), self.cli_args[1:]))
	+ exec("self.command_%s(%r)" % (self.cli_args[0].replace('-','_'), self.cli_args[1:]))
	else:
	print >> sys.stderr, _("No command supplied")

	@@ -367,7 +369,7 @@
	continue

	for key in keys:
	- print "%s_%s = %s" % (mode, key ,self.cfg_parser.get(mode,key))
	+ print "%s_%s = %s" % (mode, key, self.cfg_parser.get(mode,key))

	def read_config(self, value=None):
	"""
	@@ -381,11 +383,12 @@
	value = self.cli_keywords.config_file

	self.cfg_parser = SafeConfigParser()
	+ self.cfg_parser.readfp(self.defaults.default_conf())
	self.cfg_parser.read(value)

	if hasattr(self, 'cli_keywords') and hasattr(self.cli_keywords, 'config_file'):
	self.cli_keywords.config_file = value
	- self.defaults.config_file = value
	+
	self.config_file = value

	def command_get(self, args, *kw):
	diff --git a/pykolab/conf/defaults.py b/pykolab/conf/defaults.py
	--- a/pykolab/conf/defaults.py
	+++ b/pykolab/conf/defaults.py
	@@ -18,8 +18,10 @@
	#

	import logging
	+from StringIO import StringIO

	class Defaults(object):
	+
	def __init__(self, plugins=None):
	self.loglevel = logging.CRITICAL

	@@ -39,4 +41,37 @@
	self.kolab_default_locale = 'en_US'
	self.ldap_unique_attribute = 'nsuniqueid'

	- self.wallace_resource_calendar_expire_days = 100
	\ No newline at end of file
	+ # LDAPS connection certificate verification
	+ self.ldap_verify_certs = 'never'
	+
	+ # Static group object class, because ActiveDirectory uses objectClass=group
	+ self.ldap_group_objectclass = 'groupOfUniqueNames'
	+ self.ldap_group_member_attr = 'uniqueMember'
	+
	+ self.wallace_resource_calendar_expire_days = 100
	+
	+ def default_conf(self):
	+ default_config = """
	+[cyrus]
	+annotations_retry_interval = %(cyrus_annotations_retry_interval)s
	+
	+[ldap]
	+group_objectclass = %(ldap_group_objectclass)s
	+group_member_attr = %(ldap_group_member_attr)s
	+verify_certs = %(ldap_verify_certs)s
	+unique_attribute = %(ldap_unique_attribute)s
	+mail_attributes = %(mail_attributes)s
	+mailserver_attribute = %(mailserver_attribute)s
	+
	+[kolab]
	+default_locale = %(kolab_default_locale)s
	+domain_sync_interval = %(kolab_domain_sync_interval)s
	+
	+[kolab_smtp_access_policy]
	+address_search_attrs = %(address_search_attrs)s
	+
	+[wallace]
	+resource_calendar_expire_days = %(wallace_resource_calendar_expire_days)s
	+""" % self.__dict__
	+
	+ return StringIO(default_config)
	diff --git a/pykolab/constants.py.in b/pykolab/constants.py.in
	--- a/pykolab/constants.py.in
	+++ b/pykolab/constants.py.in
	@@ -20,6 +20,7 @@
	import math
	import socket
	import sys
	+import os

	from pykolab.translate import _

	@@ -88,6 +89,12 @@
	'one': ldap.SCOPE_ONELEVEL
	}

	+LDAP_VERIFY_CERTS = {
	+ 'allow': ldap.OPT_X_TLS_ALLOW,
	+ 'demand': ldap.OPT_X_TLS_DEMAND,
	+ 'never': ldap.OPT_X_TLS_NEVER
	+ }
	+
	SUPPORTED_LDAP_CONTROLS = {
	0: {
	'desc': 'Persistent Search Control',
	@@ -118,3 +125,17 @@
	# 'func': '_sync_repl'
	# }
	# }
	+
	+
	+# Binay attributes which should not be stripped
	+BINARY_ATTRS = (
	+ 'objectguid',
	+ 'objectsid'
	+ )
	+
	+TEMPLATE_LOCATIONS = (
	+ '/etc/kolab/templates/',
	+ '/usr/share/kolab/templates/',
	+ '/usr/share/doc/pykolab/templates',
	+ os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates'))
	+ )
	diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
	--- a/pykolab/setup/setup_ldap.py
	+++ b/pykolab/setup/setup_ldap.py
	@@ -17,11 +17,15 @@
	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	#

	+import base64
	import ldap
	import ldap.modlist
	+import ldap.dn
	+import ldif
	import os
	import pwd
	import shutil
	+import socket
	import subprocess
	import tempfile
	import time
	@@ -35,6 +39,9 @@
	from pykolab.constants import *
	from pykolab.translate import _

	+from StringIO import StringIO
	+from jinja2 import Template
	+
	log = pykolab.getLogger('pykolab.setup')
	conf = pykolab.getConf()

	@@ -95,20 +102,468 @@
	def description():
	return _("Setup LDAP.")

	+def get_answers():
	+
	+ answers = {}
	+
	+ if conf.fqdn:
	+ answers['fqdn'] = conf.fqdn
	+ answers['hostname'] = conf.fqdn.split('.')[0]
	+ answers['domain'] = '.'.join(conf.fqdn.split('.')[1:])
	+ else:
	+ answers['fqdn'] = fqdn
	+ answers['hostname'] = hostname.split('.')[0]
	+ answers['domain'] = domainname
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ This setup procedure plans to set up Kolab Groupware for
	+ the following domain name space. This domain name is
	+ obtained from the reverse DNS entry on your network
	+ interface. Please confirm this is the appropriate domain
	+ name space.
	+ """)
	+ )
	+
	+ answers['domain'] = utils.ask_question(
	+ _("Domain name to use"),
	+ default = answers['domain']
	+ )
	+
	+ answers['nodotdomain'] = answers['domain'].replace('.','_')
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ The standard root dn we composed for you follows. Please
	+ confirm this is the root dn you wish to use.
	+ """)
	+ )
	+
	+ answers['base_dn'] = utils.ask_question(
	+ _("LDAP base DN"),
	+ default = utils.standard_root_dn(answers['domain'])
	+ )
	+
	+ if conf.with_ad:
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply Active Directory Administrator bind DN.
	+ This will be used to bind to Active Directory LDAP to
	+ perform various administrative tasks. This user should
	+ have necessary privileges in Active Directory already.
	+ """)
	+ )
	+
	+ answers['bind_dn'] = utils.ask_question(
	+ _("AD Administrator bind DN"),
	+ default="CN=Administrator,CN=Users,%s" % answers['base_dn']
	+ )
	+ elif not conf.with_ad and not conf.with_openldap:
	+ # Assuming Dirsrv
	+ answers['bind_dn'] = "cn=Directory Manager"
	+ log.info(_("Default administrative bind dn for Directory Server: %s") % answers['bind_dn'])
	+
	+ # Get cn=Directory Manger password
	+ if conf.directory_manager_pwd is not None:
	+ # password was set with command line options
	+ answers['bind_pw'] = conf.directory_manager_pwd
	+ else:
	+ # Ask for password
	+ if conf.with_ad:
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply a password for the Active Directory Administrator user.
	+ """)
	+ )
	+ _short_text = _("Active Directory administrator password")
	+ else:
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply a password for the LDAP Directory Manager
	+ user, which is the administrator user you will be using
	+ to at least initially log in to the Web Admin, and that
	+ Kolab uses to perform administrative tasks.
	+ """)
	+ )
	+ _short_text = _("Directory Manager password")
	+
	+ answers['bind_pw'] = utils.ask_question(
	+ _short_text,
	+ default=utils.generate_password(),
	+ password=True,
	+ confirm=True
	+ )
	+
	+ # Ask only if LDAP is DS
	+ if not conf.with_openldap and not conf.with_ad:
	+ # Get Dirsrv Admin server admin user pass
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply a password for the LDAP administrator user
	+ 'admin', used to login to the graphical console of 389
	+ Directory server.
	+ """)
	+ )
	+
	+ answers['admin_pass'] = utils.ask_question(
	+ _("Administrator password"),
	+ default=utils.generate_password(),
	+ password=True,
	+ confirm=True
	+ )
	+
	+
	+ # Set users for DS LDAP
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please choose the system user and group the service
	+ should use to run under. These should be existing,
	+ unprivileged, local system POSIX accounts with no shell.
	+ """)
	+ )
	+
	+ try:
	+ pw = pwd.getpwnam("dirsrv")
	+ except:
	+ answers['userid'] = utils.ask_question(_("User"), default="nobody")
	+ answers['group'] = utils.ask_question(_("Group"), default="nobody")
	+ else:
	+ answers['userid'] = utils.ask_question(_("User"), default="dirsrv")
	+ answers['group'] = utils.ask_question(_("Group"), default="dirsrv")
	+
	+ # Ask if Active Directory
	+ elif conf.with_ad and not conf.with_openldap:
	+ # Get answers for Active Directory setup
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Specify basic Active Directory connection information.
	+ """)
	+ )
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Specify LDAP tree DN for Kolab related data. Kolab specific
	+ LDAP records such as Kolab domain information, special users
	+ for Kolab, shared folders and resources LDAP information.
	+ """)
	+ )
	+
	+ answers['kolab_tree_dn'] = utils.ask_question(
	+ _("AD LDAP tree for Kolab:"),
	+ default="OU=Kolab,%s" % answers['base_dn']
	+ )
	+
	+ answers['specialuser_base_dn'] = "OU=Special Users,%s" % answers['kolab_tree_dn']
	+ answers['cyrus_admin_dn'] = "CN=Cyrus Admin,%s" % answers['specialuser_base_dn']
	+ answers['service_bind_dn'] = "CN=Kolab Service,%s" % answers['specialuser_base_dn']
	+ answers['domain_base_dn'] = "OU=Domains,%s" % answers['kolab_tree_dn']
	+ answers['group_base_dn'] = "OU=Groups,%s" % answers['kolab_tree_dn']
	+ answers['resource_base_dn'] = "OU=Resources,%s" % answers['kolab_tree_dn']
	+ answers['sharedfolder_base_dn'] = "OU=Shared Folders,%s" % answers['kolab_tree_dn']
	+ answers['user_base_dn'] = "CN=Users,%s" % answers['base_dn']
	+ answers['kolab_user_base_dn'] = answers['user_base_dn']
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please provide Active Directory server URI. Setup will use it to load
	+ Kolab schema into AD and then will configure Kolab to run with AD as
	+ LDAP server. Schema can be loaded to schema master server only wherefore
	+ this needs to be URI specifying AD schema master. You can change AD server
	+ URI later, in kolab.conf file.
	+ """)
	+ )
	+
	+ #answers['ldap_uri'] = utils.ask_question(
	+ # _("AD server URI"),
	+ # default="ldap://adserver.domain:389"
	+ # )
	+ answers['ldap_uri'] = utils.ask_question(
	+ _("AD server URI"),
	+ default="ldaps://w2k16-1.ad-lab.loc:636"
	+ )
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply a Cyrus Administrator password. This
	+ password is used by Kolab to execute administrative
	+ tasks in Cyrus IMAP. You may also need the password
	+ yourself to troubleshoot Cyrus IMAP and/or perform
	+ other administrative tasks against Cyrus IMAP directly.
	+ """)
	+ )
	+
	+ answers['cyrus_admin_password'] = utils.ask_question(
	+ _("Cyrus Administrator password"),
	+ default=utils.generate_password(),
	+ password=True,
	+ confirm=True
	+ )
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Please supply a Kolab Service account password. This
	+ account is used by various services such as Postfix,
	+ and Roundcube, as anonymous binds to the LDAP server
	+ will not be allowed.
	+ """)
	+ )
	+
	+ answers['service_bind_pw'] = utils.ask_question(
	+ _("Kolab Service password"),
	+ default=utils.generate_password(),
	+ password=True,
	+ confirm=True
	+ )
	+
	+ return answers
	+
	+def ad_schema_import(args, *kwargs):
	+ """
	+ Function to load Kolab schema to Active Directory
	+ Does checks if ldap_uri points to Schema master
	+ """
	+ conf.ldap_uri = kwargs['ldap_uri']
	+
	+ # Create LDAP connection
	+ try:
	+ auth = Auth(kwargs['domain'])
	+ auth.connect(immediate=True)
	+ auth._auth.connect()
	+ auth._auth._bind(kwargs['bind_dn'], kwargs['bind_pw'])
	+
	+ ad_schema_naming_context = auth._auth.get_entry_attribute("", "schemaNamingContext")
	+
	+ log.debug("AD Schema Naming context is %s" % ad_schema_naming_context, level=8)
	+
	+ # Find out AD schema master server. Only this server has writable copy of
	+ # AD schema. First need to get fsmoRoleOwner attribute value.
	+ ad_fsmo_attribute = auth._auth.get_entry_attribute(ad_schema_naming_context, "fSMORoleOwner")
	+
	+ log.debug(_("AD FSMO Role Owner entry is: %s") % ad_fsmo_attribute, level=8)
	+ except Exception as errmsg:
	+ log.error(_("Could not connect to LDAP. Error: %s") % errmsg)
	+ sys.exit(1)
	+
	+ # Now get parent of fsmoRoleOwner
	+ if ad_fsmo_attribute is not None:
	+ ad_fsmo_dn = ldap.dn.explode_dn(ad_fsmo_attribute)
	+ ad_fsmo_parent = ','.join(ad_fsmo_dn[1:])
	+
	+ log.debug(_("AD FSMO entry parent is: %s") % ad_fsmo_parent, level=8)
	+
	+ # Look for dNSHostName attribute of the parent
	+ if ad_fsmo_parent is not None:
	+ ad_schema_master = auth._auth.get_entry_attribute(ad_fsmo_parent, "dNSHostName")
	+ log.debug(_("AD schema master server is: %s") % ad_schema_master, level=8)
	+
	+ (
	+ _ad_protocol,
	+ _ad_server,
	+ _ad_port,
	+ _ad_base_dn,
	+ _ad_attr,
	+ _ad_scope,
	+ _ad_filter
	+ ) = utils.parse_ldap_uri(conf.ldap_uri)
	+
	+ if not _ad_server == ad_schema_master:
	+ log.debug(_("AD schema master %s is not the same as %s.") % (ad_schema_master, _ad_server), level=5)
	+ log.error(_("Cannot install Kolab schema on AD server which is not schema master"))
	+ sys.exit(1)
	+
	+ template_file = utils.find_template(file_name='kolab3-ad-schema.ldif.j2')
	+
	+ if not template_file == None:
	+ log.debug(_("Using template file %r") % (template_file), level=8)
	+ fp = open(template_file, 'r')
	+ template_definition = fp.read()
	+ fp.close()
	+
	+ schema_template = Template(template_definition)
	+
	+ log.debug(
	+ _("Successfully compiled template %r, ready to add schema to AD server") % (template_file),
	+ level=8
	+ )
	+
	+ schema_ldif = StringIO(
	+ schema_template.render(ad_schema_naming_context=ad_schema_naming_context).__str__()
	+ )
	+
	+ parser = ldif.LDIFRecordList(schema_ldif)
	+ parser.parse()
	+
	+ # If silent install or install without asking questions
	+ # when no need to ask confirmation
	+ if kwargs['confirm']:
	+
	+ print >> sys.stderr, utils.multiline_message(
	+ _("""
	+ Setup is going to add Kolab schema elements to
	+ Active Directory. This is ireversable operation.
	+ """)
	+ )
	+
	+ confirmed = utils.ask_confirmation(
	+ _("Modify Active Directory schema?"),
	+ default="y"
	+ )
	+
	+ else:
	+ # this is silent install
	+ confirmed = True
	+
	+ if confirmed:
	+ for dn, attributes in parser.all_records:
	+ log.debug("Adding DN: %s" % dn, level=5)
	+ try:
	+ add_attributes = ldap.modlist.addModlist(attributes)
	+ auth._auth.ldap.add_s(dn, add_attributes)
	+ except ldap.ALREADY_EXISTS:
	+ log.warning(_("Schema element already exist: %s") % dn)
	+ continue
	+ except ldap.NO_SUCH_ATTRIBUTE:
	+ log.warning(_("Could not add %s schema element. Force update and retry.") % dn)
	+ try:
	+ auth._auth.set_entry_attribute("", "schemaUpdateNow", "1")
	+ time.sleep(2)
	+ auth._auth.ldap.add_s(dn, add_attributes)
	+ except:
	+ log.error(_("Failed to add %s Kolab schema element.") % dn)
	+ sys.exit(1)
	+ except Exception, errorMsg:
	+ log.error(_("Could not add schema element: %s") % dn)
	+ log.error(_("Error: %s") % errorMsg )
	+ sys.exit(1)
	+ else:
	+ log.error(_("Kolab schema must be installed before you continue."))
	+ sys.exit(1)
	+
	+def ldap_data_load(args, *kwargs):
	+ """
	+ Function to setup LDAP tree
	+ """
	+ conf.ldap_uri = kwargs['ldap_uri']
	+
	+ # Create LDAP connection
	+ auth = Auth(kwargs['domain'])
	+ auth.connect()
	+ auth._auth.connect()
	+ auth._auth._bind(kwargs['bind_dn'], kwargs['bind_pw'])
	+
	+ (
	+ _protocol,
	+ _server,
	+ _port,
	+ _base_dn,
	+ _attr,
	+ _scope,
	+ _filter
	+ ) = utils.parse_ldap_uri(conf.ldap_uri)
	+
	+ ad_ldaps = False
	+ if _protocol == 'ldap' and conf.with_ad:
	+ log.info(_("Active Directory passwords cannot be set over %s protocol.") % (_protocol))
	+ elif _protocol == "ldaps" and conf.with_ad:
	+ ad_ldaps = True
	+
	+ if not kwargs['template'] == None:
	+ log.debug(_("Using template file %r") % (kwargs['template']), level=8)
	+ fp = open(kwargs['template'], 'r')
	+ template_definition = fp.read()
	+ fp.close()
	+
	+ _template_vars = kwargs
	+ _template_vars['ad_ldaps'] = ad_ldaps
	+ _template_vars['cyrus_admin_password_base64'] = base64.b64encode(
	+ unicode("\"" + kwargs['cyrus_admin_password'] + "\"", "iso-8859-1").encode('utf-16-le')
	+ )
	+ _template_vars['service_bind_pw_base64'] = base64.b64encode(
	+ unicode("\"" + kwargs['service_bind_pw'] + "\"", "iso-8859-1").encode('utf-16-le')
	+ )
	+
	+ compiled_template = Template(template_definition)
	+
	+ log.debug(_("Successfully compiled template %r") % (kwargs['template']), level=1)
	+
	+ rendered_template = compiled_template.render(**_template_vars).__str__()
	+
	+ log.debug(_("Importing LDIF %s") % rendered_template, level=8)
	+
	+ template_ldif = StringIO(rendered_template)
	+
	+ parser = ldif.LDIFRecordList(template_ldif)
	+ parser.parse()
	+
	+ for dn, attributes in parser.all_records:
	+ log.debug("Adding DN: %s" % dn, level=5)
	+ try:
	+ add_attributes = ldap.modlist.addModlist(attributes)
	+ # Do the actual synchronous add-operation to the ldapserver
	+ auth._auth.ldap.add_s(dn, add_attributes)
	+ except ldap.ALREADY_EXISTS:
	+ log.warning(_("Object already exist: %s") % dn)
	+ continue
	+ except Exception, errorMsg:
	+ log.error(_("Could not add object: %s") % dn)
	+ log.error(_("Error: %s") % errorMsg )
	+ sys.exit(1)
	+
	+def ldap_get_supported_controls(args, *kwargs):
	+ """
	+ Function to find which controls are supported by given LDAP server
	+ and pykolab. Return the list as a string.
	+ """
	+ auth = Auth(kwargs['domain'])
	+ auth.connect(immediate=True)
	+ auth._auth.connect()
	+ auth._auth._bind(kwargs['bind_dn'], kwargs['bind_pw'])
	+
	+ _ldap_controls = auth._auth.get_entry_attribute("", "supportedControl")
	+ supported_controls = []
	+ for _ldap_control in _ldap_controls:
	+ for _control_id, _control_def in SUPPORTED_LDAP_CONTROLS.iteritems():
	+ if _control_def['oid'] == _ldap_control:
	+ log.debug(_("Found control supported by pykolab: Id:%s Def: %s") % (_control_id, _control_def), level=8)
	+ supported_controls.append(_control_id)
	+
	+ # Return supported controls as a string
	+ return ','.join(map(str, supported_controls))
	+
	def execute(args, *kw):
	ask_questions = True

	+ _input = {}
	+
	if not conf.config_file == conf.defaults.config_file:
	+ log.debug(_("Using supplied config file to answer all questions"), level=5)
	ask_questions = False
	+ if conf.fqdn is not None:
	+ log.debug(_("FQDN specified. Setting other dependend values"), level=8)
	+ _input['fqdn'] = conf.fqdn
	+ _input['hostname'] = conf.fqdn.split('.')[0]
	+ _input['domain'] = '.'.join(conf.fqdn.split('.')[1:])
	+ else:
	+ log.debug(_("FQDN not specified. Derriving from defalts"), level=8)
	+ _input['fqdn'] = fqdn
	+ _input['hostname'] = hostname.split('.')[0]
	+
	+ if conf.get('kolab', 'primary_domain') is not None:
	+ _input['domain'] = conf.get('kolab', 'primary_domain')
	+ else:
	+ _input['domain'] = domainname
	+
	+ if conf.get('ldap', 'base_dn') is not None:
	+ _input['base_dn'] = conf.get('ldap', 'base_dn')
	+ else:
	+ _input['base_dn'] = utils.standard_root_dn(_input['domain'])

	if conf.without_ldap:
	print >> sys.stderr, _("Skipping setup of LDAP, as specified")
	return

	- _input = {}
	-
	if conf.with_openldap and not conf.with_ad:
	-
	+ conf.command_set('ldap', 'type', 'openldap')
	conf.command_set('ldap', 'unique_attribute', 'entryuuid')

	fp = open(conf.defaults.config_file, "w+")
	@@ -118,14 +573,70 @@
	return

	elif conf.with_ad and not conf.with_openldap:
	- conf.command_set('ldap', 'auth_attributes', 'samaccountname')
	- conf.command_set('ldap', 'modifytimestamp_format', '%%Y%%m%%d%%H%%M%%S.0Z')
	- conf.command_set('ldap', 'unique_attribute', 'userprincipalname')
	+
	+ if ask_questions:
	+ _input = get_answers()
	+ else:
	+ # Get all the information from config file supplied as CLI -c param
	+ _input['ldap_uri'] = conf.get('ldap', 'ldap_uri')
	+ _input['bind_dn'] = conf.get('ldap', 'bind_dn')
	+ _input['bind_pw'] = conf.get('ldap', 'bind_pw')
	+ _input['service_bind_dn'] = conf.get('ldap', 'service_bind_dn')
	+ _input['service_bind_pw'] = conf.get('ldap', 'service_bind_pw')
	+ _input['user_base_dn'] = conf.get('ldap', 'user_base_dn')
	+ _input['kolab_user_base_dn'] = conf.get('ldap', 'kolab_user_base_dn')
	+ _input['group_base_dn'] = conf.get('ldap', 'group_base_dn')
	+ _input['sharedfolder_base_dn'] = conf.get('ldap', 'sharedfolder_base_dn')
	+ _input['resource_base_dn'] = conf.get('ldap', 'resource_base_dn')
	+ _input['domain_base_dn'] = conf.get('ldap', 'domain_base_dn')
	+ _input['cyrus_admin_password'] = conf.get('cyrus-imap', 'admin_password')
	+
	+ # Things which are specific to AD and are not in config file
	+ _input['kolab_tree_dn'] = "OU=Kolab,%s" % _input['base_dn']
	+ _input['specialuser_base_dn'] = "OU=Special Users,%s" % _input['kolab_tree_dn']
	+ _input['cyrus_admin_dn'] = "CN=Cyrus Admin,%s" % _input['specialuser_base_dn']
	+
	+ conf.command_set('ldap', 'type', 'ad')
	+ conf.command_set('ldap', 'auth_attributes', 'mail, kolabAlias, uid, samaccountname')
	+ conf.command_set('ldap', 'mail_attributes', 'mail, kolabAlias')
	+ conf.command_set('ldap', 'modifytimestamp_format', '%Y%m%d%H%M%S.0Z')
	+ conf.command_set('ldap', 'unique_attribute', 'objectguid')
	+ conf.command_set('ldap', 'sharedfolder_acl_entry_attribute', 'kolabImapACL')
	+ conf.command_set('ldap', 'mailserver_attribute', 'kolabMailhost')
	+ conf.command_set('ldap', 'quota_attribute', 'kolabMailquota')
	+ conf.command_set('ldap', 'group_objectclass', 'group')
	+ conf.command_set('ldap', 'group_member_attr', 'member')

	# TODO: These attributes need to be checked
	- conf.command_set('ldap', 'mail_attributes', 'mail')
	- conf.command_set('ldap', 'mailserver_attributes', 'mailhost')
	- conf.command_set('ldap', 'quota_attribute', 'mailquota')
	+ conf.command_set('ldap', 'ldap_uri', _input['ldap_uri'])
	+ conf.command_set('ldap', 'supported_controls', ldap_get_supported_controls(**_input))
	+ conf.command_set('ldap', 'base_dn', _input['base_dn'])
	+ conf.command_set('ldap', 'bind_dn', _input['bind_dn'])
	+ conf.command_set('ldap', 'bind_pw', _input['bind_pw'])
	+ conf.command_set('ldap', 'service_bind_dn', _input['service_bind_dn'])
	+ conf.command_set('ldap', 'service_bind_pw', _input['service_bind_pw'])
	+ conf.command_set('ldap', 'user_base_dn', _input['user_base_dn'])
	+ conf.command_set('ldap', 'kolab_user_base_dn', _input['kolab_user_base_dn'])
	+ conf.command_set('ldap', 'group_base_dn', _input['group_base_dn'])
	+ conf.command_set('ldap', 'sharedfolder_base_dn', _input['sharedfolder_base_dn'])
	+ conf.command_set('ldap', 'resource_base_dn', _input['resource_base_dn'])
	+ conf.command_set('ldap', 'domain_base_dn', _input['domain_base_dn'])
	+
	+ conf.command_set('kolab', 'primary_domain', _input['domain'])
	+ conf.command_set('cyrus-imap', 'admin_password', _input['cyrus_admin_password'])
	+
	+ _input['confirm'] = ask_questions
	+
	+ ad_schema_import(**_input)
	+
	+ templates = ['kolab-ad-tree.ldif.j2', 'kolab-ad-special-users.ldif.j2', 'kolab-ad-domain.ldif.j2']
	+ for template in templates:
	+ _input['template'] = utils.find_template(file_name=template)
	+
	+ if _input['template'] is not None:
	+ ldap_data_load(**_input)
	+ else:
	+ continue

	return

	@@ -139,6 +650,7 @@

	sys.exit(1)

	+ # This is a point where setup starts cofigure local Directory Server
	# Pre-execution checks
	for path, directories, files in os.walk('/etc/dirsrv/'):
	for direct in directories:
	@@ -155,63 +667,11 @@

	sys.exit(1)

	- _input = {}
	-
	if ask_questions:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Please supply a password for the LDAP administrator user
	- 'admin', used to login to the graphical console of 389
	- Directory server.
	- """)
	- )
	-
	- _input['admin_pass'] = utils.ask_question(
	- _("Administrator password"),
	- default=utils.generate_password(),
	- password=True,
	- confirm=True
	- )
	-
	- if conf.directory_manager_pwd is not None:
	- _input['dirmgr_pass'] = conf.directory_manager_pwd
	- else:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Please supply a password for the LDAP Directory Manager
	- user, which is the administrator user you will be using
	- to at least initially log in to the Web Admin, and that
	- Kolab uses to perform administrative tasks.
	- """)
	- )
	-
	- _input['dirmgr_pass'] = utils.ask_question(
	- _("Directory Manager password"),
	- default=utils.generate_password(),
	- password=True,
	- confirm=True
	- )
	-
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Please choose the system user and group the service
	- should use to run under. These should be existing,
	- unprivileged, local system POSIX accounts with no shell.
	- """)
	- )
	-
	- try:
	- pw = pwd.getpwnam("dirsrv")
	- except:
	- _input['userid'] = utils.ask_question(_("User"), default="nobody")
	- _input['group'] = utils.ask_question(_("Group"), default="nobody")
	- else:
	- _input['userid'] = utils.ask_question(_("User"), default="dirsrv")
	- _input['group'] = utils.ask_question(_("Group"), default="dirsrv")
	-
	+ _input = get_answers()
	else:
	_input['admin_pass'] = conf.get('ldap', 'bind_pw')
	- _input['dirmgr_pass'] = conf.get('ldap', 'bind_pw')
	+ _input['bind_pw'] = conf.get('ldap', 'bind_pw')
	try:
	pw = pwd.getpwnam("dirsrv")
	except:
	@@ -228,101 +688,33 @@
	#
	# TODO^2: This should be confirmed.

	- if conf.fqdn:
	- _input['fqdn'] = conf.fqdn
	- _input['hostname'] = conf.fqdn.split('.')[0]
	- _input['domain'] = '.'.join(conf.fqdn.split('.')[1:])
	- else:
	- _input['fqdn'] = fqdn
	- _input['hostname'] = hostname.split('.')[0]
	- _input['domain'] = domainname
	_input['nodotdomain'] = _input['domain'].replace('.','_')

	- _input['rootdn'] = utils.standard_root_dn(_input['domain'])
	+ _input['ldap_uri'] = 'ldap://localhost:389/'

	- if ask_questions:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- This setup procedure plans to set up Kolab Groupware for
	- the following domain name space. This domain name is
	- obtained from the reverse DNS entry on your network
	- interface. Please confirm this is the appropriate domain
	- name space.
	- """)
	- )
	+ # TODO: Loudly complain if the fqdn does not resolve back to this system.

	- answer = utils.ask_confirmation("%s" % (_input['domain']))
	-
	- if not answer:
	- positive_answer = False
	- while not positive_answer:
	- _input['domain'] = utils.ask_question(_("Domain name to use"))
	- if not _input['domain'] == None and not _input['domain'] == "":
	- positive_answer = True
	- else:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Invalid input. Please try again.
	- """)
	- )
	+ template_file = utils.find_template(file_name='kolab-ds-setup.inf.j2')

	- _input['nodotdomain'] = _input['domain'].replace('.','_')
	- _input['rootdn'] = utils.standard_root_dn(_input['domain'])
	+ if template_file is not None:
	+ log.debug(_("Setup Directory server using %s template") % (template_file), level=8)

	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- The standard root dn we composed for you follows. Please
	- confirm this is the root dn you wish to use.
	- """)
	- )
	+ fpr = open(template_file, 'r')
	+ template_definition = fpr.read()
	+ fpr.close()

	- answer = utils.ask_confirmation("%s" % (_input['rootdn']))
	-
	- if not answer:
	- positive_answer = False
	- while not positive_answer:
	- _input['rootdn'] = utils.ask_question(_("Root DN to use"))
	- if not _input['rootdn'] == None and not _input['rootdn'] == "":
	- positive_answer = True
	- else:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Invalid input. Please try again.
	- """)
	- )
	+ setup_inf_template = Template(template_definition)

	- # TODO: Loudly complain if the fqdn does not resolve back to this system.
	+ log.debug(
	+ _("Successfully compiled template %r, ready to add schema to AD server") % (template_file),
	+ level=8
	+ )

	- data = """
	-[General]
	-FullMachineName = %(fqdn)s
	-SuiteSpotUserID = %(userid)s
	-SuiteSpotGroup = %(group)s
	-AdminDomain = %(domain)s
	-ConfigDirectoryLdapURL = ldap://%(fqdn)s:389/o=NetscapeRoot
	-ConfigDirectoryAdminID = admin
	-ConfigDirectoryAdminPwd = %(admin_pass)s
	-
	-[slapd]
	-SlapdConfigForMC = Yes
	-UseExistingMC = 0
	-ServerPort = 389
	-ServerIdentifier = %(hostname)s
	-Suffix = %(rootdn)s
	-RootDN = cn=Directory Manager
	-RootDNPwd = %(dirmgr_pass)s
	-ds_bename = %(nodotdomain)s
	-AddSampleEntries = No
	-
	-[admin]
	-Port = 9830
	-ServerAdminID = admin
	-ServerAdminPwd = %(admin_pass)s
	-""" % (_input)
	-
	- (fp, filename) = tempfile.mkstemp(dir="/tmp/")
	- os.write(fp, data)
	- os.close(fp)
	+ data = setup_inf_template.render(**_input).__str__()
	+
	+ (fpw, filename) = tempfile.mkstemp(dir="/tmp/")
	+ os.write(fpw, data)
	+ os.close(fpw)

	if os.path.isfile("/usr/sbin/setup-ds-admin.pl"):
	setup_ds_admin = "/usr/sbin/setup-ds-admin.pl"
	@@ -438,53 +830,20 @@
	log.error(_("Could not configure to start on boot, the " + \
	"directory server service."))

	- if ask_questions:
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Please supply a Cyrus Administrator password. This
	- password is used by Kolab to execute administrative
	- tasks in Cyrus IMAP. You may also need the password
	- yourself to troubleshoot Cyrus IMAP and/or perform
	- other administrative tasks against Cyrus IMAP directly.
	- """)
	- )
	-
	- _input['cyrus_admin_pass'] = utils.ask_question(
	- _("Cyrus Administrator password"),
	- default=utils.generate_password(),
	- password=True,
	- confirm=True
	- )
	-
	- print >> sys.stderr, utils.multiline_message(
	- _("""
	- Please supply a Kolab Service account password. This
	- account is used by various services such as Postfix,
	- and Roundcube, as anonymous binds to the LDAP server
	- will not be allowed.
	- """)
	- )
	-
	- _input['kolab_service_pass'] = utils.ask_question(
	- _("Kolab Service password"),
	- default=utils.generate_password(),
	- password=True,
	- confirm=True
	- )
	-
	- else:
	- _input['cyrus_admin_pass'] = conf.get('cyrus-imap', 'admin_password')
	- _input['kolab_service_pass'] = conf.get('ldap', 'service_bind_pw')
	+ if not ask_questions:
	+ _input['cyrus_admin_password'] = conf.get('cyrus-imap', 'admin_password')
	+ _input['service_bind_pw'] = conf.get('ldap', 'service_bind_pw')

	log.info(_("Writing out configuration to kolab.conf"))

	# Write out kolab configuration
	conf.command_set('kolab', 'primary_domain', _input['domain'])
	- conf.command_set('ldap', 'base_dn', _input['rootdn'])
	+ conf.command_set('ldap', 'ldap_uri', _input['ldap_uri'])
	+ conf.command_set('ldap', 'base_dn', _input['base_dn'])
	conf.command_set('ldap', 'bind_dn', 'cn=Directory Manager')
	- conf.command_set('ldap', 'bind_pw', _input['dirmgr_pass'])
	- conf.command_set('ldap', 'service_bind_dn', 'uid=kolab-service,ou=Special Users,%s' % (_input['rootdn']))
	- conf.command_set('ldap', 'service_bind_pw', _input['kolab_service_pass'])
	+ conf.command_set('ldap', 'bind_pw', _input['bind_pw'])
	+ conf.command_set('ldap', 'service_bind_dn', 'uid=kolab-service,ou=Special Users,%s' % (_input['base_dn']))
	+ conf.command_set('ldap', 'service_bind_pw', _input['service_bind_pw'])

	fp = open(conf.defaults.config_file, "w+")
	conf.cfg_parser.write(fp)
	@@ -496,9 +855,9 @@
	auth = Auth(_input['domain'])
	auth.connect()
	auth._auth.connect()
	- auth._auth._bind(bind_dn='cn=Directory Manager', bind_pw=_input['dirmgr_pass'])
	+ auth._auth._bind(bind_dn='cn=Directory Manager', bind_pw=_input['bind_pw'])

	- dn = 'uid=%s,ou=Special Users,%s' % (conf.get('cyrus-imap', 'admin_login'), _input['rootdn'])
	+ dn = 'uid=%s,ou=Special Users,%s' % (conf.get('cyrus-imap', 'admin_login'), _input['base_dn'])

	# A dict to help build the "body" of the object
	attrs = {}
	@@ -507,7 +866,7 @@
	attrs['givenname'] = "Cyrus"
	attrs['surname'] = "Administrator"
	attrs['cn'] = "Cyrus Administrator"
	- attrs['userPassword'] = _input['cyrus_admin_pass']
	+ attrs['userPassword'] = _input['cyrus_admin_password']

	# Convert our dict to nice syntax for the add-function using modlist-module
	ldif = ldap.modlist.addModlist(attrs)
	@@ -515,9 +874,9 @@
	# Do the actual synchronous add-operation to the ldapserver
	auth._auth.ldap.add_s(dn, ldif)

	- conf.command_set('cyrus-imap', 'admin_password', _input['cyrus_admin_pass'])
	+ conf.command_set('cyrus-imap', 'admin_password', _input['cyrus_admin_password'])

	- dn = 'uid=kolab-service,ou=Special Users,%s' % (_input['rootdn'])
	+ dn = 'uid=kolab-service,ou=Special Users,%s' % (_input['base_dn'])

	# A dict to help build the "body" of the object
	attrs = {}
	@@ -526,7 +885,7 @@
	attrs['givenname'] = "Kolab"
	attrs['surname'] = "Service"
	attrs['cn'] = "Kolab Service"
	- attrs['userPassword'] = _input['kolab_service_pass']
	+ attrs['userPassword'] = _input['service_bind_pw']
	attrs['nslookthroughlimit'] = '-1'
	attrs['nssizelimit'] = '-1'
	attrs['nstimelimit'] = '-1'
	@@ -538,7 +897,7 @@
	# Do the actual synchronous add-operation to the ldapserver
	auth._auth.ldap.add_s(dn, ldif)

	- dn = 'ou=Resources,%s' % (_input['rootdn'])
	+ dn = 'ou=Resources,%s' % (_input['base_dn'])

	# A dict to help build the "body" of the object
	attrs = {}
	@@ -551,7 +910,7 @@
	# Do the actual synchronous add-operation to the ldapserver
	auth._auth.ldap.add_s(dn, ldif)

	- dn = 'ou=Shared Folders,%s' % (_input['rootdn'])
	+ dn = 'ou=Shared Folders,%s' % (_input['base_dn'])

	# A dict to help build the "body" of the object
	attrs = {}
	@@ -572,7 +931,7 @@
	attrs = {}
	attrs['objectclass'] = ['top','extensibleobject']
	attrs['cn'] = "kolab"
	- attrs['aci'] = '(targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,%s");)' % (_input['rootdn'])
	+ attrs['aci'] = '(targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,%s");)' % (_input['base_dn'])

	# Convert our dict to nice syntax for the add-function using modlist-module
	ldif = ldap.modlist.addModlist(attrs)
	@@ -596,13 +955,13 @@
	attrs['associateddomain'].pop(attrs['associateddomain'].index(_input['domain']))
	attrs['associateddomain'] = [ _input['domain'] ] + attrs['associateddomain']

	- attrs['aci'] = '(targetattr = "") (version 3.0;acl "Read Access for %(domain)s Users";allow (read,compare,search)(userdn = "ldap:///%(rootdn)s??sub?(objectclass=)");)' % (_input)
	+ attrs['aci'] = '(targetattr = "") (version 3.0;acl "Read Access for %(domain)s Users";allow (read,compare,search)(userdn = "ldap:///%(base_dn)s??sub?(objectclass=)");)' % (_input)

	# Add inetdomainbasedn in case the configured root dn is not the same as the
	# standard root dn for the domain name configured
	- if not _input['rootdn'] == utils.standard_root_dn(_input['domain']):
	+ if not _input['base_dn'] == utils.standard_root_dn(_input['domain']):
	attrs['objectclass'].append('inetdomain')
	- attrs['inetdomainbasedn'] = _input['rootdn']
	+ attrs['inetdomainbasedn'] = _input['base_dn']

	ldif = ldap.modlist.addModlist(attrs)
	auth._auth.ldap.add_s(dn, ldif)
	@@ -644,7 +1003,7 @@

	# Add kolab-admin role
	log.info(_("Adding the kolab-admin role"))
	- dn = "cn=kolab-admin,%s" % (_input['rootdn'])
	+ dn = "cn=kolab-admin,%s" % (_input['base_dn'])
	attrs = {}
	attrs['description'] = "Kolab Administrator"
	attrs['objectClass'] = ['top','ldapsubentry','nsroledefinition','nssimpleroledefinition','nsmanagedroledefinition']
	@@ -654,8 +1013,8 @@
	auth._auth.ldap.add_s(dn, ldif)

	# User writeable attributes on root_dn
	- log.info(_("Setting access control to %s") % (_input['rootdn']))
	- dn = _input['rootdn']
	+ log.info(_("Setting access control to %s") % (_input['base_dn']))
	+ dn = _input['base_dn']
	aci = []

	if schema_error:
	@@ -663,7 +1022,7 @@
	else:
	aci.append('(targetattr = "carLicense \|\| description \|\| displayName \|\| facsimileTelephoneNumber \|\| homePhone \|\| homePostalAddress \|\| initials \|\| jpegPhoto \|\| l \|\| labeledURI \|\| mobile \|\| o \|\| pager \|\| photo \|\| postOfficeBox \|\| postalAddress \|\| postalCode \|\| preferredDeliveryMethod \|\| preferredLanguage \|\| registeredAddress \|\| roomNumber \|\| secretary \|\| seeAlso \|\| st \|\| street \|\| telephoneNumber \|\| telexNumber \|\| title \|\| userCertificate \|\| userPassword \|\| userSMIMECertificate \|\| x500UniqueIdentifier \|\| kolabDelegate \|\| kolabInvitationPolicy \|\| kolabAllowSMTPSender") (version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)')

	- aci.append('(targetattr = "*") (version 3.0;acl "Directory Administrators Group";allow (all)(groupdn = "ldap:///cn=Directory Administrators,%(rootdn)s" or roledn = "ldap:///cn=kolab-admin,%(rootdn)s");)' % (_input))
	+ aci.append('(targetattr = "*") (version 3.0;acl "Directory Administrators Group";allow (all)(groupdn = "ldap:///cn=Directory Administrators,%(base_dn)s" or roledn = "ldap:///cn=kolab-admin,%(base_dn)s");)' % (_input))
	aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)')
	aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";)')
	aci.append('(targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%(hostname)s,cn=389 Directory Server,cn=Server Group,cn=%(fqdn)s,ou=%(domain)s,o=NetscapeRoot";)' % (_input))
	diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
	--- a/pykolab/setup/setup_mta.py
	+++ b/pykolab/setup/setup_mta.py
	@@ -18,7 +18,7 @@
	#

	from augeas import Augeas
	-from Cheetah.Template import Template
	+from jinja2 import Template
	import os
	import shutil
	import subprocess
	@@ -42,206 +42,38 @@

	def execute(args, *kw):

	- group_filter = conf.get('ldap','kolab_group_filter')
	- if group_filter == None:
	- group_filter = conf.get('ldap','group_filter')
	-
	- user_filter = conf.get('ldap','kolab_user_filter')
	- if user_filter == None:
	- user_filter = conf.get('ldap','user_filter')
	-
	- resource_filter = conf.get('ldap', 'resource_filter')
	-
	- sharedfolder_filter = conf.get('ldap', 'sharedfolder_filter')
	-
	- server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1]
	-
	- files = {
	- "/etc/postfix/ldap/local_recipient_maps.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(\|%(kolab_user_filter)s%(kolab_group_filter)s%(resource_filter)s%(sharedfolder_filter)s))
	-result_attribute = mail
	-""" % {
	- "base_dn": conf.get('ldap', 'base_dn'),
	- "server_host": server_host,
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- "kolab_user_filter": user_filter,
	- "kolab_group_filter": group_filter,
	- "resource_filter": resource_filter,
	- "sharedfolder_filter": sharedfolder_filter,
	- },
	- "/etc/postfix/ldap/mydestination.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(domain_base_dn)s
	-scope = sub
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = %(domain_filter)s
	-result_attribute = %(domain_name_attribute)s
	-""" % {
	- "server_host": server_host,
	- "domain_base_dn": conf.get('ldap', 'domain_base_dn'),
	- "domain_filter": conf.get('ldap', 'domain_filter').replace('*', '%s'),
	- "domain_name_attribute": conf.get('ldap', 'domain_name_attribute'),
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/mailenabled_distgroups.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(group_base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-# This finds the mail enabled distribution group LDAP entry
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectclass=groupofuniquenames)(!(objectclass=groupofurls)))
	-# From this type of group, get all uniqueMember DNs
	-special_result_attribute = uniqueMember
	-# Only from those DNs, get the mail
	-result_attribute =
	-leaf_result_attribute = mail
	-""" % {
	- "server_host": server_host,
	- "group_base_dn": conf.get('ldap', 'group_base_dn'),
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(group_base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-# This finds the mail enabled dynamic distribution group LDAP entry
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectClass=groupOfURLs))
	-# From this type of group, get all memberURL searches/references
	-special_result_attribute = memberURL
	-# Only from those DNs, get the mail
	-result_attribute =
	-leaf_result_attribute = mail
	-""" % {
	- "server_host": server_host,
	- "group_base_dn": conf.get('ldap', 'group_base_dn'),
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/transport_maps.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = (&(\|(mailAlternateAddress=%%s)(alias=%%s)(mail=%%s))(objectclass=kolabinetorgperson))
	-result_attribute = mail
	-result_format = lmtp:unix:/var/lib/imap/socket/lmtp
	-""" % {
	- "base_dn": conf.get('ldap', 'base_dn'),
	- "server_host": server_host,
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/virtual_alias_maps.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(objectclass=kolabinetorgperson))
	-result_attribute = mail
	-""" % {
	- "base_dn": conf.get('ldap', 'base_dn'),
	- "server_host": server_host,
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*))
	-result_attribute = mailForwardingAddress
	-""" % {
	- "base_dn": conf.get('ldap', 'base_dn'),
	- "server_host": server_host,
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- "/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf": """
	-server_host = %(server_host)s
	-server_port = 389
	-version = 3
	-search_base = %(base_dn)s
	-scope = sub
	-
	-domain = ldap:/etc/postfix/ldap/mydestination.cf
	-
	-bind_dn = %(service_bind_dn)s
	-bind_pw = %(service_bind_pw)s
	-
	-query_filter = (&(\|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail))
	-result_attribute = kolabtargetfolder
	-result_format = "shared+%%s"
	-""" % {
	- "base_dn": conf.get('ldap', 'base_dn'),
	- "server_host": server_host,
	- "service_bind_dn": conf.get('ldap', 'service_bind_dn'),
	- "service_bind_pw": conf.get('ldap', 'service_bind_pw'),
	- },
	- }
	+ postfix_ldap_dir = '/etc/postfix/ldap'
	+ if not os.path.isdir(postfix_ldap_dir):
	+ os.mkdir(postfix_ldap_dir, 0770)

	- if not os.path.isdir('/etc/postfix/ldap'):
	- os.mkdir('/etc/postfix/ldap/', 0770)
	+ # Get ldap config section into dictionary with interpolation
	+ config_ldap_dict = {
	+ 'ldap': dict(conf.cfg_parser.items('ldap', raw=False))
	+ }

	- for filename in files.keys():
	- fp = open(filename, 'w')
	- fp.write(files[filename])
	- fp.close()
	+ postfix_lookup_tables = (
	+ 'local_recipient_maps.cf',
	+ 'mydestination.cf',
	+ 'mailenabled_distgroups.cf',
	+ 'mailenabled_dynamic_distgroups.cf',
	+ 'transport_maps.cf',
	+ 'virtual_alias_maps.cf',
	+ 'virtual_alias_maps_mailforwarding.cf',
	+ 'virtual_alias_maps_sharedfolders.cf'
	+ )
	+
	+ for lookup_table in postfix_lookup_tables:
	+ try:
	+ with open(utils.find_template("%s.j2" % lookup_table)) as _template_def:
	+ compiled_template = Template(_template_def.read())
	+
	+ with open(os.path.join(postfix_ldap_dir, lookup_table), 'w') as _template_dest:
	+ _template_dest.write(compiled_template.render(**config_ldap_dict))
	+
	+ log.debug(_("Saved Postfix LDAP lookup table: %s") % _template_dest.name, level=8)
	+ except Exception, errmsg:
	+ log.error(_("Failed to save Postfix LDAP lookup table: %s") % errmsg)
	+ continue

	fp = open('/etc/postfix/transport', 'a')
	fp.write("\n# Shared Folder Delivery for %(domain)s:\nshared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp\n" % {'domain': conf.get('kolab', 'primary_domain')})
	@@ -327,27 +159,19 @@
	else:
	postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'

	- template_file = None
	+ try:
	+ with open(utils.find_template('master.cf.j2')) as postfix_master_template:
	+ compiled_template = Template(postfix_master_template.read())

	- if os.path.isfile('/etc/kolab/templates/master.cf.tpl'):
	- template_file = '/etc/kolab/templates/master.cf.tpl'
	- elif os.path.isfile('/usr/share/kolab/templates/master.cf.tpl'):
	- template_file = '/usr/share/kolab/templates/master.cf.tpl'
	- elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))):
	- template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))
	+ with open('/etc/postfix/master.cf', 'w') as postfix_master_file:
	+ postfix_master_file.write(compiled_template.render(**postfix_master_settings))

	- if not template_file == None:
	- fp = open(template_file, 'r')
	- template_definition = fp.read()
	- fp.close()
	-
	- t = Template(template_definition, searchList=[postfix_master_settings])
	- fp = open('/etc/postfix/master.cf', 'w')
	- fp.write(t.__str__())
	- fp.close()
	-
	- else:
	- log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf"))
	+ log.debug(_("Saved Postfix /etc/postfix/master.cf file"), level=8)
	+ except Exception, errmsg:
	+ log.error(
	+ _("Could not write out Postfix configuration file /etc/postfix/master.cf: %s") %
	+ errmsg
	+ )
	return

	if os.path.isdir('/etc/postfix/sasl/'):
	@@ -356,18 +180,18 @@
	fp.write("mech_list: plain login\n")
	fp.close()

	+ # Get raw config values for kolab section. Don't need to interpolate
	+ config_kolab_dict = {
	+ 'kolab': dict(conf.cfg_parser.items('kolab', raw=True))
	+ }
	+
	+ # Merge ldap and kolab sections into one dictionalry
	amavisd_settings = {
	- 'ldap_server': '%(server_host)s',
	- 'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),
	- 'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'),
	- 'primary_domain': conf.get('kolab', 'primary_domain'),
	- 'ldap_filter': "(\|(mail=%m)(alias=%m))",
	- 'ldap_base_dn': conf.get('ldap', 'base_dn'),
	'clamdsock': '/var/spool/amavisd/clamd.sock',
	+ 'kolab': config_kolab_dict['kolab'],
	+ 'ldap': config_ldap_dict['ldap']
	}

	- template_file = None
	-
	# On RPM installations, Amavis configuration is contained within a single file.
	amavisconf_paths = [
	"/etc/amavisd.conf",
	@@ -379,38 +203,24 @@
	for amavisconf_path in amavisconf_paths:
	if os.path.isfile(amavisconf_path):
	amavis_conf = amavisconf_path
	- break
	-
	- if os.path.isfile(amavis_conf):
	- if os.path.isfile('/etc/kolab/templates/amavisd.conf.tpl'):
	- template_file = '/etc/kolab/templates/amavisd.conf.tpl'
	- elif os.path.isfile('/usr/share/kolab/templates/amavisd.conf.tpl'):
	- template_file = '/usr/share/kolab/templates/amavisd.conf.tpl'
	- elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))):
	- template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))
	-
	- if not template_file == None:
	- fp = open(template_file, 'r')
	- template_definition = fp.read()
	- fp.close()
	-
	if os.path.isfile('/etc/clamd.d/amavisd.conf'):
	amavisdconf_content = file('/etc/clamd.d/amavisd.conf')
	for line in amavisdconf_content:
	- if line.startswith('LocalSocket'):
	- amavisd_settings['clamdsock'] = line[len('LocalSocket '):].strip()
	-
	- t = Template(template_definition, searchList=[amavisd_settings])
	+ if line.startswith('LocalSocket'):
	+ amavisd_settings['clamdsock'] = line[len('LocalSocket '):].strip()
	+ break

	- fp = None
	- fp = open(amavis_conf, 'w')
	+ if os.path.isfile(amavis_conf):
	+ try:
	+ with open(utils.find_template("%s.j2" % os.path.basename(amavis_conf))) as amavis_conf_template:
	+ compiled_template = Template(amavis_conf_template.read())

	- if not fp == None:
	- fp.write(t.__str__())
	- fp.close()
	+ with open(amavis_conf, 'w') as amavis_conf_file:
	+ amavis_conf_file.write(compiled_template.render(**amavisd_settings))

	- else:
	- log.error(_("Could not write out Amavis configuration file amavisd.conf"))
	+ log.debug(_("Saved Amavisd configuration file %s") % (amavis_conf), level=8)
	+ except Exception, errmsg:
	+ log.error(_("Could not write out Amavisd configuration file %s: %s") % (amavis_conf, errmsg))
	return

	# On APT installations, /etc/amavis/conf.d/ is a directory with many more files.
	@@ -475,7 +285,7 @@
	subprocess.call([
	'/usr/bin/freshclam',
	'--quiet',
	- '--datadir="/var/lib/clamav"'
	+ '--datadir=/var/lib/clamav'
	])

	amavisservice = 'amavisd.service'
	@@ -487,9 +297,6 @@
	if os.path.isfile('/lib/systemd/system/amavis.service'):
	amavisservice = 'amavis.service'

	- if os.path.isfile('/etc/init.d/amavis'):
	- amavisservice = 'amavis.service'
	-
	if os.path.isfile('/usr/lib/systemd/system/clamd.service'):
	clamavservice = 'clamd.service'

	@@ -500,38 +307,36 @@
	clamavservice = 'clamav-daemon.service'

	if os.path.isfile('/bin/systemctl'):
	- subprocess.call(['systemctl', 'restart', 'postfix.service'])
	- subprocess.call(['systemctl', 'restart', amavisservice])
	- subprocess.call(['systemctl', 'restart', clamavservice])
	- subprocess.call(['systemctl', 'restart', 'wallace.service'])
	+ # Reload systemctl daemon in case any service file changed
	+ subprocess.call(['systemctl', 'daemon-reload'])
	+ for _srv in ('postfix.service', amavisservice, clamavservice, 'wallace.service'):
	+ log.debug(_("Restarting %s systemd service ... ") % _srv, level=8)
	+ subprocess.call(['systemctl', 'restart', _srv])
	+ subprocess.call(['systemctl', 'enable', _srv])
	elif os.path.isfile('/sbin/service'):
	- subprocess.call(['service', 'postfix', 'restart'])
	- subprocess.call(['service', 'amavisd', 'restart'])
	- subprocess.call(['service', 'clamd.amavisd', 'restart'])
	- subprocess.call(['service', 'wallace', 'restart'])
	+ for _srv in ('postfix', 'amavisd', 'clamd.amavisd', 'wallace'):
	+ log.debug(_("Restarting %s service ... ") % _srv, level=8)
	+ subprocess.call(['service', _srv, 'restart'])
	+ subprocess.call(['chkconfig', _srv, 'on'])
	elif os.path.isfile('/usr/sbin/service'):
	- subprocess.call(['/usr/sbin/service','postfix','restart'])
	- subprocess.call(['/usr/sbin/service','amavis','restart'])
	- subprocess.call(['/usr/sbin/service','clamav-daemon','restart'])
	- subprocess.call(['/usr/sbin/service','wallace','restart'])
	+ for _srv in ('postfix', 'amavis', 'clamav-daemon', 'wallace'):
	+ log.debug(_("Restarting %s service ... ") % _srv, level=8)
	+ subprocess.call(['/usr/sbin/service', _srv, 'restart'])
	else:
	log.error(_("Could not start the postfix, clamav and amavisd services services."))

	if os.path.isfile('/bin/systemctl'):
	- subprocess.call(['systemctl', 'enable', 'postfix.service'])
	- subprocess.call(['systemctl', 'enable', amavisservice])
	- subprocess.call(['systemctl', 'enable', clamavservice])
	- subprocess.call(['systemctl', 'enable', 'wallace.service'])
	+ for _srv in ('postfix.service', amavisservice, clamavservice, 'wallace.service'):
	+ log.debug(_("Enabling %s systemd service to start on boot") % _srv, level=8)
	+ subprocess.call(['systemctl', 'enable', _srv])
	elif os.path.isfile('/sbin/chkconfig'):
	- subprocess.call(['chkconfig', 'postfix', 'on'])
	- subprocess.call(['chkconfig', 'amavisd', 'on'])
	- subprocess.call(['chkconfig', 'clamd.amavisd', 'on'])
	- subprocess.call(['chkconfig', 'wallace', 'on'])
	+ for _srv in ('postfix', 'amavisd', 'clamd.amavisd', 'wallace'):
	+ log.debug(_("Enabling %s service to start on boot") % _srv, level=8)
	+ subprocess.call(['chkconfig', _srv, 'on'])
	elif os.path.isfile('/usr/sbin/update-rc.d'):
	- subprocess.call(['/usr/sbin/update-rc.d', 'postfix', 'defaults'])
	- subprocess.call(['/usr/sbin/update-rc.d', 'amavis', 'defaults'])
	- subprocess.call(['/usr/sbin/update-rc.d', 'clamav-daemon', 'defaults'])
	- subprocess.call(['/usr/sbin/update-rc.d', 'wallace', 'defaults'])
	+ for _srv in ('postfix', 'amavis', 'clamav-daemon', 'wallace'):
	+ log.debug(_("Enabling %s service to start on boot ") % _srv, level=8)
	+ subprocess.call(['/usr/sbin/update-rc.d', _srv, 'defaults'])
	else:
	log.error(_("Could not configure to start on boot, the " + \
	"postfix, clamav and amavisd services."))
	diff --git a/pykolab/utils.py b/pykolab/utils.py
	--- a/pykolab/utils.py
	+++ b/pykolab/utils.py
	@@ -364,7 +364,12 @@
	if _object[key] is None:
	continue

	- val = map(_strip, _object[key])
	+ # Dont run strip anything from attributes which
	+ # hold byte strings
	+ if key.lower() in constants.BINARY_ATTRS:
	+ val = _object[key]
	+ else:
	+ val = map(_strip, _object[key])

	if len(val) == 1:
	result[key.lower()] = ''.join(val)
	@@ -601,3 +606,19 @@
	_other_services.append(service)

	return (_service,_other_services)
	+
	+
	+def find_template(file_name=None):
	+ """
	+ Function to find template file.
	+ """
	+
	+ for template_location in constants.TEMPLATE_LOCATIONS:
	+ if os.path.isfile('%s/%s' % (template_location, file_name)):
	+ template_file = '%s/%s' % (template_location, file_name)
	+ return template_file
	+
	+ import errno
	+ raise IOError(
	+ errno.ENOENT, os.strerror(errno.ENOENT), file_name)
	+ log.error(_("Template %s not found.") % file_name)
	diff --git a/share/templates/amavisd.conf.tpl b/share/templates/amavisd.conf.j2
	copy from share/templates/amavisd.conf.tpl
	copy to share/templates/amavisd.conf.j2
	--- a/share/templates/amavisd.conf.tpl
	+++ b/share/templates/amavisd.conf.j2
	@@ -12,178 +12,178 @@

	# @bypass_virus_checks_maps = (1); # controls running of anti-virus code
	# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
	-# \$bypass_decode_parts = 1; # controls running of decoders&dearchivers
	-
	-\$max_servers = 2; # num of pre-forked children (2..30 is common), -m
	-\$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
	-\$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
	-
	-\$mydomain = '$primary_domain'; # a convenient default for other settings
	-
	-\$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H
	-\$TEMPBASE = "\$MYHOME/tmp"; # working directory, needs to exist, -T
	-\$ENV{TMPDIR} = \$TEMPBASE; # environment variable TMPDIR, used by SA, etc.
	-\$QUARANTINEDIR = undef; # -Q
	-# \$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
	-# \$release_format = 'resend'; # 'attach', 'plain', 'resend'
	-# \$report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf'
	-
	-# \$daemon_chroot_dir = \$MYHOME; # chroot directory or undef, -R
	-
	-\$db_home = "\$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
	-# \$helpers_home = "\$MYHOME/var"; # working directory for SpamAssassin, -S
	-\$lock_file = "/var/run/amavisd/amavisd.lock"; # -L
	-\$pid_file = "/var/run/amavisd/amavisd.pid"; # -P
	-#NOTE: create directories \$MYHOME/tmp, \$MYHOME/var, \$MYHOME/db manually
	-
	-\$log_level = 9; # verbosity 0..5, -d
	-\$log_recip_templ = undef; # disable by-recipient level-0 log entries
	-\$DO_SYSLOG = 1; # log via syslogd (preferred)
	-\$syslog_facility = 'mail'; # Syslog facility as a string
	+# $bypass_decode_parts = 1; # controls running of decoders&dearchivers
	+
	+$max_servers = 2; # num of pre-forked children (2..30 is common), -m
	+$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
	+$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
	+
	+$mydomain = '{{ kolab.primary_domain }}'; # a convenient default for other settings
	+
	+$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H
	+$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
	+$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
	+$QUARANTINEDIR = undef; # -Q
	+# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
	+# $release_format = 'resend'; # 'attach', 'plain', 'resend'
	+# $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf'
	+
	+# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
	+
	+$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
	+# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S
	+$lock_file = "/var/run/amavisd/amavisd.lock"; # -L
	+$pid_file = "/var/run/amavisd/amavisd.pid"; # -P
	+#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
	+
	+$log_level = 3; # verbosity 0..5, -d
	+$log_recip_templ = undef; # disable by-recipient level-0 log entries
	+$DO_SYSLOG = 1; # log via syslogd (preferred)
	+$syslog_facility = 'mail'; # Syslog facility as a string
	# e.g.: mail, daemon, user, local0, ... local7
	-\$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
	+$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
	# choose from: emerg, alert, crit, err, warning, notice, info, debug

	-\$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
	-\$enable_global_cache = 1; # enable use of libdb-based cache if \$enable_db=1
	-\$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
	-\$enable_dkim_verification = 1; # enable DKIM signatures verification
	-\$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
	+$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
	+$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
	+$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
	+$enable_dkim_verification = 1; # enable DKIM signatures verification
	+$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key

	-\$enable_ldap = 1;
	-\$default_ldap = {
	- hostname => [ 'localhost' ],
	+$enable_ldap = 1;
	+$default_ldap = {
	+ hostname => [ '{{ ldap.ldap_uri}}' ],
	version => 3,
	timeout => 5,
	tls => 0,
	- base => '$ldap_base_dn',
	- query_filter => '$ldap_filter',
	- bind_dn => '$ldap_bind_dn',
	- bind_password => '$ldap_bind_pw'
	+ base => '{{ ldap.base_dn }}',
	+ query_filter => '(\|{% for item in ldap.mail_attributes.split(',') -%}({{ item \| trim }}=%m){% endfor -%})',
	+ bind_dn => '{{ ldap.service_bind_dn }}',
	+ bind_password => '{{ ldap.service_bind_pw }}'
	};

	-@local_domains_maps = ( [".\$mydomain"] ); # list of all local domains
	+@local_domains_maps = ( [".$mydomain"] ); # list of all local domains

	@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
	10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

	-\$unix_socketname = "\$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
	- # option(s) -p overrides \$inet_socket_port and \$unix_socketname
	+$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
	+ # option(s) -p overrides $inet_socket_port and $unix_socketname

	-\$inet_socket_port = 10024; # listen on this local TCP port(s)
	-# \$inet_socket_port = [10024,10026]; # listen on multiple TCP ports
	+$inet_socket_port = 10024; # listen on this local TCP port(s)
	+# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports

	-\$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
	- originating => 1, # is true in MYNETS by default, but let's make it explicit
	- os_fingerprint_method => undef, # don't query p0f for internal clients
	+$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
	+ originating => 1, # is true in MYNETS by default, but let's make it explicit
	+ os_fingerprint_method => undef, # don't query p0f for internal clients
	};

	# it is up to MTA to re-route mail from authenticated roaming users or
	# from internal hosts to a dedicated TCP port (such as 10026) for filtering
	-\$interface_policy{'10026'} = 'ORIGINATING';
	+$interface_policy{'10026'} = 'ORIGINATING';

	-\$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
	- originating => 1, # declare that mail was submitted by our smtp client
	- allow_disclaimers => 1, # enables disclaimer insertion if available
	+$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
	+ originating => 1, # declare that mail was submitted by our smtp client
	+ allow_disclaimers => 1, # enables disclaimer insertion if available
	# notify administrator of locally originating malware
	- virus_admin_maps => ["virusalert\@\$mydomain"],
	- spam_admin_maps => ["virusalert\@\$mydomain"],
	+ virus_admin_maps => ["virusalert\@$mydomain"],
	+ spam_admin_maps => ["virusalert\@$mydomain"],
	warnbadhsender => 1,
	# forward to a smtpd service providing DKIM signing service
	forward_method => 'smtp:[127.0.0.1]:10027',
	# force MTA conversion to 7-bit (e.g. before DKIM signing)
	smtpd_discard_ehlo_keywords => ['8BITMIME'],
	- bypass_banned_checks_maps => [1], # allow sending any file names and types
	- terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
	+ bypass_banned_checks_maps => [1], # allow sending any file names and types
	+ terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
	};

	-\$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with \$unix_socketname
	+$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname

	# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
	# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
	-\$policy_bank{'AM.PDP-SOCK'} = {
	+$policy_bank{'AM.PDP-SOCK'} = {
	protocol => 'AM.PDP',
	- auth_required_release => 0, # do not require secret_id for amavisd-release
	+ auth_required_release => 0, # do not require secret_id for amavisd-release
	};

	-\$sa_tag_level_deflt = -10; # add spam info headers if at, or above that level
	-\$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
	-\$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
	-\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
	-\$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
	-# \$sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
	-\$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
	-\$penpals_threshold_high = \$sa_kill_level_deflt; # don't waste time on hi spam
	-\$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces
	+$sa_tag_level_deflt = -10; # add spam info headers if at, or above that level
	+$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
	+$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
	+$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
	+$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
	+# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
	+$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
	+$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
	+$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces

	-\$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
	-\$sa_local_tests_only = 0; # only tests which do not require internet access?
	+$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
	+$sa_local_tests_only = 0; # only tests which do not require internet access?

	# @lookup_sql_dsn =
	# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
	# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
	-# ["DBI:SQLite:dbname=\$MYHOME/sql/mail_prefs.sqlite", '', ''] );
	+# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
	# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database

	-# \$timestamp_fmt_mysql = 1; # if using MySQL and msgs.time_iso is TIMESTAMP;
	+# $timestamp_fmt_mysql = 1; # if using MySQL and msgs.time_iso is TIMESTAMP;
	# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)

	-\$virus_admin = undef; # notifications recip.
	+$virus_admin = undef; # notifications recip.

	-\$mailfrom_notify_admin = undef; # notifications sender
	-\$mailfrom_notify_recip = undef; # notifications sender
	-\$mailfrom_notify_spamadmin = undef; # notifications sender
	-\$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
	+$mailfrom_notify_admin = undef; # notifications sender
	+$mailfrom_notify_recip = undef; # notifications sender
	+$mailfrom_notify_spamadmin = undef; # notifications sender
	+$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

	@addr_extension_virus_maps = ('virus');
	@addr_extension_banned_maps = ('banned');
	@addr_extension_spam_maps = ('spam');
	@addr_extension_bad_header_maps = ('badh');
	-# \$recipient_delimiter = '+'; # undef disables address extensions altogether
	+# $recipient_delimiter = '+'; # undef disables address extensions altogether
	# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

	-\$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
	-# \$dspam = 'dspam';
	+$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
	+# $dspam = 'dspam';

	-\$MAXLEVELS = 14;
	-\$MAXFILES = 1500;
	-\$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
	-\$MAX_EXPANSION_QUOTA = 30010241024; # bytes (default undef, not enforced)
	+$MAXLEVELS = 14;
	+$MAXFILES = 1500;
	+$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
	+$MAX_EXPANSION_QUOTA = 30010241024; # bytes (default undef, not enforced)

	-\$sa_spam_subject_tag = '*SPAM* ';
	-\$defang_virus = 1; # MIME-wrap passed infected mail
	-\$defang_banned = 1; # MIME-wrap passed mail containing banned name
	+$sa_spam_subject_tag = '*SPAM* ';
	+$defang_virus = 1; # MIME-wrap passed infected mail
	+$defang_banned = 1; # MIME-wrap passed mail containing banned name
	# for defanging bad headers only turn on certain minor contents categories:
	-\$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
	-\$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
	-\$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
	+$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
	+$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
	+$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error


	# OTHER MORE COMMON SETTINGS (defaults may suffice):

	-# \$myhostname = 'host.example.com'; # must be a fully-qualified domain name!
	+# $myhostname = 'host.example.com'; # must be a fully-qualified domain name!

	-# \$notify_method = 'smtp:[127.0.0.1]:10025';
	-# \$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
	+# $notify_method = 'smtp:[127.0.0.1]:10025';
	+# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

	-\$final_virus_destiny = D_DISCARD;
	-\$final_banned_destiny = D_BOUNCE;
	-\$final_spam_destiny = D_DISCARD;
	-\$final_bad_header_destiny = D_BOUNCE;
	-# \$bad_header_quarantine_method = undef;
	+$final_virus_destiny = D_DISCARD;
	+$final_banned_destiny = D_BOUNCE;
	+$final_spam_destiny = D_DISCARD;
	+$final_bad_header_destiny = D_BOUNCE;
	+# $bad_header_quarantine_method = undef;

	-# \$os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl
	+# $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl

	-\#\# hierarchy by which a final setting is chosen:
	-\#\# policy bank (based on port or IP address) -> *_by_ccat
	-\#\# _by_ccat (based on mail contents) -> _maps
	-\#\# *_maps (based on recipient address) -> final configuration value
	+## hierarchy by which a final setting is chosen:
	+## policy bank (based on port or IP address) -> *_by_ccat
	+## _by_ccat (based on mail contents) -> _maps
	+## *_maps (based on recipient address) -> final configuration value


	# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

	-# \$warnbadhsender,
	-# \$warnvirusrecip, \$warnbannedrecip, \$warnbadhrecip, (or @warn*recip_maps)
	+# $warnbadhsender,
	+# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
	#
	# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
	# @bypass_banned_checks_maps, @bypass_header_checks_maps,
	@@ -193,67 +193,67 @@
	#
	# @blacklist_sender_maps, @score_sender_maps,
	#
	-# \$clean_quarantine_method, \$virus_quarantine_to, \$banned_quarantine_to,
	-# \$bad_header_quarantine_to, \$spam_quarantine_to,
	+# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
	+# $bad_header_quarantine_to, $spam_quarantine_to,
	#
	-# \$defang_bad_header, \$defang_undecipherable, \$defang_spam
	+# $defang_bad_header, $defang_undecipherable, $defang_spam


	# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

	@keep_decoded_original_maps = (new_RE(
	- qr'^MAIL\$', # retain full original message for virus checking
	- qr'^MAIL-UNDECIPHERABLE\$', # recheck full mail if it contains undecipherables
	+ qr'^MAIL$', # retain full original message for virus checking
	+ qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
	qr'^(ASCII(?! cpio)\|text\|uuencoded\|xxencoded\|binhex)'i,
	# qr'^Zip archive data', # don't trust Archive::Zip
	));


	-# for \$banned_namepath_re (a new-style of banned table) see amavisd.conf-sample
	+# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample

	-\$banned_filename_re = new_RE(
	+$banned_filename_re = new_RE(

	-\#\## BLOCKED ANYWHERE
	-# qr'^UNDECIPHERABLE\$', # is or contains any undecipherable components
	- qr'^\.(exe-ms\|dll)\$', # banned file(1) types, rudimentary
	-# qr'^\.(exe\|lha\|tnef\|cab\|dll)\$', # banned file(1) types
	+### BLOCKED ANYWHERE
	+# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
	+ qr'^\.(exe-ms\|dll)$', # banned file(1) types, rudimentary
	+# qr'^\.(exe\|lha\|tnef\|cab\|dll)$', # banned file(1) types

	-\#\## BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
	-# [ qr'^\.(gz\|bz2)\$' => 0 ], # allow any in gzip or bzip2
	- [ qr'^\.(rpm\|cpio\|tar)\$' => 0 ], # allow any in Unix-type archives
	+### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
	+# [ qr'^\.(gz\|bz2)$' => 0 ], # allow any in gzip or bzip2
	+ [ qr'^\.(rpm\|cpio\|tar)$' => 0 ], # allow any in Unix-type archives

	- qr'.\.(pif\|scr)\$'i, # banned extensions - rudimentary
	-# qr'^\.zip\$', # block zip type
	+ qr'.\.(pif\|scr)$'i, # banned extensions - rudimentary
	+# qr'^\.zip$', # block zip type

	-\#\## BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
	-# [ qr'^\.(zip\|rar\|arc\|arj\|zoo)\$'=> 0 ], # allow any within these archives
	+### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
	+# [ qr'^\.(zip\|rar\|arc\|arj\|zoo)$'=> 0 ], # allow any within these archives

	- qr'^application/x-msdownload\$'i, # block these MIME types
	- qr'^application/x-msdos-program\$'i,
	- qr'^application/hta\$'i,
	+ qr'^application/x-msdownload$'i, # block these MIME types
	+ qr'^application/x-msdos-program$'i,
	+ qr'^application/hta$'i,

	-# qr'^message/partial\$'i, # rfc2046 MIME type
	-# qr'^message/external-body\$'i, # rfc2046 MIME type
	+# qr'^message/partial$'i, # rfc2046 MIME type
	+# qr'^message/external-body$'i, # rfc2046 MIME type

	-# qr'^(application/x-msmetafile\|image/x-wmf)\$'i, # Windows Metafile MIME type
	-# qr'^\.wmf\$', # Windows Metafile file(1) type
	+# qr'^(application/x-msmetafile\|image/x-wmf)$'i, # Windows Metafile MIME type
	+# qr'^\.wmf$', # Windows Metafile file(1) type

	# block certain double extensions in filenames
	- qr'\.[^./][A-Za-z][^./]\.\s(exe\|vbs\|pif\|scr\|bat\|cmd\|com\|cpl\|dll)[.\s]\$'i,
	+ qr'\.[^./][A-Za-z][^./]\.\s(exe\|vbs\|pif\|scr\|bat\|cmd\|com\|cpl\|dll)[.\s]$'i,

	# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
	# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose

	- qr'.\.(exe\|vbs\|pif\|scr\|cpl)\$'i, # banned extension - basic
	-# qr'.\.(exe\|vbs\|pif\|scr\|cpl\|bat\|cmd\|com)\$'i, # banned extension - basic+cmd
	+ qr'.\.(exe\|vbs\|pif\|scr\|cpl)$'i, # banned extension - basic
	+# qr'.\.(exe\|vbs\|pif\|scr\|cpl\|bat\|cmd\|com)$'i, # banned extension - basic+cmd
	# qr'.\.(ade\|adp\|app\|bas\|bat\|chm\|cmd\|com\|cpl\|crt\|emf\|exe\|fxp\|grp\|hlp\|hta\|
	# inf\|ins\|isp\|js\|jse\|lnk\|mda\|mdb\|mde\|mdw\|mdt\|mdz\|msc\|msi\|msp\|mst\|
	# ops\|pcd\|pif\|prg\|reg\|scr\|sct\|shb\|shs\|vb\|vbe\|vbs\|
	-# wmf\|wsc\|wsf\|wsh)\$'ix, # banned ext - long
	-# qr'.\.(ani\|cur\|ico)\$'i, # banned cursors and icons filename
	-# qr'^\.ani\$', # banned animated cursor file(1) type
	+# wmf\|wsc\|wsf\|wsh)$'ix, # banned ext - long
	+# qr'.\.(ani\|cur\|ico)$'i, # banned cursors and icons filename
	+# qr'^\.ani$', # banned animated cursor file(1) type

	-# qr'.\.(mim\|b64\|bhx\|hqx\|xxe\|uu\|uue)\$'i, # banned extension - WinZip vulnerab.
	+# qr'.\.(mim\|b64\|bhx\|hqx\|xxe\|uu\|uue)$'i, # banned extension - WinZip vulnerab.
	);
	# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
	# and http://www.cknow.com/vtutor/vtextensions.htm
	@@ -264,13 +264,13 @@
	@score_sender_maps = ({ # a by-recipient hash lookup table,
	# results from all matching recipient tables are summed

	-# \#\# per-recipient personal tables (NOTE: positive: black, negative: white)
	+# ## per-recipient personal tables (NOTE: positive: black, negative: white)
	# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],
	# 'user3@example.com' => [{'.ebay.com' => -3.0}],
	# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,
	# '.cleargreen.com' => -5.0}],

	- \#\# site-wide opinions about senders (the '.' matches any recipient)
	+ ## site-wide opinions about senders (the '.' matches any recipient)
	'.' => [ # the _first_ matching sender determines the score boost

	new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
	@@ -362,47 +362,47 @@

	@av_scanners = (

	-# \#\## http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
	+# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
	# ['Sophie',
	# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
	-# qr/(?x)^ 0+ ( : \| [\000\r\n]* \$)/m, qr/(?x)^ 1 ( : \| [\000\r\n]* \$)/m,
	-# qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] \$/m ],
	+# qr/(?x)^ 0+ ( : \| [\000\r\n]* $)/m, qr/(?x)^ 1 ( : \| [\000\r\n]* $)/m,
	+# qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] $/m ],

	-# \#\## http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
	+# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
	# ['Sophos SAVI', \&sophos_savi ],

	-# \#\## http://www.clamav.net/
	+# ### http://www.clamav.net/
	['ClamAV-clamd',
	- \&ask_daemon, ["CONTSCAN {}\n", "$clamdsock"],
	- qr/\bOK\$/m, qr/\bFOUND\$/m,
	- qr/^.?: (?!Infected Archive)(.) FOUND\$/m ],
	+ \&ask_daemon, ["CONTSCAN {}\n", "{{ clamdsock }}"],
	+ qr/\bOK$/m, qr/\bFOUND$/m,
	+ qr/^.?: (?!Infected Archive)(.) FOUND$/m ],
	# # NOTE: run clamd under the same user as amavisd, or run it under its own
	# # uid such as clamav, add user clamav to the amavis group, and then add
	# # AllowSupplementaryGroups to clamd.conf;
	# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
	-# # this entry; when running chrooted one may prefer socket "\$MYHOME/clamd".
	+# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

	-# \#\## http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
	+# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
	# # note that Mail::ClamAV requires perl to be build with threading!
	# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ],

	-# \#\## http://www.openantivirus.org/
	+# ### http://www.openantivirus.org/
	# ['OpenAntiVirus ScannerDaemon (OAV)',
	# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
	# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ],

	-# \#\## http://www.vanja.com/tools/trophie/
	+# ### http://www.vanja.com/tools/trophie/
	# ['Trophie',
	# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
	-# qr/(?x)^ 0+ ( : \| [\000\r\n]* \$)/m, qr/(?x)^ 1 ( : \| [\000\r\n]* \$)/m,
	-# qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] \$/m ],
	+# qr/(?x)^ 0+ ( : \| [\000\r\n]* $)/m, qr/(?x)^ 1 ( : \| [\000\r\n]* $)/m,
	+# qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] $/m ],

	-# \#\## http://www.grisoft.com/
	+# ### http://www.grisoft.com/
	# ['AVG Anti-Virus',
	# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
	# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ],

	-# \#\## http://www.f-prot.com/
	+# ### http://www.f-prot.com/
	# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6
	# \&ask_daemon,
	# ["SCAN FILE {}/*\n", '127.0.0.1:10200'],
	@@ -410,7 +410,7 @@
	# qr/^([1235679]\|1[01345]) \|<[^>:]*(?i)(infected\|suspicious\|unwanted)/m,
	# qr/(?i)<[^>:](?:infected\|suspicious\|unwanted)[^>:]: ([^>]*)>/m ],

	-# \#\## http://www.f-prot.com/
	+# ### http://www.f-prot.com/
	# ['F-Prot f-protd', # old version
	# \&ask_daemon,
	# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
	@@ -420,12 +420,12 @@
	# qr/(?i)<summary[^>]*>infected<\/summary>/m,
	# qr/(?i)<name>(.+)<\/name>/m ],

	-# \#\## http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
	+# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
	# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
	# [pack('N',1). # DRWEBD_SCAN_CMD
	# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
	# pack('N', # path length
	-# length("\$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
	+# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
	# '{}/*'. # path
	# pack('N',0). # content size
	# pack('N',0),
	@@ -439,9 +439,9 @@
	# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm,
	# ],
	# # NOTE: If using amavis-milter, change length to:
	-# # length("\$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
	+# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

	- \#\## http://www.kaspersky.com/ (kav4mailservers)
	+ ### http://www.kaspersky.com/ (kav4mailservers)
	['KasperskyLab AVP - aveclient',
	['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
	'/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
	@@ -452,50 +452,50 @@
	# NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
	# currupted or protected archives are to be handled

	- \#\## http://www.kaspersky.com/
	+ ### http://www.kaspersky.com/
	['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
	'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
	qr/infected: (.+)/m,
	- sub {chdir('/opt/AVP') or die "Can't chdir to AVP: \$!"},
	- sub {chdir(\$TEMPBASE) or die "Can't chdir back to \$TEMPBASE \$!"},
	+ sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
	+ sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
	],

	- \#\## The kavdaemon and AVPDaemonClient have been removed from Kasperky
	- \#\## products and replaced by aveserver and aveclient
	+ ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
	+ ### products and replaced by aveserver and aveclient
	['KasperskyLab AVPDaemonClient',
	[ '/opt/AVP/kavdaemon', 'kavdaemon',
	'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
	'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
	'/opt/AVP/avpdc', 'avpdc' ],
	- "-f=\$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
	+ "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
	# change the startup-script in /etc/init.d/kavd to:
	# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
	# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
	- # adjusting /var/amavis above to match your \$TEMPBASE.
	+ # adjusting /var/amavis above to match your $TEMPBASE.
	# The '-f=/var/amavis' is needed if not running it as root, so it
	# can find, read, and write its pid file, etc., see 'man kavdaemon'.
	# defUnix.prf: there must be an entry "*/var/amavis" (or whatever
	- # directory \$TEMPBASE specifies) in the 'Names=' section.
	+ # directory $TEMPBASE specifies) in the 'Names=' section.
	# cd /opt/AVP/DaemonClients; configure; cd Sample; make
	# cp AvpDaemonClient /opt/AVP/
	- # su - vscan -c "\${PREFIX}/kavdaemon \${DPARMS}"
	+ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

	- \#\## http://www.centralcommand.com/
	+ ### http://www.centralcommand.com/
	['CentralCommand Vexira (new) vascan',
	['vascan','/usr/lib/Vexira/vascan'],
	- "-a s --timeout=60 --temp=\$TEMPBASE -y \$QUARANTINEDIR ".
	+ "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
	"--log=/var/log/vascan.log {}",
	[0,3], [1,2,5],
	qr/(?x)^\s* (?:virus\|iworm\|macro\|mutant\|sequence\|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
	# Adjust the path of the binary and the virus database as needed.
	# 'vascan' does not allow to have the temp directory to be the same as
	# the quarantine directory, and the quarantine option can not be disabled.
	- # If \$QUARANTINEDIR is not used, then another directory must be specified
	+ # If $QUARANTINEDIR is not used, then another directory must be specified
	# to appease 'vascan'. Move status 3 to the second list if password
	# protected files are to be considered infected.

	- \#\## http://www.avira.com/
	- \#\## Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
	+ ### http://www.avira.com/
	+ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
	['Avira AntiVir', ['antivir','vexira'],
	'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:\|VIRUS:/m,
	qr/(?x)^\s* (?: ALERT: \s* (?: \[ \| [^']* ' ) \|
	@@ -503,32 +503,32 @@
	# NOTE: if you only have a demo version, remove -z and add 214, as in:
	# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:\|VIRUS:/,

	- \#\## http://www.commandsoftware.com/
	+ ### http://www.commandsoftware.com/
	['Command AntiVirus for Linux', 'csav',
	'-all -archive -packed {}', [50], [51,52,53],
	qr/Infection: (.+)/m ],

	- \#\## http://www.symantec.com/
	+ ### http://www.symantec.com/
	['Symantec CarrierScan via Symantec CommandLineScanner',
	'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
	- qr/^Files Infected:\s+0\$/m, qr/^Infected\b/m,
	+ qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
	qr/^(?:Info\|Virus Name):\s+(.+)/m ],

	- \#\## http://www.symantec.com/
	+ ### http://www.symantec.com/
	['Symantec AntiVirus Scan Engine',
	'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
	[0], qr/^Infected\b/m,
	qr/^(?:Info\|Virus Name):\s+(.+)/m ],
	# NOTE: check options and patterns to see which entry better applies

	-# \#\## http://www.f-secure.com/products/anti-virus/ version 4.65
	+# ### http://www.f-secure.com/products/anti-virus/ version 4.65
	# ['F-Secure Antivirus for Linux servers',
	# ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
	# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '.
	# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8],
	# qr/(?:infection\|Infected\|Suspected): (.+)/m ],

	- \#\## http://www.f-secure.com/products/anti-virus/ version 5.52
	+ ### http://www.f-secure.com/products/anti-virus/ version 5.52
	['F-Secure Antivirus for Linux servers',
	['/opt/f-secure/fsav/bin/fsav', 'fsav'],
	'--virus-action1=report --archive=yes --auto=yes '.
	@@ -537,13 +537,13 @@
	# NOTE: internal archive handling may be switched off by '--archive=no'
	# to prevent fsav from exiting with status 9 on broken archives

	-# \#\## http://www.avast.com/
	+# ### http://www.avast.com/
	# ['avast! Antivirus daemon',
	# \&ask_daemon, # greets with 220, terminate with QUIT
	# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
	# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ],

	-# \#\## http://www.avast.com/
	+# ### http://www.avast.com/
	# ['avast! Antivirus - Client/Server Version', 'avastlite',
	# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
	# qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
	@@ -553,24 +553,24 @@
	qr/was infected by virus (.+)/m ],
	# see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html

	- \#\## http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
	+ ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
	['CAI eTrust Antivirus', 'etrust-wrapper',
	'-arc -nex -spm h {}', [0], [101],
	qr/is infected by virus: (.+)/m ],
	# NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
	# see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783

	- \#\## http://mks.com.pl/english.html
	+ ### http://mks.com.pl/english.html
	['MkS_Vir for Linux (beta)', ['mks32','mks'],
	'-s {}/*', [0], [1,2],
	qr/--[ \t]*(.+)/m ],

	- \#\## http://mks.com.pl/english.html
	+ ### http://mks.com.pl/english.html
	['MkS_Vir daemon', 'mksscan',
	'-s -q {}', [0], [1..7],
	qr/^... (\S+)/m ],

	-# \#\## http://www.nod32.com/, version v2.52 (old)
	+# ### http://www.nod32.com/, version v2.52 (old)
	# ['ESET NOD32 for Linux Mail servers',
	# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
	# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
	@@ -578,23 +578,23 @@
	# '--action-on-notscanned=accept {}',
	# [0,3], [1,2], qr/virus="([^"]+)"/m ],

	-# \#\## http://www.eset.com/, version v2.7 (old)
	+# ### http://www.eset.com/, version v2.7 (old)
	# ['ESET NOD32 Linux Mail Server - command line interface',
	# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
	# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ],

	-# \#\## http://www.eset.com/, version 2.71.12
	+# ### http://www.eset.com/, version 2.71.12
	# ['ESET Software ESETS Command Line Interface',
	# ['/usr/bin/esets_cli', 'esets_cli'],
	# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ],

	- \#\## http://www.eset.com/, version 3.0
	+ ### http://www.eset.com/, version 3.0
	['ESET Software ESETS Command Line Interface',
	['/usr/bin/esets_cli', 'esets_cli'],
	'--subdir {}', [0], [1,2,3],
	qr/:\saction="(?!accepted)[^"]"\n.:\svirus="([^"]*)"/m ],

	- \#\# http://www.nod32.com/, NOD32LFS version 2.5 and above
	+ ## http://www.nod32.com/, NOD32LFS version 2.5 and above
	['ESET NOD32 for Linux File servers',
	['/opt/eset/nod32/sbin/nod32','nod32'],
	'--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
	@@ -607,12 +607,12 @@
	# ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
	# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ],

	- \#\## http://www.norman.com/products_nvc.shtml
	+ ### http://www.norman.com/products_nvc.shtml
	['Norman Virus Control v5 / Linux', 'nvcc',
	- '-c -l:0 -s -u -temp:\$TEMPBASE {}', [0,10,11], [1,2,14],
	+ '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
	qr/(?i).* virus in .* -> \'(.+)\'/m ],

	- \#\## http://www.pandasoftware.com/
	+ ### http://www.pandasoftware.com/
	['Panda CommandLineSecure 9 for Linux',
	['/opt/pavcl/usr/bin/pavcl','pavcl'],
	'-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
	@@ -626,7 +626,7 @@
	# Please review other options of pavcl, for example:
	# -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies

	-# \#\## http://www.pandasoftware.com/
	+# ### http://www.pandasoftware.com/
	# ['Panda Antivirus for Linux', ['pavcl'],
	# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
	# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
	@@ -639,15 +639,15 @@
	# # NOTE: the command line switches changed with scan engine 8.5 !
	# # (btw, assigning stdin to /dev/null causes RAV to fail)

	- \#\## http://www.nai.com/
	+ ### http://www.nai.com/
	['NAI McAfee AntiVirus (uvscan)', 'uvscan',
	'--secure -rv --mime --summary --noboot - {}', [0], [13],
	qr/(?x) Found (?:
	\ the\ (.+)\ (?:virus\|trojan) \|
	\ (?:virus\|trojan)\ or\ variant\ ([^ ]+) \|
	:\ (.+)\ NOT\ a\ virus)/m,
	- # sub {\$ENV{LD_PRELOAD}='/lib/libc.so.6'},
	- # sub {delete \$ENV{LD_PRELOAD}},
	+ # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
	+ # sub {delete $ENV{LD_PRELOAD}},
	],
	# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
	# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
	@@ -655,72 +655,72 @@
	# NOTE2: to treat encrypted files as viruses replace the [13] with:
	# qr/^\s{5,}(Found\|is password-protected\|.*(virus\|trojan))/

	- \#\## http://www.virusbuster.hu/en/
	+ ### http://www.virusbuster.hu/en/
	['VirusBuster', ['vbuster', 'vbengcl'],
	- "{} -ss -i '*' -log=\$MYHOME/vbuster.log", [0], [1],
	+ "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
	qr/: '(.*)' - Virus/m ],
	# VirusBuster Ltd. does not support the daemon version for the workstation
	# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
	# binaries, some parameters AND return codes have changed (from 3 to 1).
	# See also the new Vexira entry 'vascan' which is possibly related.

	-# \#\## http://www.virusbuster.hu/en/
	+# ### http://www.virusbuster.hu/en/
	# ['VirusBuster (Client + Daemon)', 'vbengd',
	# '-f -log scandir {}', [0], [3],
	# qr/Virus found = (.*);/m ],
	# # HINT: for an infected file it always returns 3,
	# # although the man-page tells a different story

	- \#\## http://www.cyber.com/
	+ ### http://www.cyber.com/
	['CyberSoft VFind', 'vfind',
	- '--vexit {}/*', [0], [23], qr/\#\#==>>>> VIRUS ID: CVDL (.+)/m,
	- # sub {\$ENV{VSTK_HOME}='/usr/lib/vstk'},
	+ '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
	+ # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
	],

	- \#\## http://www.avast.com/
	+ ### http://www.avast.com/
	['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
	'-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],

	- \#\## http://www.ikarus-software.com/
	+ ### http://www.ikarus-software.com/
	['Ikarus AntiVirus for Linux', 'ikarus',
	'{}', [0], [40], qr/Signature (.+) found/m ],

	- \#\## http://www.bitdefender.com/
	+ ### http://www.bitdefender.com/
	['BitDefender', 'bdscan', # new version
	'--action=ignore --no-list {}', qr/^Infected files\s:\s0+(?!\d)/m,
	qr/^(?:Infected files\|Identified viruses\|Suspect files)\s:\s0*[1-9]/m,
	- qr/(?:suspected\|infected)\s:\s(.*)(?:\033\|\$)/m ],
	+ qr/(?:suspected\|infected)\s:\s(.*)(?:\033\|$)/m ],

	- \#\## http://www.bitdefender.com/
	+ ### http://www.bitdefender.com/
	['BitDefender', 'bdc', # old version
	'--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
	qr/^(?:Infected files\|Identified viruses\|Suspect files) :0[1-9]/m,
	- qr/(?:suspected\|infected): (.*)(?:\033\|\$)/m ],
	+ qr/(?:suspected\|infected): (.*)(?:\033\|$)/m ],
	# consider also: --all --nowarn --alev=15 --flev=15. The --all argument may
	# not apply to your version of bdc, check documentation and see 'bdc --help'

	- \#\## ArcaVir for Linux and Unix http://www.arcabit.pl/
	+ ### ArcaVir for Linux and Unix http://www.arcabit.pl/
	['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
	'-v 1 -summary 0 -s {}', [0], [1,2],
	qr/(?:VIR\|WIR):[ \t]*(.+)/m ],

	-# \#\## a generic SMTP-client interface to a SMTP-based virus scanner
	+# ### a generic SMTP-client interface to a SMTP-based virus scanner
	# ['av_smtp', \&ask_av_smtp,
	# ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'],
	-# qr/^2/, qr/^5/, qr/^\s(.?)\s*\$/m ],
	+# qr/^2/, qr/^5/, qr/^\s(.?)\s*$/m ],

	# ['File::Scan', sub {Amavis::AV::ask_av(sub{
	-# use File::Scan; my(\$fn)=@_;
	-# my(\$f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
	-# my(\$vname) = \$f->scan(\$fn);
	-# \$f->error ? (2,"Error: ".\$f->error)
	-# : (\$vname ne '') ? (1,"\$vname FOUND") : (0,"Clean")}, @_) },
	-# ["{}/"], [0], [1], qr/^(.) FOUND\$/m ],
	-
	-# \#\## fully-fledged checker for JPEG marker segments of invalid length
	+# use File::Scan; my($fn)=@_;
	+# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
	+# my($vname) = $f->scan($fn);
	+# $f->error ? (2,"Error: ".$f->error)
	+# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
	+# ["{}/"], [0], [1], qr/^(.) FOUND$/m ],
	+
	+# ### fully-fledged checker for JPEG marker segments of invalid length
	# ['check-jpeg',
	# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
	-# ["{}/"], undef, [1], qr/^(bad jpeg: .)\$/m ],
	+# ["{}/"], undef, [1], qr/^(bad jpeg: .)$/m ],
	# # NOTE: place file JpegTester.pm somewhere where Perl can find it,
	# # for example in /usr/local/lib/perl5/site_perl

	@@ -729,48 +729,48 @@

	@av_scanners_backup = (

	- \#\## http://www.clamav.net/ - backs up clamd or Mail::ClamAV
	+ ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
	['ClamAV-clamscan', 'clamscan',
	- "--stdout --no-summary -r --tempdir=\$TEMPBASE {}",
	- [0], qr/:.\sFOUND\$/m, qr/^.?: (?!Infected Archive)(.*) FOUND\$/m ],
	+ "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
	+ [0], qr/:.\sFOUND$/m, qr/^.?: (?!Infected Archive)(.*) FOUND$/m ],

	- \#\## http://www.f-prot.com/ - backs up F-Prot Daemon, V6
	+ ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6
	['F-PROT Antivirus for UNIX', ['fpscan'],
	'--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10
	[0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
	qr/^\[Found\s+[^\]]\]\s+<([^ \t(>])/m ],

	- \#\## http://www.f-prot.com/ - backs up F-Prot Daemon (old)
	+ ### http://www.f-prot.com/ - backs up F-Prot Daemon (old)
	['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
	'-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8],
	- qr/(?:Infection:\|security risk named) (.+)\|\s+contains\s+(.+)\$/m ],
	+ qr/(?:Infection:\|security risk named) (.+)\|\s+contains\s+(.+)$/m ],

	- \#\## http://www.trendmicro.com/ - backs up Trophie
	+ ### http://www.trendmicro.com/ - backs up Trophie
	['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
	'-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],

	- \#\## http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
	+ ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
	['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier
	['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
	'-path={} -al -go -ot -cn -upn -ok-',
	- [0,32], [1,9,33], qr' infected (?:with\|by)(?: virus)? (.*)\$'m ],
	+ [0,32], [1,9,33], qr' infected (?:with\|by)(?: virus)? (.*)$'m ],

	- \#\## http://www.kaspersky.com/
	+ ### http://www.kaspersky.com/
	['Kaspersky Antivirus v5.5',
	['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
	'/opt/kav/5.5/kav4unix/bin/kavscanner',
	'/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
	'-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
	qr/(?:INFECTED\|WARNING\|SUSPICION\|SUSPICIOUS) (.*)/m,
	-# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: \$!"},
	-# sub {chdir(\$TEMPBASE) or die "Can't chdir back to \$TEMPBASE \$!"},
	+# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
	+# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
	],

	# Commented out because the name 'sweep' clashes with Debian and FreeBSD
	# package/port of an audio editor. Make sure the correct 'sweep' is found
	# in the path when enabling.
	#
	-# \#\## http://www.sophos.com/ - backs up Sophie or SAVI-Perl
	+# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
	# ['Sophos Anti Virus (sweep)', 'sweep',
	# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
	# '--no-reset-atime {}',
	diff --git a/share/templates/amavisd.conf.tpl b/share/templates/amavisd.conf.tpl
	--- a/share/templates/amavisd.conf.tpl
	+++ b/share/templates/amavisd.conf.tpl
	@@ -18,7 +18,7 @@
	\$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
	\$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g

	-\$mydomain = '$primary_domain'; # a convenient default for other settings
	+\$mydomain = '{{ kolab.primary_domain }}'; # a convenient default for other settings

	\$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H
	\$TEMPBASE = "\$MYHOME/tmp"; # working directory, needs to exist, -T
	@@ -373,7 +373,7 @@

	# \#\## http://www.clamav.net/
	['ClamAV-clamd',
	- \&ask_daemon, ["CONTSCAN {}\n", "$clamdsock"],
	+ \&ask_daemon, ["CONTSCAN {}\n", "{{ clamdsock }}"],
	qr/\bOK\$/m, qr/\bFOUND\$/m,
	qr/^.?: (?!Infected Archive)(.) FOUND\$/m ],
	# # NOTE: run clamd under the same user as amavisd, or run it under its own
	diff --git a/share/templates/freshclam.conf.tpl b/share/templates/freshclam.conf.tpl
	--- a/share/templates/freshclam.conf.tpl
	+++ b/share/templates/freshclam.conf.tpl
	@@ -10,7 +10,7 @@

	# Path to the log file (make sure it has proper permissions)
	# Default: disabled
	-UpdateLogFile /var/log/clamav/freshclam.log
	+UpdateLogFile /var/log/freshclam.log

	# Maximum size of the log file.
	# Value of 0 disables the limit.
	diff --git a/share/templates/master.cf.j2 b/share/templates/master.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/share/templates/master.cf.j2
	@@ -0,0 +1,122 @@
	+# Postfix master process configuration file. For details on the format
	+# of the file, see the master(5) manual page (command: "man 5 master").
	+# Do not forget to execute "postfix reload" after editing this file.
	+# ==============================================================================
	+# service type private unpriv chroot wakeup maxproc command
	+# (yes) (yes) (yes) (never) (100) + args
	+# ==============================================================================
	+smtp inet n - n - - smtpd
	+#smtp inet n - n - 1 postscreen
	+#smtpd pass - - n - - smtpd
	+#dnsblog unix - - n - 0 dnsblog
	+#tlsproxy unix - - n - 0 tlsproxy
	+submission inet n - n - - smtpd
	+ -o cleanup_service_name=cleanup_submission
	+ -o syslog_name=postfix/submission
	+ -o smtpd_tls_security_level=encrypt
	+ -o smtpd_sasl_auth_enable=yes
	+ -o smtpd_sasl_authenticated_header=yes
	+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	+ -o smtpd_data_restrictions=$submission_data_restrictions
	+ -o smtpd_recipient_restrictions=$submission_recipient_restrictions
	+ -o smtpd_sender_restrictions=$submission_sender_restrictions
	+
	+#smtps inet n - n - - smtpd
	+# -o syslog_name=postfix/smtps
	+# -o smtpd_tls_wrappermode=yes
	+# -o smtpd_sasl_auth_enable=yes
	+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	+# -o milter_macro_daemon_name=ORIGINATING
	+#628 inet n - n - - qmqpd
	+pickup fifo n - n 60 1 pickup
	+cleanup unix n - n - 0 cleanup
	+ -o header_checks=regexp:/etc/postfix/header_checks.inbound
	+ -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
	+cleanup_internal unix n - n - 0 cleanup
	+ -o header_checks=regexp:/etc/postfix/header_checks.internal
	+ -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
	+cleanup_submission unix n - n - 0 cleanup
	+ -o header_checks=regexp:/etc/postfix/header_checks.submission
	+ -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
	+qmgr fifo n - n 300 1 qmgr
	+#qmgr fifo n - n 300 1 oqmgr
	+tlsmgr unix - - n 1000? 1 tlsmgr
	+rewrite unix - - n - - trivial-rewrite
	+bounce unix - - n - 0 bounce
	+defer unix - - n - 0 bounce
	+trace unix - - n - 0 bounce
	+verify unix - - n - 1 verify
	+flush unix n - n 1000? 0 flush
	+proxymap unix - - n - - proxymap
	+proxywrite unix - - n - 1 proxymap
	+smtp unix - - n - - smtp
	+relay unix - - n - - smtp
	+showq unix n - n - - showq
	+error unix - - n - - error
	+retry unix - - n - - error
	+discard unix - - n - - discard
	+local unix - n n - - local
	+virtual unix - n n - - virtual
	+lmtp unix - - n - - lmtp
	+anvil unix - - n - 1 anvil
	+scache unix - - n - 1 scache
	+
	+# Filter email through Amavisd
	+smtp-amavis unix - - n - 3 smtp
	+ -o smtp_data_done_timeout=1800
	+ -o disable_dns_lookups=yes
	+ -o smtp_send_xforward_command=yes
	+ -o max_use=20
	+ -o smtp_bind_address=127.0.0.1
	+
	+# Listener to re-inject email from Amavisd into Postfix
	+127.0.0.1:10025 inet n - n - 100 smtpd
	+ -o cleanup_service_name=cleanup_internal
	+ -o content_filter=smtp-wallace:[127.0.0.1]:10026
	+ -o local_recipient_maps=
	+ -o relay_recipient_maps=
	+ -o smtpd_restriction_classes=
	+ -o smtpd_client_restrictions=
	+ -o smtpd_helo_restrictions=
	+ -o smtpd_sender_restrictions=
	+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
	+ -o mynetworks=127.0.0.0/8
	+ -o smtpd_authorized_xforward_hosts=127.0.0.0/8
	+
	+# Filter email through Wallace
	+smtp-wallace unix - - n - 3 smtp
	+ -o default_destination_recipient_limit=1
	+ -o smtp_data_done_timeout=1800
	+ -o disable_dns_lookups=yes
	+ -o smtp_send_xforward_command=yes
	+ -o max_use=20
	+
	+# Listener to re-inject email from Wallace into Postfix
	+127.0.0.1:10027 inet n - n - 100 smtpd
	+ -o cleanup_service_name=cleanup_internal
	+ -o content_filter=
	+ -o local_recipient_maps=
	+ -o relay_recipient_maps=
	+ -o smtpd_restriction_classes=
	+ -o smtpd_client_restrictions=
	+ -o smtpd_helo_restrictions=
	+ -o smtpd_sender_restrictions=
	+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
	+ -o mynetworks=127.0.0.0/8
	+ -o smtpd_authorized_xforward_hosts=127.0.0.0/8
	+
	+recipient_policy unix - n n - - spawn
	+ user=kolab-n argv={{ kolab_sap_executable_path }} --verify-recipient
	+
	+recipient_policy_incoming unix - n n - - spawn
	+ user=kolab-n argv={{ kolab_sap_executable_path }} --verify-recipient --allow-unauthenticated
	+
	+sender_policy unix - n n - - spawn
	+ user=kolab-n argv={{ kolab_sap_executable_path }} --verify-sender
	+
	+sender_policy_incoming unix - n n - - spawn
	+ user=kolab-n argv={{ kolab_sap_executable_path }} --verify-sender --allow-unauthenticated
	+
	+submission_policy unix - n n - - spawn
	+ user=kolab-n argv={{ kolab_sap_executable_path }} --verify-sender --verify-recipient
	+
	diff --git a/templates/kolab-ad-domain.ldif.j2 b/templates/kolab-ad-domain.ldif.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/kolab-ad-domain.ldif.j2
	@@ -0,0 +1,13 @@
	+dn: CN={{ domain }},{{ domain_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: domainRelatedObject
	+objectClass: document
	+cn: {{ domain }}
	+distinguishedName: CN={{ domain }},{{ domain_base_dn }}
	+instanceType: 4
	+showInAdvancedViewOnly: TRUE
	+name: {{ domain }}
	+objectCategory: CN=document,CN=Schema,CN=Configuration,{{ base_dn }}
	+associatedDomain: {{ domain }}
	+
	diff --git a/templates/kolab-ad-special-users.ldif.j2 b/templates/kolab-ad-special-users.ldif.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/kolab-ad-special-users.ldif.j2
	@@ -0,0 +1,50 @@
	+dn: {{ cyrus_admin_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: person
	+objectClass: organizationalPerson
	+objectClass: user
	+objectClass: inetOrgPerson
	+cn: Cyrus Admin
	+sn: Administrator
	+description: User for Cyrus IMAP to connect to LDAP
	+givenName: Cyrus
	+distinguishedName: {{ cyrus_admin_dn }}
	+displayName: Cyrus Administrator
	+name: Cyrus Admin
	+codePage: 0
	+countryCode: 0
	+sAMAccountName: cyrus-admin
	+userPrincipalName: cyrus-admin@{{ domain }}
	+objectCategory: CN=Person,CN=Schema,CN=Configuration,{{ base_dn }}
	+uid: cyrus-admin
	+{%- if ad_ldaps %}
	+unicodePwd:: {{ cyrus_admin_password_base64 }}
	+userAccountControl: 66048
	+{% endif %}
	+
	+dn: {{ service_bind_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: person
	+objectClass: organizationalPerson
	+objectClass: user
	+objectClass: inetOrgPerson
	+cn: Kolab Service
	+sn: Service
	+description: User for Kolab to connect to LDAP
	+givenName: Kolab
	+distinguishedName: {{ service_bind_dn }}
	+displayName: Kolab Service
	+name: Kolab Service
	+codePage: 0
	+countryCode: 0
	+sAMAccountName: kolab-service
	+userPrincipalName: kolab-service@{{ domain }}
	+objectCategory: CN=Person,CN=Schema,CN=Configuration,{{ base_dn }}
	+uid: kolab-service
	+{%- if ad_ldaps %}
	+unicodePwd:: {{ service_bind_pw_base64 }}
	+userAccountControl: 66048
	+{% endif %}
	+
	diff --git a/templates/kolab-ad-tree.ldif.j2 b/templates/kolab-ad-tree.ldif.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/kolab-ad-tree.ldif.j2
	@@ -0,0 +1,66 @@
	+dn: {{ kolab_tree_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Kolab
	+description: LDAP tree part for Kolab related data
	+distinguishedName: {{ kolab_tree_dn }}
	+instanceType: 4
	+name: Kolab
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	+dn: {{ domain_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Domains
	+description: Kolab hosted domains
	+distinguishedName: {{ domain_base_dn }}
	+instanceType: 4
	+name: Domains
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	+dn: {{ group_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Groups
	+description: Kolab groups
	+distinguishedName: {{ group_base_dn }}
	+instanceType: 4
	+name: Groups
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	+dn: {{ resource_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Resources
	+description: Kolab resources
	+distinguishedName: {{ resource_base_dn }}
	+instanceType: 4
	+name: Resources
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	+dn: {{ sharedfolder_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Shared Folders
	+description: Kolab shared folders
	+distinguishedName: {{ sharedfolder_base_dn }}
	+instanceType: 4
	+name: Shared Folders
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	+dn: {{ specialuser_base_dn }}
	+changetype: add
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Special Users
	+description: Kolab special users
	+distinguishedName: ${{ specialuser_base_dn }}
	+instanceType: 4
	+name: Special Users
	+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,{{ base_dn }}
	+
	diff --git a/templates/kolab-ds-setup.inf.j2 b/templates/kolab-ds-setup.inf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/kolab-ds-setup.inf.j2
	@@ -0,0 +1,24 @@
	+[General]
	+FullMachineName = {{ fqdn }}
	+SuiteSpotUserID = {{ userid }}
	+SuiteSpotGroup = {{ group }}
	+AdminDomain = {{ domain }}
	+ConfigDirectoryLdapURL = ldap://{{ fqdn }}:389/o=NetscapeRoot
	+ConfigDirectoryAdminID = admin
	+ConfigDirectoryAdminPwd = {{ admin_pass }}
	+
	+[slapd]
	+SlapdConfigForMC = Yes
	+UseExistingMC = 0
	+ServerPort = 389
	+ServerIdentifier = {{ hostname }}
	+Suffix = {{ base_dn }}
	+RootDN = cn=Directory Manager
	+RootDNPwd = {{ bind_pw }}
	+ds_bename = {{ nodotdomain }}
	+AddSampleEntries = No
	+
	+[admin]
	+Port = 9830
	+ServerAdminID = admin
	+ServerAdminPwd = {{ admin_pass }}
	diff --git a/templates/kolab3-ad-schema.ldif.j2 b/templates/kolab3-ad-schema.ldif.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/kolab3-ad-schema.ldif.j2
	@@ -0,0 +1,440 @@
	+dn: CN=kolabAlias,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabAlias
	+distinguishedName: CN=kolabAlias,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.2.1.3
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeLower: 0
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabAlias
	+adminDescription: RFC1274: RFC822 Mailbox
	+oMSyntax: 22
	+lDAPDisplayName: kolabAlias
	+name: kolabAlias
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabDelegate,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabDelegate
	+distinguishedName: CN=kolabDelegate,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.3
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabDelegate
	+adminDescription:
	+ Kolab user allowed to act as delegates - RFC822 Mailbox/Alias
	+oMSyntax: 22
	+lDAPDisplayName: kolabDelegate
	+name: kolabDelegate
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabInvitationPolicy,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabInvitationPolicy
	+distinguishedName:
	+ CN=kolabInvitationPolicy,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.4
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabInvitationPolicy
	+adminDescription: Defines how to respond to invitations
	+oMSyntax: 22
	+lDAPDisplayName: kolabInvitationPolicy
	+name: kolabInvitationPolicy
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabVacationBeginDateTime,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabVacationBeginDateTime
	+distinguishedName:
	+ CN=kolabVacationBeginDateTime,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.8
	+attributeSyntax: 2.5.5.11
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabVacationBeginDateTime
	+adminDescription: Begin date of vacation
	+oMSyntax: 24
	+lDAPDisplayName: kolabVacationBeginDateTime
	+name: kolabVacationBeginDateTime
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabVacationEndDateTime,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabVacationEndDateTime
	+distinguishedName:
	+ CN=kolabVacationEndDateTime,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.9
	+attributeSyntax: 2.5.5.11
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabVacationEndDateTime
	+adminDescription: Specifies the end of vacation time
	+oMSyntax: 24
	+lDAPDisplayName: kolabVacationEndDateTime
	+name: kolabVacationEndDateTime
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabVacationResendInterval,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabVacationResendInterval
	+distinguishedName:
	+ CN=kolabVacationResendInterval,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.10
	+attributeSyntax: 2.5.5.9
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabVacationResendInterval
	+adminDescription: Vacation notice interval in days
	+oMSyntax: 2
	+lDAPDisplayName: kolabVacationResendInterval
	+name: kolabVacationResendInterval
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabVacationAddress,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabVacationAddress
	+distinguishedName:
	+ CN=kolabVacationAddress,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.11
	+attributeSyntax: 2.5.5.5
	+isSingleValued: TRUE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabVacationAddress
	+adminDescription: Email address for vacation to response upon
	+oMSyntax: 22
	+lDAPDisplayName: kolabVacationAddress
	+name: kolabVacationAddress
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabForwardUCE,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabForwardUCE
	+distinguishedName: CN=kolabForwardUCE,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.16
	+attributeSyntax: 2.5.5.8
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabForwardUCE
	+adminDescription: Enable forwarding of mails known as UCE
	+oMSyntax: 1
	+lDAPDisplayName: kolabForwardUCE
	+name: kolabForwardUCE
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabAllowSMTPRecipient,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabAllowSMTPRecipient
	+distinguishedName:
	+ CN=kolabAllowSMTPRecipient,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.18
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeUpper: 512
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabAllowSMTPRecipient
	+adminDescription: SMTP address allowed for destination
	+oMSyntax: 22
	+lDAPDisplayName: kolabAllowSMTPRecipient
	+name: kolabAllowSMTPRecipient
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabAllowSMTPSender,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabAllowSMTPSender
	+distinguishedName:
	+ CN=kolabAllowSMTPSender,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.1.1.1.43
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeUpper: 512
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabAllowSMTPSender
	+adminDescription: SMTP envelope sender address accepted for delivery
	+oMSyntax: 22
	+lDAPDisplayName: kolabAllowSMTPSender
	+name: kolabAllowSMTPSender
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabFolderType,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabFolderType
	+distinguishedName: CN=kolabFolderType,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.2.1.7
	+attributeSyntax: 2.5.5.5
	+isSingleValued: TRUE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabFolderType
	+adminDescription: Type of a kolab folder
	+oMSyntax: 22
	+lDAPDisplayName: kolabFolderType
	+name: kolabFolderType
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabTargetFolder,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabTargetFolder
	+distinguishedName:
	+ CN=kolabTargetFolder,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.2.1.8
	+attributeSyntax: 2.5.5.12
	+isSingleValued: TRUE
	+rangeUpper: 512
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabTargetFolder
	+adminDescription: Target for a Kolab Shared Folder delivery
	+oMSyntax: 64
	+lDAPDisplayName: kolabTargetFolder
	+name: kolabTargetFolder
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabImapACL,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabImapACL
	+distinguishedName: CN=kolabImapACL,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.2.1.651
	+attributeSyntax: 2.5.5.5
	+isSingleValued: FALSE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabImapACL
	+adminDescription: Cyrus IMAP access control lists
	+oMSyntax: 22
	+lDAPDisplayName: kolabImapACL
	+name: kolabImapACL
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabDescAttribute,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabDescAttribute
	+distinguishedName:
	+ CN=kolabDescAttribute,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.3.1.1
	+attributeSyntax: 2.5.5.5
	+isSingleValued: TRUE
	+rangeUpper: 256
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabDescAttribute
	+adminDescription: Descriptive attribute or parameter for a Resource
	+oMSyntax: 22
	+lDAPDisplayName: kolabDescAttribute
	+name: kolabDescAttribute
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabMailHost,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabMailHost
	+distinguishedName: CN=kolabMailHost,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.3.1.2
	+attributeSyntax: 2.5.5.4
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabMailHost
	+adminDescription::
	+ TWFpbCBob3N0IHdoZXJlIEtvbGFiIHVzZXIsIHNoYXJlZCBmb2xkZXIgLyByZXNvdXJjZSByZXNpZG
	+ VzIG9uIA==
	+oMSyntax: 20
	+lDAPDisplayName: kolabMailHost
	+name: kolabMailHost
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabMailQuota,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: attributeSchema
	+cn: kolabMailQuota
	+distinguishedName: CN=kolabMailQuota,{{ ad_schema_naming_context }}
	+instanceType: 4
	+attributeID: 1.3.6.1.4.1.19414.3.1.3
	+attributeSyntax: 2.5.5.4
	+isSingleValued: TRUE
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabMailQuota
	+adminDescription: Kolab mailbox quota limit.
	+oMSyntax: 20
	+lDAPDisplayName: kolabMailQuota
	+name: kolabMailQuota
	+objectCategory: CN=Attribute-Schema,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabSharedFolder,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: classSchema
	+cn: kolabSharedFolder
	+distinguishedName:
	+ CN=kolabSharedFolder,{{ ad_schema_naming_context }}
	+instanceType: 4
	+subClassOf: top
	+governsID: 1.3.6.1.4.1.19414.2.2.9
	+mustContain: cn
	+mayContain: owner
	+mayContain: kolabImapAcl
	+mayContain: kolabAlias
	+mayContain: kolabAllowSMTPRecipient
	+mayContain: kolabAllowSMTPSender
	+mayContain: kolabDelegate
	+mayContain: kolabFolderType
	+mayContain: kolabMailHost
	+mayContain: kolabTargetFolder
	+rDNAttID: cn
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabSharedFolder
	+adminDescription: Kolab public shared folder
	+objectClassCategory: 3
	+lDAPDisplayName: kolabSharedFolder
	+name: kolabSharedFolder
	+systemOnly: FALSE
	+defaultSecurityDescriptor:
	+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
	+ (A;;RPLCLORC;;;AU)
	+objectCategory: CN=Class-Schema,{{ ad_schema_naming_context }}
	+defaultObjectCategory:
	+ CN=kolabSharedFolder,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabInetOrgPerson,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: classSchema
	+cn: kolabInetOrgPerson
	+distinguishedName:
	+ CN=kolabInetOrgPerson,{{ ad_schema_naming_context }}
	+instanceType: 4
	+subClassOf: top
	+governsID: 1.3.6.1.4.1.19414.3.2.2
	+mayContain: kolabAlias
	+mayContain: kolabAllowSMTPRecipient
	+mayContain: kolabAllowSMTPSender
	+mayContain: kolabDelegate
	+mayContain: kolabForwardUCE
	+mayContain: kolabInvitationPolicy
	+mayContain: kolabMailHost
	+mayContain: kolabMailQuota
	+mayContain: kolabVacationAddress
	+mayContain: kolabVacationBeginDateTime
	+mayContain: kolabVacationEndDateTime
	+mayContain: kolabVacationResendInterval
	+rDNAttID: cn
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabInetOrgPerson
	+adminDescription: Kolab Internet Organizational Person
	+objectClassCategory: 3
	+lDAPDisplayName: kolabInetOrgPerson
	+name: kolabInetOrgPerson
	+systemOnly: FALSE
	+defaultSecurityDescriptor:
	+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
	+ (A;;RPLCLORC;;;AU)
	+objectCategory: CN=Class-Schema,{{ ad_schema_naming_context }}
	+defaultObjectCategory:
	+ CN=kolabInetOrgPerson,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabGroupOfUniqueNames,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: classSchema
	+cn: kolabGroupOfUniqueNames
	+distinguishedName:
	+ CN=kolabGroupOfUniqueNames,{{ ad_schema_naming_context }}
	+instanceType: 4
	+subClassOf: top
	+governsID: 1.3.6.1.4.1.19414.3.2.8
	+mayContain: kolabAlias
	+mayContain: kolabAllowSMTPRecipient
	+mayContain: kolabAllowSMTPSender
	+mayContain: kolabDelegate
	+rDNAttID: cn
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabGroupOfUniqueNames
	+adminDescription: Kolab group of names (DNs) derived from RFC2256
	+objectClassCategory: 3
	+lDAPDisplayName: kolabGroupOfUniqueNames
	+name: kolabGroupOfUniqueNames
	+systemOnly: FALSE
	+defaultSecurityDescriptor:
	+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
	+ (A;;RPLCLORC;;;AU)
	+objectCategory: CN=Class-Schema,{{ ad_schema_naming_context }}
	+defaultObjectCategory:
	+ CN=kolabGroupOfUniqueNames,{{ ad_schema_naming_context }}
	+
	+dn: CN=kolabResource,{{ ad_schema_naming_context }}
	+changetype: add
	+objectClass: top
	+objectClass: classSchema
	+cn: kolabResource
	+distinguishedName: CN=kolabResource,{{ ad_schema_naming_context }}
	+instanceType: 4
	+subClassOf: top
	+governsID: 1.3.6.1.4.1.19414.3.2.9
	+mayContain: description
	+mayContain: kolabDescAttribute
	+mayContain: kolabInvitationPolicy
	+mayContain: owner
	+rDNAttID: cn
	+showInAdvancedViewOnly: TRUE
	+adminDisplayName: kolabResource
	+adminDescription: Kolab resource
	+objectClassCategory: 3
	+lDAPDisplayName: kolabResource
	+name: kolabResource
	+systemOnly: FALSE
	+defaultSecurityDescriptor:
	+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
	+ (A;;RPLCLORC;;;AU)
	+objectCategory: CN=Class-Schema,{{ ad_schema_naming_context }}
	+defaultObjectCategory:
	+ CN=kolabResource,{{ ad_schema_naming_context }}
	+-
	diff --git a/templates/local_recipient_maps.cf.j2 b/templates/local_recipient_maps.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/local_recipient_maps.cf.j2
	@@ -0,0 +1,26 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (\|
	+ {{ ldap.kolab_user_filter }}
	+ {{ ldap.kolab_group_filter }}
	+ {{ ldap.resource_filter }}
	+ {{ ldap.sharedfolder_filter }}
	+ )
	+ )
	+
	+result_attribute = mail
	diff --git a/templates/mailenabled_distgroups.cf.j2 b/templates/mailenabled_distgroups.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/mailenabled_distgroups.cf.j2
	@@ -0,0 +1,30 @@
	+server_host = {{ ldap.ldap_uri }}
	+server_port = 389
	+version = 3
	+search_base = {{ ldap.group_base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+# This finds the mail enabled distribution group LDAP entry
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectClass=kolabgroupofuniquenames)
	+ (objectclass={{ ldap.group_objectclass }})
	+ (!(objectclass=groupofurls))
	+ )
	+
	+# From this type of group, get all uniqueMember DNs
	+special_result_attribute = {{ ldap.group_member_attr }}
	+
	+# Only from those DNs, get the mail
	+result_attribute =
	+leaf_result_attribute = mail
	diff --git a/templates/mailenabled_dynamic_distgroups.cf.j2 b/templates/mailenabled_dynamic_distgroups.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/mailenabled_dynamic_distgroups.cf.j2
	@@ -0,0 +1,28 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.group_base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+# This finds the mail enabled dynamic distribution group LDAP entry
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectClass=kolabgroupofuniquenames)
	+ (objectClass=groupOfURLs)
	+ )
	+
	+# From this type of group, get all memberURL searches/references
	+special_result_attribute = memberURL
	+
	+# Only from those DNs, get the mail
	+result_attribute =
	+leaf_result_attribute = mail
	diff --git a/templates/mydestination.cf.j2 b/templates/mydestination.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/mydestination.cf.j2
	@@ -0,0 +1,10 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.domain_base_dn }}
	+scope = sub
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter = {{ ldap.domain_filter \| replace('*', '%s') }}
	+result_attribute = {{ ldap.domain_name_attribute }}
	diff --git a/templates/transport_maps.cf.j2 b/templates/transport_maps.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/transport_maps.cf.j2
	@@ -0,0 +1,23 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter =
	+ (&
	+ (\|
	+ (mailAlternateAddress=%%s)
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectclass=kolabinetorgperson)
	+ )
	+
	+result_attribute = mail
	+result_format = lmtp:unix:/var/lib/imap/socket/lmtp
	diff --git a/templates/virtual_alias_maps.cf.j2 b/templates/virtual_alias_maps.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/virtual_alias_maps.cf.j2
	@@ -0,0 +1,20 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectclass=kolabinetorgperson)
	+ )
	+result_attribute = mail
	diff --git a/templates/virtual_alias_maps_mailforwarding.cf.j2 b/templates/virtual_alias_maps_mailforwarding.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/virtual_alias_maps_mailforwarding.cf.j2
	@@ -0,0 +1,23 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectclass=mailRecipient)
	+ (objectclass=inetOrgPerson)
	+ (mailforwardingaddress=*)
	+ )
	+
	+result_attribute = mailForwardingAddress
	diff --git a/templates/virtual_alias_maps_sharedfolders.cf.j2 b/templates/virtual_alias_maps_sharedfolders.cf.j2
	new file mode 100644
	--- /dev/null
	+++ b/templates/virtual_alias_maps_sharedfolders.cf.j2
	@@ -0,0 +1,23 @@
	+server_host = {{ ldap.ldap_uri }}
	+version = 3
	+search_base = {{ ldap.base_dn }}
	+scope = sub
	+
	+domain = ldap:/etc/postfix/ldap/mydestination.cf
	+
	+bind_dn = {{ ldap.service_bind_dn }}
	+bind_pw = {{ ldap.service_bind_pw }}
	+
	+query_filter =
	+ (&
	+ (\|
	+ {% for item in ldap.mail_attributes.split(',') -%}
	+ ({{ item \| trim }}=%s)
	+ {%- endfor %}
	+ )
	+ (objectclass=kolabsharedfolder)
	+ (kolabFolderType=mail)
	+ )
	+
	+result_attribute = kolabtargetfolder
	+result_format = "shared+%s"

File Metadata

Mime Type: text/plain
Expires: Fri, Apr 3, 9:38 PM (12 h, 32 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18826735
Default Alt Text: D732.1775252308.diff (146 KB)

D732.1775252308.diffNo OneTemporaryActions

D732.1775252308.diffView Options

File Metadata

Event Timeline

D732.1775252308.diff
No OneTemporary
Actions

D732.1775252308.diff
View Options