diff --git a/source/administrator-guide/faq.rst b/source/administrator-guide/faq.rst index 899a7fbd..6800dc54 100644 --- a/source/administrator-guide/faq.rst +++ b/source/administrator-guide/faq.rst @@ -1,88 +1,88 @@ ============================= Frequently Answered Questions ============================= .. _faq-no-add-user-button-or-link: No "Add User" Button or Link ============================ If this link is not there (you would also not have been presented with a form), you do not have permissions, you did not configure SELinux the way it was documented, firewall, DNS. Log Messages ============ .. seealso:: * :ref:`admin_faq_email-blocked-spamhaus` Unable to open /etc/sasldb2 --------------------------- No :file:`user_deny.db` ----------------------- .. parsed-literal:: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory No authentication ------------------ .. parsed-literal:: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Debug level information, can be ignored. You can reduce verbosity by -setting ``debug: 0`` in :man:`imapd.conf(5)`, or by not including debug -messages on the mail facility in syslog. +setting ``debug: 0`` in :manpage:`imapd.conf(5)`, or by not including +debug messages on the mail facility in syslog. Unable to setsocketopt ----------------------- .. parsed-literal:: unable to setsocketopt(IP_TOS) service ptloader/unix: Operation not supported Informational message issued on startup. Not critical. Anti-Spam ========= No ``X-Spam`` Headers --------------------- .. _admin_faq_email-blocked-spamhaus: Email Blocked Using zen.spamhaus.org ------------------------------------ You are seeing the following in :file:`/var/log/maillog` (line breaks added for legibility): .. parsed-literal:: NOQUEUE: reject: RCPT from unknown[3.2.1.0]: 554 5.7.1 Service \\ unavailable; Client host [3.2.1.0] blocked using zen.spamhaus.org; \\ from= This message indicates your SMTP server, receiving a message from the Internet, has refused the message. The sending host (at IP address 3.2.1.0) is blocked using a centralized, external service (spamhaus.org), that keeps track of hosts and networks on the Internet with a reputation of spamming. For more information on this service, see http://www.spamhaus.org/zen/. You will want to continue performing these checks, but just in case you do not want to, the relevant setting in Postfix is: .. parsed-literal:: # postconf smtpd_sender_restrictions It is the responsibility of the sending host to notify the original sender the message was not delivered. diff --git a/source/administrator-guide/kolab-freebusy-reference.rst b/source/administrator-guide/kolab-freebusy-reference.rst index 1b38c263..05b75c02 100644 --- a/source/administrator-guide/kolab-freebusy-reference.rst +++ b/source/administrator-guide/kolab-freebusy-reference.rst @@ -1,454 +1,454 @@ .. _admin_kolab-freebusy-settings: ========================================= Kolab Freebusy Service Settings Reference ========================================= The web service is configured using a single settings file in .ini format located in ``/etc/kolab-freebusy/config.ini``. The configuration is divided into the following static sections and a list **directory** sections defining the list of directories used to search for freebusy for the requested user or resource. The directories are iterated from to to bottom in the order as they appear in the config file. The iteration stops once a directory can provide valid freebusy data. Basic Configuration =================== [httpauth] ---------- Access to the web service can be protected with basic HTTP authentication. This section controls the authentication with the following options: ``type`` ^^^^^^^^ Either one of 'static' or 'ldap'. 'static' provides a simple authentication with a static username/password pair. 'ldap' will perform an LDAP login with the provided username and password. Only users who can authenticate on LDAP will be granted access to the service. ``username`` ^^^^^^^^^^^^ Static username used with type 'static'. ``password`` ^^^^^^^^^^^^ Static password used with type 'static'. ``host`` ^^^^^^^^ Fully qualified URI to the LDAP server, including protocol and port. Example: ``ldap://localhost:389`` ``bind_dn`` ^^^^^^^^^^^ DN for binding to the LDAP service. Should be an unprivileged user with read-only access. Example: ``uid=kolab-service,ou=Special Users,dc=example,dc=org`` ``bind_pw`` ^^^^^^^^^^^ Password for binding to the LDAP service. ``filter`` ^^^^^^^^^^ Optional. Filter used to first resolve the username against LDAP. ``%s`` is replaced by the username. Example: ``(&(|(mail=%s)(alias=%s)(uid=%s))(objectclass=inetorgperson))`` [trustednetworks] ----------------- Allow privileged access from these IPs and skip HTTP authentication in case httpauth is configured. Privileged access means that instead of a dummy freebusy data block, a 404 error is returned if a user or resource could not be resolved. ``allow`` ^^^^^^^^^ A list of IPs, subnets or patterns which are considered trusted. Examples: .. parsed-literal:: allow = 127.0.0.1, 192.168.0.0/16, 10.10.*, ::1 .. _admin_kolab-freebusy-settings-log: [log] ----- Logging configuration. ``driver`` ^^^^^^^^^^ Supported drivers are 'file' and 'syslog' ``path`` ^^^^^^^^ Local filesystem path to a directory where log files will be created. ``name`` ^^^^^^^^ Filename or syslog identifier. ``level`` ^^^^^^^^^ The general log level. Possible values are: * 100 = Debug * 200 = Info * 300 = Warn * 400 = Error * 500 = Critical .. _admin_kolab-freebusy-settings-directories: Directories and Sources ======================= Directories are defined as named sections like .. code-block:: ini [directory "local"] and use the following options depending on the specified type: ``type`` -------- Either one of 'static' or 'ldap'. 'static' denotes a simple directory with an optional ``filter`` option providing a regular expression to matching the requested user name. 'ldap' directories perform an LDAP query to validate the requested user name and to provide additional attributes used for retrieving freebusy data from the linked source. This type uses the following configuration options: * host * bind_dn * bind_pw * base_dn * filter * primary_domain * attributes * attributes_lc (optional) * domain_filter (optional) * domain_base_dn (optional) ``filter`` ---------- Optional. String denoting a regular expression matched against the user name. See `PHP PCRE Manual `_ for the allowed regex syntax. ``host`` -------- Fully qualified URI to the LDAP server, including protocol and port. Example: ``ldap://localhost:389`` ``bind_dn`` ----------- DN for binding to the LDAP service. Should be an unprivileged user with read-only access. Example: ``uid=kolab-service,ou=Special Users,dc=example,dc=org`` ``bind_pw`` ----------- Password for binding to the LDAP service. ``filter`` ---------- Filter used to find the given user in LDAP. ``%s`` is replaced by the full user name, ``%u`` by the local part of the user name. Example: ``"(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%s)(alias=%s)))"`` ``base_dn`` ----------- +----------- Base DN used for the user query to LDAP. ``%dc`` is replaced by the DN matching the user name domain. Example: ``"ou=People,%dc"`` ``primary_domain`` ------------------ Fall-back domain name used for queries without fully qualified email addresses. ``attributes`` -------------- List of attributes which should be fetched from the matching LDAP entry. These will then replace placeholders in the ``fbsource`` URI. Example: ``mail, sn`` ``lc_attributes`` ----------------- List of entry attributes which are read form LDAP and are converted into lower-case characters. ``domain_filter`` ----------------- Filter used to resolve the root DN (``%dc``) for the the given user name domain. ``%s`` is replaced by the domain part of the user name. Example: ``"(&(objectclass=domainrelatedobject)(associateddomain=%s))"`` ``domain_base_dn`` ------------------ Base DN used for resolving the domain root DN with LDAP Example: ``"cn=kolab,cn=config"`` ``mail_attributes`` ------------------- List of entry attributes which denote the user's email address(es). Only used in conjunction with an 'imap' source. These attributes are used to determine whether events from shared calendars affect the user's availability. Email addresses from all these attributes are matched against the list of event attendees. ``fbsource`` ------------ This option defines the **Source** where freebusy data for the matching user is fetched from. The value is a fully qualified URI with the protocol identifier denoting the type of the source. Example: ``file:/var/lib/kolab-freebusy/%mail.ifb`` The follwing source types are supported: ``file`` ^^^^^^^^ .. code-block:: ini fbsource = file:/var/lib/kolab-freebusy/%mail.ifb ``%mail`` is a placeholder for the ``mail`` attribute from LDAP. ``http(s)`` ^^^^^^^^^^^ .. code-block:: ini fbsource = https://:@externalhost.com/free-busy/%s.ics ``%s`` is replaced with the user name from the request. ``imap`` ^^^^^^^^ .. code-block:: ini ;; read data from a users calendars (all) using IMAP proxy authentication fbsource = "imap://%mail:@localhost/?proxy_auth=cyrus-admin" ;; read data from a shared IMAP folder with cyrus-admin privileges fbsource = "imap://cyrus-admin:@localhost/%kolabtargetfolder?acl=lrs" ``%mail`` and ``%kolabtargetfolder`` are placeholders for attributes from LDAP. The ``proxy_auth`` URL parameter performs a proxy authentication using the given admin username (parameter value) and the admin password. The ``acl`` URL parameter will set the defined ACLs to the target IMAP folder in order to let the admin user read its contents. ``fbdaemon`` ^^^^^^^^^^^^ .. code-block:: ini ;; trigger kolab-freebusyd daemon to aggregate data from a user's calendars fbsource = "fbdaemon://localhost:?user=%mail" ;; trigger kolab-freebusyd to fetch data from a shared folder (i.e. for resources) fbsource = "fbdaemon://localhost:?folder=%kolabtargetfolder" ``%mail`` and ``%kolabtargetfolder`` are placeholders for attributes from LDAP. The ``user`` URL parameter specifies the command for accessing IMAP on behalf of this user (proxy authentication) and to collect data from all the calendar folders this user has access to. The ``folder`` parameter instructs the daemon to collect event data from the given IMAP mailbox. ``aggregate`` ^^^^^^^^^^^^^ In Kolab, resource collections are basically a group of recources without having calendar data assigned to the group directly. But we nevertheless want to show the availability for a collection and this is where the aggregate source type is used. .. code-block:: ini ;; LDAP filter to find a group record to aggregate data for all its members filter = "(&(objectClass=kolabgroupofuniquenames)(mail=%s))" attributes = uniquemember, mail resolve_dn = uniquemember resolve_attribute = mail ;; the 'aggregate' source takes one parameter denoting the attribute holding all member email addresses fbsource = "aggregate://%uniquemember" ;; consider these directories for getting the member's free/busy data directories = kolab-resources ``resolve_dn`` specifies the attribute of the group record that holds DNs for members that need to be resolved into valid user names/email addresses to then aggregate data for. ``resolve_attribute`` denotes the attribute of the member records that should replace the DN value. Once the members of a collection are resolved, freebusy data for each of them is fetched from the sources specified in ``directories`` and finally aggregated. .. seealso:: * Architecture & Design, Kolab Freebusy Service, :ref:`and_kolab-freebusy-directory-types` ``cacheto`` ----------- An absolute path to the local file system where freebusy data collected from the configured fbsource is cached for future requests. Can contain placeholders for LDAP attributes or ``%s`` for the requested user name. ``expires`` ----------- Defines the cache expiration time. Can contain numeric values with a unit indicator such as ``h``, ``m``, or ``s``. Example: ``10m`` for 10 minutes ``loglevel`` ------------ Log level for this directory. See :ref:`admin_kolab-freebusy-settings-log` for possible values. .. _admin_kolab-freebusy-settings-examples: Examples ======== The `config.ini.sample `_ file provides a full overview of possible configuration options. Sample Directory for Kolab Users -------------------------------- .. code-block:: ini [directory "kolab-users"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=People,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%s)(alias=%s)))" attributes = mail lc_attributes = mail fbsource = file:/var/lib/kolab-freebusy/%mail.ifb Sample Directory for Resources ------------------------------ .. code-block:: ini [directory "kolab-resources"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=Resources,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabsharedfolder)(mail=%s))" attributes = mail, kolabtargetfolder fbsource = "fbdaemon://localhost:?folder=%kolabtargetfolder" timeout = 10 ; abort after 10 seconds cacheto = /var/cache/kolab-freebusy/%mail.ifb expires = 10m loglevel = 100 ; Debug Sample Directory for Resource Collections ----------------------------------------- .. code-block:: ini [directory "kolab-resource-collections"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=Resources,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabgroupofuniquenames)(mail=%s))" attributes = uniquemember resolve_dn = uniquemember resolve_attribute = mail fbsource = "aggregate://%uniquemember" directories = kolab-resources timeout = 10 ; abort after 10 seconds cacheto = /var/cache/kolab-freebusy/%mail.ifb expires = 10m loglevel = 100 ; Debug diff --git a/source/administrator-guide/roundcube-settings/calendar.txt b/source/administrator-guide/roundcube-settings/calendar.txt index 0bb1bd07..1c5d7860 100644 --- a/source/administrator-guide/roundcube-settings/calendar.txt +++ b/source/administrator-guide/roundcube-settings/calendar.txt @@ -1,213 +1,223 @@ ``calendar_driver`` -========================== +=================== Calendar backend type. Possible values: 'kolab' or 'database' ``calendar_caldav_url`` -================================ +======================= Base URL to build fully qualified URIs to access calendars via CALDAV. Primarily used in a Kolab environment where CalDAV access is provided by the iRony service. -The following replacement variables are supported +The following replacement variables are supported: + +``%h`` + + Current HTTP host + +``%u`` + + Current webmail user name + +``%n`` + + Calendar name -``%h`` - Current HTTP host -``%u`` - Current webmail user name -``%n`` - Calendar name -``%i` - Calendar UUID +``%i` + + Calendar UUID Example: .. code-block:: php - $config['calendar_caldav_url'] = 'http://%h/iRony/calendars/%u/%i'; - + $config['calendar_caldav_url'] = 'http://%h/iRony/calendars/%u/%i'; ``calendar_contact_birthdays`` ============================== Boolean. Enables a read-only birthdays calendar from the user's address book(s). ``calendar_allow_invite_shared`` ================================ Boolean. Allows users to invite/edit attendees for events in shared folders which were created/organized by others. ``calendar_allow_itip_uninvited`` -================================ +================================= Boolean. Allow users to accecpt iTip invitations who are no explicitly listed as an attendee in the invitation message. This can be the case if invitations are sent to mailing lists or alias email addresses. ``calendar_default_view`` ========================= Default view shown when entering the calendar screen. Possible values: 'agendaDay', 'agendaWeek', 'month', 'table'. ``calendar_default_alarm_type`` -========================= +=============================== Undocumented. ``calendar_default_alarm_offset`` -==================== +================================= Undocumented. ``calendar_date_format_sets`` ============================= Undocumented. ``calendar_event_coloring`` =========================== Undocumented. ``calendar_agenda_range`` ========================= Undocumented. ``calendar_first_day`` ====================== Undocumented. ``calendar_first_hour`` ======================= Undocumented. ``calendar_timeslots`` -===================== +====================== Undocumented. ``calendar_time_indicator`` =========================== Undocumented. ``calendar_work_start`` ======================= Undocumented. ``calendar_work_end`` -=================== +===================== Undocumented. ``calendar_itip_after_action`` ============================== Undocumented. ``calendar_itip_smtp_server`` ============================= SMTP host to used for send iTip replies from the unauthenticated web view where external users can accept or decline invitations. Set to '' in order to use PHP's mail() function for email delivery. To override the SMTP port or connection method, provide a full URL like ``tls://somehost:587`` ``calendar_itip_smtp_user`` =========================== SMTP username used to send unauthenticated itip replies. Explicity set to '' for overriding the default configuration from ``smtp_user``. ``calendar_itip_smtp_pass`` =========================== SMTP password used to send unauthenticated itip replies. Explicity set to '' for overriding the default configuration from ``smtp_pass``. ``kolab_invitation_calendars`` ============================== Boolean. Show virtual calendars with pending or declined event invitations. This option only has an effect with the Kolab backend. ``calendar_resources_driver`` ============================= Driver to provide a directory for resource booking. Leave empty or commented out to disable resources support. 'ldap' is the only implementation and possible value yet. ``calendar_resources_directory`` ================================ LDAP directory configuration to find available resources for events. Specify a full LDAP directory as described for :ref:`admin_roundcube-settings_ldap_public`. Some special considerations apply for the LDAP filter and other properties: .. code-block:: php $config['calendar_resources_directory'] = array( (...snip...) 'base_dn' => 'ou=Resources,dc=example,dc=org', - 'filter' => '(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabsharedfolder))', + 'filter' => '(\|(objectclass=kolabgroupofuniquenames)(objectclass=kolabsharedfolder))', (...snip...) 'search_fields' => array('cn'), 'sort' => array('cn'), (...snip...) 'fieldmap' => array( // Internal => LDAP 'name' => 'cn', 'email' => 'mail', 'owner' => 'owner', 'description' => 'description', 'attributes' => 'kolabdescattribute', // "{ : }" 'members' => 'uniquemember', // these mappings are required for owner display 'phone' => 'telephoneNumber', 'mobile' => 'mobile', ), 'class_type_map' => array( // Mapping of object class to _type attribute 'kolabsharedfolder' => 'resource', 'groupofuniquenames' => 'collection', ), 'groups' => array( 'name_attr' => 'cn', // resource collections are detected as groups ), ); diff --git a/source/administrator-guide/roundcube-settings/kolab_auth.txt b/source/administrator-guide/roundcube-settings/kolab_auth.txt index 98160885..7bda72bc 100644 --- a/source/administrator-guide/roundcube-settings/kolab_auth.txt +++ b/source/administrator-guide/roundcube-settings/kolab_auth.txt @@ -1,102 +1,102 @@ ``kolab_auth_addressbook`` ========================== The ID of the LDAP address book (which refers to a entry in ``ldap_public``) or a complete addressbook definition hash array. .. seealso:: * :ref:`admin_roundcube-settings_ldap_public` ``kolab_auth_filter`` ===================== This will overwrite filter property defined in the ``kolab_auth_addressbook``. Use the same placeholders as in the :ref:`admin_roundcube-settings_ldap_public_search_filter` property. ``kolab_auth_login`` ===================== Use this field (from the ``kolab_auth_addressbook`` ``fieldmap`` configuration) to get authentication ID for the logged in user. ``kolab_auth_name`` =================== Undocumented. ``kolab_auth_email`` -=================== +==================== Undocumented. ``kolab_auth_organization`` =========================== Undocumented. ``kolab_auth_admin_login`` ========================== Undocumented. ``kolab_auth_admin_password`` ============================= Undocumented. ``kolab_auth_auditlog`` ======================= Undocumented. ``kolab_auth_role`` =================== Undocumented. ``kolab_auth_admin_password`` ============================= Undocumented. ``kolab_auth_role_value`` ========================= Undocumented. ``kolab_auth_group`` ==================== Undocumented. ``kolab_auth_role_plugins`` =========================== Undocumented. ``kolab_auth_role_settings`` ============================ Undocumented. ``kolab_auth_ldap_addressbooks`` ================================ -Undocumented. \ No newline at end of file +Undocumented. diff --git a/source/administrator-guide/roundcube-settings/ldap_public.txt b/source/administrator-guide/roundcube-settings/ldap_public.txt index 265187a9..430c477e 100644 --- a/source/administrator-guide/roundcube-settings/ldap_public.txt +++ b/source/administrator-guide/roundcube-settings/ldap_public.txt @@ -1,610 +1,610 @@ .. _admin_roundcube-settings_ldap_public: ``ldap_public`` =============== A list of so-called Global Address Books, or Global Address Lists, useful for auto-completion of addresses being typed in to the To, CC and BCC fields when composing an email, when using the ACL plugin, and for searches from mobile devices and desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony). The first item configured here is the identifier of the address book. That being said, an example would look as follows: .. code-block:: php $config['ldap_public'] = Array( 'addressbook1' => Array( (... settings for address book #1 omitted ...) ), 'addressbook2' => Array( (... settings for address book #2 omitted ...) ), ); While it is not very common to have multiple global address books, some organizations put one address book in the list of address books to use for auto-completion, and use another address book to store a copy of the local phone book -- you know, with residents and businesses in the area -- or address books of partner organizations. Using the :ref:`admin_roundcube-settings_autocomplete_addressbooks` setting, one address book can be used for auto-completion, while the other address book is available for searching in the web client, on mobile devices and using desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony). A large amount of settings are available for the global address books. By default, Kolab Groupware configures the organization's address book to use a set of configuration options that is designed to provide an easy growth-path to beyond 1.000 entries. ``name`` -------- The name of the address book as it is presented in Roundcube. Example: .. code-block:: php $config['ldap_public'] = Array( 'addressbook1' => Array( 'name' => 'Global Address Book', ), ); .. NOTE:: The label used here is not available for localization. .. _admin_roundcube-settings_ldap_public_hosts: ``hosts`` --------- A list of LDAP server addresses to use to connect to. Magic configuration values are available: ``%h`` The user's IMAP hostname. ``%n`` The value of ``$_SERVER['SERVER_NAME']``. .. WARNING:: The ``$_SERVER['SERVER_NAME']`` value is not the same as the ``$_SERVER['HTTP_HOST']`` value. ``$_SERVER['SERVER_NAME']`` is a server-side configuration item, ``$_SERVER['HTTP_HOST']`` is an item specified by the client. ``%t`` The value of ``$_SERVER['SERVER_NAME']`` but without the hostname -- ergo, this is the domain name space that ``$_SERVER['SERVER_NAME']`` resides in. For a webserver virtualhost named ``webmail.example.org``, ``%t`` is ``example.org``. For a webserver virtualhost named ``webmail.someone.somewhere.tld``, ``%t`` is ``someone.somewhere.tld``. .. _admin_roundcube-settings_ldap_public_port: ``port`` -------- The port to use to connect to LDAP. .. NOTE:: Note that the port number specified here is used for all server addresses configured in :ref:`admin_roundcube-settings_ldap_public_hosts`. ``use_tls`` ----------- Whether or not to encrypt the connection. Useful with :ref:`admin_roundcube-settings_ldap_public_port` set to 389 (explicit SSL through STARTTLS), not so much with the port set to 636 (implicit SSL). ``ldap_version`` ---------------- The LDAP protocol version to use. Set this to 3 or be prepared to be (unpleasantly) surprised. ``network_timeout`` ------------------- The timeout. ``user_specific`` ----------------- Whether or not to bind to LDAP with the user's credentials, as opposed to global credentials, allowing for organizations to hide or show parts of the Directory Information Tree hierarchy, and/or hide or show certain attributes of certain entries. Set this to ``true`` -- the default in Kolab Groupware -- and configure :ref:`admin_roundcube-settings_ldap_public_search_base_dn` and :ref:`admin_roundcube-settings_ldap_public_search_filter`, and if anonymous binding is not allowed -- the default in Kolab Groupware -- or anonymous searches are not allowed -- the default in Kolab Groupware -- also configure :ref:`admin_roundcube-settings_ldap_public_search_bind_dn` and :ref:`admin_roundcube-settings_ldap_public_search_bind_pw`. .. NOTE:: There is no setting for the search scope. .. _admin_roundcube-settings_ldap_public_base_dn: ``base_dn`` ----------- The base DN to use for searching entries to be presented in the global address book, such as ``ou=Employees,ou=People,dc=example,dc=org``. See :ref:`admin_roundcube-settings_ldap_public_group_filters` for more examples on what else this allows you to do. ``bind_dn`` ----------- The bind dn to use for displaying the address book. Kolab Groupware sets this to ``%dn`` by default, to have the connection be bound with the user's credentials. ``bind_pass`` ------------- The password, which when ``bind_dn`` is set to ``%dn`` (the default), better be ``%p``. .. _admin_roundcube-settings_ldap_public_config_root_dn: ``config_root_dn`` ------------------ Use ``config_root_dn`` to search for VLV and SSS settings. .. _admin_roundcube-settings_ldap_public_domain_base_dn: ``domain_base_dn`` ------------------ .. _admin_roundcube-settings_ldap_public_domain_filter: ``domain_filter`` ----------------- .. _admin_roundcube-settings_ldap_public_domain_name_attr: ``domain_name_attr`` ------------------- +-------------------- .. _admin_roundcube-settings_ldap_public_domain_result_attr: ``domain_result_attr`` ---------------------- .. _admin_roundcube-settings_ldap_public_search_base_dn: ``search_base_dn`` ------------------ When searching for object entries that match the logged in user, start searching at this base DN. Useful when you want to limit who can use the address book with their own credentials, versus 'anonymously', and/or when attribute values searched for are not globally unique. One could set ``base_dn`` to ``ou=People,dc=example,dc=org``, while setting ``search_base_dn`` to ``ou=Management,ou=Employees,ou=People,dc=example,dc=org``. One could then set an ACL on ``ou=Employees,ou=People,dc=example,dc=org``, that does not permit the credentials configured in ``search_dn_default`` to read certain attributes of entries, such as ``street``, ``mobile``, and other such information that might be personal in nature. .. _admin_roundcube-settings_ldap_public_search_filter: ``search_filter`` ----------------- When searching for object entries that match the logged in user, use the search filter configured with this setting. Magic configuration values are available: ``%fu`` The full username, usually also the user's primary email address, though possibly of the form ``@``. The full extent of possibilities (which depend on configuration and plugins interacting with the authentication process) is beyond the scope of this document, so suffice it to say that :ref:`admin_roundcube-settings-plugin_kolab_auth` applies a process called :term:`canonification` that makes ``%fu`` be substituted by the fully qualified primary recipient email address of the Kolab user. In Kolab Groupware, by default, the attribute value of ``mail`` is used. This is also the user's mailbox name (``user/`` or ``user/john.doe@example.org`` for user ``john.doe@example.org``) and is globally unique. Example: ``(&(objectclass=kolabinetorgperson)(mail=%fu))``. ``%u`` The username local part, or "everything before the '@'". In ``john.doe@example.org``, this would become ``john.doe``. To allow users to log in with their ``uid`` attribute value, one could specify ``(&(objectclass=kolabinetorgperson)(uid=%u))``. ``%d`` The domain name space of the username, or "everything after the '@'". In ``john.doe@example.org``, this would become ``example.org``. ``%dc`` The root dn that corresponds with the domain name space used to login. When ``john.doe@example.org`` logs in, the domain name space of ``example.org`` would typically correspond with a root dn of ``dc=example,dc=org`` -- if ``example.org`` is a :term:`parent domain name space` and no :term:`domain_result_attribute` is available for the ``domainrelatedobject`` entry. .. NOTE:: Using ``%dc`` requires :ref:`admin_roundcube-settings_ldap_public_domain_base_dn`, :ref:`admin_roundcube-settings_ldap_public_domain_filter`, :ref:`admin_roundcube-settings_ldap_public_domain_name_attr`, and :ref:`admin_roundcube-settings_ldap_public_domain_result_attr` .. _admin_roundcube-settings_ldap_public_search_bind_dn: ``search_bind_dn`` ------------------ The bind dn to use when searching for object entries that match the user currently logged in. This should be a privileged entity that is allowed to search throughout the tree configured in ``search_base_dn``, but has no privileges other than to read the relevant attributes of entries. By default, Kolab Groupware configures this setting to be the same setting used for Postfix lookup tables, namely ``uid=kolab-service,ou=Special Users,dc=example,dc=org``. This entry has specific search, time and lookthrough limitations configured, allowing it to search throughout the entire Directory Information Tree hierarchy. .. _admin_roundcube-settings_ldap_public_search_bind_pw: ``search_bind_pw`` ------------------ The bind password to use alongside :ref:`admin_roundcube-settings_ldap_public_search_bind_dn`. ``search_bind_attrib`` ---------------------- Undocumented. ``search_dn_default`` --------------------- Undocumented. ``auth_cid`` ------------ Not used in Kolab Groupware. ``auth_method`` --------------- Not used in Kolab Groupware. ``hidden`` ---------- A boolean, this configuration option allows you to hide this address book from the address book task view. Default: ``false``. ``searchonly`` -------------- Renders the address book searchable only -- meaning, its contents cannot be browsed. Default: ``false``. ``writable`` ------------ Not used in Kolab Groupware. ``LDAP_Object_Classes`` ----------------------- Not used in Kolab Groupware. ``LDAP_rdn`` ------------ Not used in Kolab Groupware. ``required_fields`` ------------------- Not used in Kolab Groupware. ``search_fields`` ----------------- A list of attribute names to search values for, when searching is executed. Default: ``displayName``, ``mail``. .. NOTE:: Only list attribute names for which the appropriate indexes have been created. In the context of searching, presence and equality indexes are insufficient. .. NOTE:: The attribute ``alias`` is not included by default, because the attribute does not -- by default -- have an index created on it. See :ref:`admin_ldap_controlling_indexes_and_indexing` for information on indexes. ``fieldmap`` ------------ The fieldmap maps LDAP attribute names to Roundcube placeholder names. .. rubric:: Example .. code-block:: php 'fieldmap' => Array( 'name' => 'displayName', 'surname' => 'sn', 'firstname' => 'givenName', 'initials' => 'initials', 'jobtitle' => 'title', 'email' => 'mail:*' 'phone:home' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'department' => 'ou', (...) ), ``sub_fields`` -------------- Undocumented. ``autovalues`` -------------- Undocumented. ``sort`` -------- A list of attribute names to sort entries by. Kolab Groupware uses a default of ``displayname``, ``sn``, ``givenname``, ``cn``, in that order, which very much corresponds with the default Server-Side Sorting configuration we recommend you use when your Directory Information Tree is likely to contain over 1.000 entries. .. seealso:: * Administrator Guide, Tweaking LDAP, :ref:`admin_ldap_configure-sss` * Administrator Guide, Tweaking LDAP, :ref:`admin_ldap_configure-vlv` ``scope`` --------- The :term:`search scope` to use when looking for address book entries, starting at the :ref:`admin_roundcube-settings_ldap_public_base_dn`. ``filter`` ---------- The filter to use when searching for entries to display in the address book. By default, Kolab Groupware sets this to ``(objectclass=inetorgperson)``, so that not only Kolab users (``(objectclass=kolabinetorgperson)``) are a part of the address book, but any non-Kolab users in LDAP, and any non-Groupware users (such as external contacts) are part of the address book too. .. seealso:: * :ref:`admin_roundcube-settings_ldap_public_vlv` ``fuzzy_search`` ---------------- Undocumented. .. _admin_roundcube-settings_ldap_public_vlv: ``vlv`` ------- ``true`` or ``false`` (default), the ``vlv`` boolean configures Roundcube to use the server-side Virtual List View control, ideal for sorting, pagination and -- a particular feature of Kolab Groupware's ``Net/LDAP3`` -- responsive, fuzzy searching capabilities regardless of the size of the Directory Information Tree. In order to automatically delect available VLV indexes, the option ``config_root_dn`` needs to be set as well. .. seealso:: * Administrator Guide, Tweaking LDAP, :ref:`admin_ldap_configure-sss` * Administrator Guide, Tweaking LDAP, :ref:`admin_ldap_configure-vlv` ``vlv_search`` -------------- DEPRECATED. Use Virtual List View functions for autocompletion searches. This option is obsolete when ``vlv`` is enabled. ``numsub_filter`` ----------------- With ``vlv`` enabled, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting. Only set this option if your php-ldap module doesn't support the ``ldap_parse_virtuallist_control()`` function which is part of an unofficial patch to php-ldap. ``config_root_dn`` ------------------ The base DN to be used for searching LDAP configuration sesstings such as VLV indexes. Set to ``cn=config`` as the default value for standard Kolab setups. Without this option, no VLV will be used for LDAP queries. ``sizelimit`` ------------- Undocumented. ``timelimit`` ------------- Undocumented. ``referrals`` ------------- Undocumented. ``groups`` ---------- Undocumented. ``base_dn`` ``````````` Undocumented. ``scope`` ````````` Undocumented. ``filter`` `````````` Undocumented. ``object_classes`` `````````````````` Undocumented. ``member_attr`` ``````````````` Undocumented. ``name_attr`` ````````````` Undocumented. ``email_attr`` `````````````` Undocumented. ``member_filter`` ````````````````` Undocumented. ``vlv`` ``````` Undocumented. ``class_member_attr`` ````````````````````` Undocumented. .. _admin_roundcube-settings_ldap_public_group_filters: ``group_filters`` ----------------- Group filters are used for advanced navigation of LDAP hierarchies, using the web client's address book pages. ``name`` ```````` Undocumented. ``scope`` ````````` Undocumented. ``base_dn`` ``````````` Undocumented. ``filter`` `````````` Undocumented. ``name_attr`` ````````````` Undocumented. diff --git a/source/administrator-guide/roundcube-settings/libkolab.txt b/source/administrator-guide/roundcube-settings/libkolab.txt index b55bd3a0..66186914 100644 --- a/source/administrator-guide/roundcube-settings/libkolab.txt +++ b/source/administrator-guide/roundcube-settings/libkolab.txt @@ -1,106 +1,105 @@ ``kolab_format_version`` ======================== Specify format version to write Kolab objects. Defaults to '3.0' but can be set to '2.0' for using the old Kolab v2 format for storing groupware objects. ``kolab_freebusy_server`` ========================= Optional override of the base URL to read Free/Busy information of Kolab users from. Defaults to ``https:///freebusy``. ``kolab_use_subscriptions`` =========================== Lists only subscribed groupware folders in the web client (e.g. calendar view or address books). ``kolab_skip_namespace`` ======================== A list with any of 'personal','shared','other' namespaces to be excluded from groupware folder listing. With the new folder searching features in Kolab 3.3, this setting can be used to exclude shared folders from e.g. the 'other' namespace in regular folder listings and searches. Example: .. code-block:: php - $config['kolab_skip_namespace'] = array('other'); + $config['kolab_skip_namespace'] = array('other'); .. seealso:: - * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` + * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` ``kolab_http_request`` ====================== Configuration options of HTTP requests sent from the server to external systems (e.g. for Free/Busy) data fetching. See `HTTP_Request2 Docs `_ or list of supported configuration options. Provide the options as hash array with key-value pairs. .. _admin_roundcube-settings-plugin_libkolab_kolab_users_directory: - ``kolab_users_directory`` -======================== +========================= LDAP directory to find avilable users for folder sharing. This is used when searching for groupware folders shared by other users. The web client will perform an LDAP search with the given search term and resolve the matches to shared folders in the 'other' namespace. Either contains an array with a full LDAP addressbook configuration or a string value which refers to an entry in :ref:`admin_roundcube-settings_ldap_public`. If not specified, the configuration from ``kolab_auth_addressbook`` will be used. ``kolab_users_filter`` ====================== Filter to be used for resolving user folders in LDAP. Defaults to the ``kolab_auth_filter`` configuration option from the ``kolab_auth`` plugin. .. seealso:: - * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` - * :ref:`admin_roundcube-settings-plugin_kolab_auth` + * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` + * :ref:`admin_roundcube-settings-plugin_kolab_auth` ``kolab_users_id_attrib`` ========================= Which property of the LDAP user record to use for user folder mapping in IMAP. Defaults to the ``kolab_auth_login`` configuration option from the ``kolab_auth`` plugin. .. seealso:: - * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` - * :ref:`admin_roundcube-settings-plugin_kolab_auth` + * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` + * :ref:`admin_roundcube-settings-plugin_kolab_auth` ``kolab_users_search_attrib`` ============================= List of LDAP attributes to be used when searching users in folder search queries. Defaults to ``array('cn','mail','alias')`` .. seealso:: - * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` + * :ref:`admin_roundcube-settings-plugin_libkolab_kolab_users_directory` diff --git a/source/administrator-guide/using-the-kolab-command-line.rst b/source/administrator-guide/using-the-kolab-command-line.rst index 10130888..847735bf 100644 --- a/source/administrator-guide/using-the-kolab-command-line.rst +++ b/source/administrator-guide/using-the-kolab-command-line.rst @@ -1,566 +1,570 @@ ============================ Using the Kolab Command-Line ============================ The **kolab** command-line is a powerful administration utility allowing you to quickly execute standard administrative tasks. acl-cleanup ----------- -Iterate over all mailboxes and clean up the ACL. Useful in deployments +Iterate over all mailboxes and cleans up the ACL. Useful in deployments where any ACI may be used with setting the ACE, because identifier verification is disabled or otherwise unavailable. -It is important to appreciate that an ACE for 'doe@example.org' is not -removed when the user 'doe@example.org' is removed -- when a new user is -created with a :term:`result attribute` value of 'doe@example.org', this -user implicitly has the access specified by the ACE. +It is important to appreciate that an ACE for ``doe@example.org`` is +not removed when the user ``doe@example.org`` is removed -- when a new +user is created with a :term:`result attribute` value of +``doe@example.org``, this user implicitly has the access specified by +the ACE. add-domain ---------- This command adds a new domain name space to Kolab Groupware. .. rubric:: Synopsis .. parsed-literal:: kolab add-domain [options] .. rubric:: Command-Line Options .. program:: add-domain .. option:: domain The domain to add. .. option:: --alias domain Add the domain as an alias for the domain specified as ``--alias``. .. seealso:: + * :ref:`howto-multi-domain` + * :ref:`article-standard-multi-domain-and-hosted-kolab` + .. add-group-admin .. --------------- .. .. Not yet implemented. .. .. add-group-member .. ---------------- .. .. Not yet implemented. .. .. add-user .. -------- .. .. Not yet implemented. cm -- Short-hand for :ref:`admin_cli_create-mailbox`. .. _admin_cli_create-mailbox: create-mailbox -------------- Create a mailbox or mail folder. .. rubric:: Synopsis .. parsed-literal:: kolab create-mailbox [options] .. rubric:: Command-Line Options .. program:: create-mailbox .. option:: mailbox The mailbox to create. .. option:: --metadata KEY=VALUE Set the metadata KEY for the mailbox or mail folder to VALUE. Specify once for each pair of KEY=VALUE. See :file:`/etc/imapd.annotations.conf` for valid KEYs, the permissions required to set them, namespaces and the format of the VALUE. .. option:: --partition=PARTITION .. versionadded:: pykolab-0.6.11 Specify the Cyrus IMAP partition on which to create the mailbox. If not specified, uses the ``defaultpartition`` configured in :manpage:`imapd.conf(5)`. .. rubric:: Example Usage Create a new mail folder for user John Doe: .. parsed-literal:: # :command:`kolab create-mailbox` "user/john.doe/New@example.org" Create a new calendar for user John Doe: .. parsed-literal:: # :command:`kolab create-mailbox` \\ --metadata=/shared/vendor/kolab/folder-type=event \\ "user/john.doe/New Calendar@example.org" Create a new default calendar folder for user John Doe. .. NOTE:: Only one default calendar folder may exist. .. parsed-literal:: # :command:`kolab create-mailbox` \\ --user john.doe@example.org \\ --metadata=/private/vendor/kolab/folder-type=event.default \\ "New Calendar" .. seealso:: * :ref:`admin_cli_subscribe-user` dam --- Short-hand for :ref:`admin_cli_delete-mailbox-acl` .. delete-domain .. ------------- .. .. Not yet implemented. .. .. delete-group-admin .. ------------------ .. .. Not yet implemented. .. .. delete-group-member .. ------------------- .. .. Not yet implemented. delete-mailbox (dm) ------------------- Delete a mailbox. .. rubric:: Synopsis .. parsed-literal:: kolab delete-mailbox .. rubric:: Command-Line Options .. program:: delete-mailbox .. option:: pattern Delete all mailboxes matching :term:`pattern`. .. rubric:: Example Usage Delete a mail folder for user John Doe: .. parsed-literal:: # :command:`kolab delete-mailbox` "user/john.doe/Trash/Oops@example.org" Delete all non-INBOX folders for user John Doe: .. parsed-literal:: # :command:`kolab delete-mailbox` "user/jane.doe/%@example.org" .. _admin_cli_delete-mailbox-acl: delete-mailbox-acl ------------------ Delete an ACE for a mailbox. .. rubric:: Command-Line Options .. program:: delete-mailbox-acl .. option:: pattern Delete the ACE from mailboxes matching the specified :term:`pattern`. .. option:: subject Delete the ACE for this subject. .. seealso:: * :ref:`admin_cli_list-mailbox-acls` * :ref:`admin_cli_set-mailbox-acl` .. delete-user .. ----------- .. .. Not yet implemented. .. .. edit-group .. ---------- .. .. Not yet implemented. .. .. edit-user .. --------- .. .. Not yet implemented. .. lam --- Short-hand for :ref:`admin_cli_list-mailbox-acls` list-deleted-mailboxes ---------------------- .. rubric:: Synopsis .. parsed-literal:: kolab list-deleted-mailboxes [pattern] .. rubric:: Command-Line Options .. program:: list-deleted-mailboxes .. option:: pattern List deleted mailboxes matching the specified :term:`pattern`. .. option:: --server server Connect to the IMAP server at address instead of the configured IMAP server. .. _admin_cli_list-mailbox-acls: list-mailbox-acls ----------------- .. rubric:: Command-Line Options .. program:: list-mailbox-acls .. option:: pattern List the ACL for mailboxes matching the specified :term:`pattern`. .. seealso:: -* :ref:`admin_cli_delete-mailbox-acl` -* :ref:`admin_cli_set-mailbox-acl` -* :ref:`admin_imap-access-rights-reference` + * :ref:`admin_cli_delete-mailbox-acl` + * :ref:`admin_cli_set-mailbox-acl` + * :ref:`admin_imap-access-rights-reference` list-mailbox-metadata --------------------- .. rubric:: Command-Line Options .. program:: list-mailbox-metadata .. option:: --user user List the mailbox metadata logged in as the user, enabling the examination of the /private metadata namespace in addition to the /shared namespace. list-mailboxes (lm) ------------------- .. rubric:: Command-Line Options .. program:: list-mailboxes .. option:: --server server Connect to the IMAP server at address instead of the configured IMAP server. list-user-subscriptions ----------------------- .. rubric:: Command-Line Options .. program:: list-user-subscriptions .. option:: user The user identifier to list the (un)subscribed folders for. .. option:: --unsubscribed List folders the user is not subscribed to, instead of subscribed folders. rename-mailbox -------------- sam --- Short-hand for :ref:`admin_cli_set-mailbox-acl` .. _admin_cli_set-mailbox-acl: set-mailbox-acl --------------- Sets an access control entry (ACE) for a given subject. .. rubric:: Synopsis .. parsed-literal:: kolab set-mailbox-acl .. rubric:: Command-Line Options .. program:: set-mailbox-acl .. option:: pattern Apply the ACE to mailboxes matching the specified :term:`pattern`. .. option:: subject Set the ACE for the subject specified. .. option:: rights The ACE subject is getting these rights. In addition to the regular IMAP access right identifiers, the kolab command- line takes the following rights: **all** Full rights, including administration. The IMAP equivalent is ``lrswipkxtecda``. **read-only** Read-only rights, with the IMAP equivalent being ``lrs``. **read-write** Permissions most suitable for access to a (shared) groupware folder. The rights allow a subject to modify groupware contents, such as marking tasks as completed. The IMAP equivalent is ``lrswited``. **semi-full** Allow the subject to insert new message (copies), such as groupware content, and flag current messages as deleted. Also allow the subject to maintain flags other than the system flags ``\Seen`` and ``\Deleted`` (such as ``\Flagged``). Note that the rights do not include the right to EXPUNGE the folder, meaning that messages therein remain available. The IMAP equivalent is ``lrswit``. **full** Everything but administrator rights, so that the subject cannot modify the access control on the folder. .. rubric:: Example Usage Set the access rights for ``john.doe@example.org`` to administer a folder ``shared/contacts@example.org``: .. parsed-literal:: # :command:`kolab sam shared/contacts@example.org john.doe@example.org all` Give access to ``jane.doe@example.org`` to read and write contacts in a folder ``shared/contacts@example.org``: .. parsed-literal:: # :command:`kolab sam shared/contacts@example.org jane.doe@example.org read-write` .. seealso:: * :ref:`admin_cli_list-mailbox-acls` * :ref:`admin_cli_delete-mailbox-acl` * :ref:`admin_imap-access-rights-reference` set-mailbox-metadata -------------------- .. rubric:: Command-Line Options .. program:: set-mailbox-metadata .. option:: --user user Set the mailbox metadata logged in as the user, enabling the modification of the /private metadata namespace annotation values. .. _admin_cli_subscribe-user: subscribe-user -------------- .. rubric:: Synopsis .. parsed-literal:: kolab subscribe-user .. rubric:: Command-Line Options .. program:: subscribe-user .. option:: user Subscribe the specified user. .. NOTE:: The user will be subscribed only of the user also has rights to the folder. .. option:: pattern Subscribe the user specified to mailboxes matching the specified :term:`pattern`. summarize-quota-allocation (sqa) -------------------------------- Summarize all quota allocation for all mailboxes. .. rubric:: Command-Line Options .. program:: summarize-quota-allocation .. option:: --server server Connect to the IMAP server at address instead of the configured IMAP server. sync ---- Synchronize IMAP. .. rubric:: Command-Line Options .. program:: sync .. option:: --resync Resync. .. option:: --threads THREADS Number of threads. transfer-mailbox ---------------- Transfer a mailbox from the server it is currently on, to the server you specify. .. WARNING:: Transferring mailboxes may take quite a bit of time, depending on the connection speed between the two IMAP servers, and the size of a mailbox (tree). Make sure that despite your workstation's session possibly being interrupted, the command can continue, by using :manpage:`screen(1)` for example. .. rubric:: Synopsis .. parsed-literal:: kolab transfer-mailbox .. rubric:: Command-Line Options .. program:: transfer-mailbox .. option:: mailbox Transfer the mailbox specified, such as ``user/john.doe@example.org``. .. option:: server Transfer the mailboxes to the server specified. .. rubric:: Example Usage Transfer mailbox ``user/john.doe@example.org`` currently on IMAP server ``imap1.example.org`` over to IMAP server ``imap2.example.org``: .. parsed-literal:: # :command:`kolab transfer-mailbox user/john.doe@example.org imap2.example.org` .. .. option:: --server server .. .. When initially connecting to list the mailboxes matching .. :option:`transfer-mailbox pattern`, connect to the server specified, instead .. of the configured IMAP server. undelete-mailbox ---------------- user-info --------- This command retrieves information about a user from the Web Administration Panel API (places a ``user.info`` API call), and prints all attributes for the corresponding user type. .. rubric:: Synopsis .. parsed-literal:: kolab user-info
.. rubric:: Command-Line Options .. program:: user-info .. option:: address The primary or secondary recipient email address for the user, that is globally unique, such as ``john.doe@example.org``. Sieve Operations ================ list ---- put --- refresh -------