diff --git a/conf/kolab.conf b/conf/kolab.conf index 34ce30d..4b590b9 100644 --- a/conf/kolab.conf +++ b/conf/kolab.conf @@ -1,451 +1,452 @@ [kolab] ; Set this to the primary domain name space served within this Kolab Groupware ; deployment. primary_domain = example.org ; This is the primary authentication mechanism used, and contains the list of ; domain name spaces for this deployment. Each domain name space may have its ; own auth_mechanism setting. ; ; Valid options currently include only 'ldap'. auth_mechanism = ldap ; The IMAP backend to use - currently supported values include only ; 'cyrus-imap'. imap_backend = cyrus-imap ; The default locale for this Kolab Groupware installation default_locale = en_US ; Synchronization interval - describes the number of seconds to wait in ; between non-persistent synchronization attempts. Relevant only for ; deployments that lack persistent search and syncrepl ldap controls. sync_interval = 300 ; Synchronization interval for domains - describes the number of seconds ; to wait in between polls for new and deleted domain name spaces. domain_sync_interval = 600 ; The policy to use when originally composing the uid attribute value. ; Normally '%(surname)s.lower()', the transliterated value of the 'sn', ; in all lower-case. ; ; Other examples include: ; ; policy_uid = '%(givenname)s'[0:1]%(surname)s.lower() ; policy_uid = %(givenname)s policy_uid = %(surname)s.lower() ; Primary and secondary recipient address policies. This is called the ; recipient policy as documented in: ; ; http://docs.kolab.org/administrator-guide/configuring-the-kolab-server.html#recipient-policy ; ; Note this is the global default, and each [$domain] section can have ; their own (as in this default configuration, see [example.org]). primary_mail = %(surname)s@%(domain)s secondary_mail = { 0: { "{0}.{1}@{2}": "format('%(givenname)s'[0:1].capitalize(), '%(surname)s', '%(domain)s')" }, 1: { "{0}@{1}": "format('%(uid)s', '%(domain)s')" }, 2: { "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')" } } ; To disable the application of the recipient policy by the daemon ('kolabd' service), ; uncomment the next line. ;daemon_rcpt_policy = False ; A global default for folders to create in addition to the INBOX ; folder. autocreate_folders = { 'Archive': { 'quota': 0, 'partition': 'archive' }, 'Calendar': { 'annotations': { '/private/vendor/kolab/folder-type': "event.default", '/shared/vendor/kolab/folder-type': "event", }, }, 'Calendar/Personal Calendar': { 'annotations': { '/shared/vendor/kolab/folder-type': "event", }, }, 'Configuration': { 'annotations': { '/private/vendor/kolab/folder-type': "configuration.default", '/shared/vendor/kolab/folder-type': "configuration", }, }, 'Contacts': { 'annotations': { '/private/vendor/kolab/folder-type': "contact.default", '/shared/vendor/kolab/folder-type': "contact", }, }, 'Contacts/Personal Contacts': { 'annotations': { '/shared/vendor/kolab/folder-type': "contact", }, }, 'Drafts': { 'annotations': { '/private/vendor/kolab/folder-type': "mail.drafts", }, }, 'Files': { 'annotations': { '/private/vendor/kolab/folder-type': "file.default", + '/shared/vendor/kolab/folder-type': "file", }, }, 'Journal': { 'annotations': { '/private/vendor/kolab/folder-type': "journal.default", '/shared/vendor/kolab/folder-type': "journal", }, }, 'Notes': { 'annotations': { '/private/vendor/kolab/folder-type': 'note.default', '/shared/vendor/kolab/folder-type': 'note', }, }, 'Sent': { 'annotations': { '/private/vendor/kolab/folder-type': "mail.sentitems", }, }, 'Spam': { 'annotations': { '/private/vendor/kolab/folder-type': "mail.junkemail", }, }, 'Tasks': { 'annotations': { '/private/vendor/kolab/folder-type': "task.default", '/shared/vendor/kolab/folder-type': "task", }, }, 'Trash': { 'annotations': { '/private/vendor/kolab/folder-type': "mail.wastebasket", }, }, } [autodiscover] ; service hosts (%d will be replaced by user domain) ; for imap/pop3/smtp protocol prefix and port is required activesync = activesync.%d imap = ssl://imap.%d:993 pop3 = ssl://pop3.%d:995 smtp = ssl://smtp.%d:465 ; LDAP attribute used as login login_attribute = mail ; optional service name service_name = Kolab Groupware service_short = Kolab ; enables HTTP/LDAP debugging ;debug_mode = trace [imap] virtual_domains = userid [ldap] ; The URI to LDAP ldap_uri = ldap://localhost:389 ; A list of integers containing supported controls, to increase the efficiency ; of individual short-lived connections with LDAP. supported_controls = 0,2,3 ; The base dn for the deployment. Note that this is the highest level in the ; tree Kolab will ever go. Should your OU structure allow it, you could set this ; to ou=Kolab,ou=Not-So-Private,dc=example,dc=org. base_dn = dc=example,dc=org ; The (administrative) bind dn and corresponding password. ; ; Feel free to set this to a DN with only read permissions on the tree. These ; credentials are used by the Kolab Daemon only, as it might need to set ; additional attributes in order to apply plugins successfully. Such attributes ; could include the first two values in the 'mail_attributes' list (see further ; down) to complete the 'recipient_policy' (see further down), mail quota, ; the mail server attribute, and others. bind_dn = cn=Directory Manager bind_pw = Welcome123 ; Bind DN and password used for services. The DN should have read and search ; privileges only, but should be able to read all relevant parts of the tree. ; ; These credentials are used by, among others, Postfix, Wallace, programs that ; need to find the user DN before binding as the user (including the webadmin ; API, Roundcube, Syncroton). service_bind_dn = uid=kolab-service,ou=Special Users,%(base_dn)s service_bind_pw = wc18bqshFmifGtN ; The base DN, search scope and filter to use when searching for users of any ; type. User types are of primary purpose to the web admin (API), but the ; generic base DN, scope and filter allow us to configure other services as ; well, including Address Books in Roundcube and for Syncroton, the list of ; users in the web admin (API), etc. user_base_dn = ou=People,%(base_dn)s user_scope = sub user_filter = (objectclass=inetorgperson) ; The base DN, scope and filter to use when searching for users of the 'kolab' ; type. This filter is preferred when searching for Kolab users specifically, ; such as in the synchronisation between LDAP and IMAP. Also, it is ; (preferrably) only Kolab users that are allowed to login, use the SMTP server, ; etc. ; ; Note that all user_* settings are valid, and those not available with a kolab_ ; prefix fall back to using the generic user_* equivalent setting. kolab_user_base_dn = ou=People,%(base_dn)s kolab_user_filter = (objectclass=kolabinetorgperson) ; Add additional _user_base_dn, _user_scope and _user_filter. ; Useful for configuring sub-address books, and for the webadmin API when adding ; new users of the example type key 'posix' - the new user will be added in the ; OU configured below. ;posix_user_base_dn = ou=POSIX Accounts,ou=People,%(base_dn)s ;posix_user_scope = one ;posix_user_filter = (&(objectclass=posixaccount)(uidnumber>=1000)) ; The same as for users, but applicable to groups group_base_dn = ou=Groups,%(base_dn)s group_filter = (|(objectclass=groupofuniquenames)(objectclass=groupofurls)) group_scope = sub kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls)) ; Same again sharedfolder_base_dn = ou=Shared Folders,%(base_dn)s sharedfolder_filter = (objectclass=kolabsharedfolder) ; The attribute entry name that controls the ACLs set on a shared folder sharedfolder_acl_entry_attribute = acl ; Same again. Resources live in a different OU structure or; ; ; - They would appear in the address book(s) as distribution lists or individual contacts, ; - Groups or individual users would appear to be Resources. ; resource_base_dn = ou=Resources,%(base_dn)s resource_filter = (|%(group_filter)s(objectclass=kolabsharedfolder)) ; The base DN, scope and filter to use when searching for additional domain ; name spaces in this environment. domain_base_dn = cn=kolab,cn=config domain_filter = (&(associatedDomain=*)) domain_name_attribute = associateddomain ; Attribute that holds the root dn for the domain name space. If this attribute ; does not exist, a standard root dn is formed from the primary domain name ; space (the value in the RDN), as follows: ; ; 'dc=' + ',dc='.join(domainname.split('.')) ; ; or, in example: ; ; domain: example.org ; root dn: dc=example,dc=org domain_rootdn_attribute = inetdomainbasedn ; The attribute that holds the quota. quota_attribute = mailquota ; The format of the modifytimestamp attribute values modifytimestamp_format = %Y%m%d%H%M%SZ ; A unique attribute that can be used to identify the entry beyond renames and ; moves. Note that 'nsuniqueid' is specific to all Netscape-based directory ; services. ; ; For OpenLDAP, use 'entrydn' - the 'entryUUID' can regrettably not be searched ; with. ; ; For Active Directory, use 'objectsid'. unique_attribute = nsuniqueid ; Attribute names that hold valid, internal recipient addresses. Note the use ; of mail and alias frees up the use of mailAlternateAddress to contain a user's ; external email address. ; ; Syntax is a comma- or comma-space separated list. ; ; The first value is used for the purpose of a single "primary" email address, ; that could be subject to a recipient policy, the second is used for the ; purpose of one or more secondary mail addresses, that could also be subject to ; a recipient policy. mail_attributes = mail, alias ; The attribute that holds the FQDN to the mail server the folder exists on mailserver_attribute = mailhost ; Attributes that hold valid authentication login names. Use 'mail', 'alias' and ; optionally 'uid' (the uid is marked as an auth_attribute automatically), so ; that a user can login with; ; ; - uid (i.e. 'jdoe'), ; - mail, fully qualified and localpart only (i.e. "john.doe" and ; "john.doe@example.org"), ; - alias, fully qualified and localpart only (i.e. "j.doe" and ; "j.doe@example.org). auth_attributes = mail, alias, uid ; Virtual List View control, and Server-Side Sorting control configuration. ; ; Configure these to allow the Web Administration Panel (API) to not have to ; search a non-database cn=config for the VLV configuration. ; ;vlv = [ ; { ; 'ou=People,dc=example,dc=org': { ; 'scope': 'sub', ; 'filter': '(objectclass=inetorgperson)', ; 'sort' : [ ; [ ; 'displayname', ; 'sn', ; 'givenname', ; 'cn' ; ] ; ] ; } ; }, ; { ; 'ou=Groups,dc=example,dc=org': { ; 'scope': 'sub', ; 'filter': '(objectclass=groupofuniquenames)', ; 'sort' : [ ; [ ; 'cn' ; ] ; ] ; } ; }, ; ] [kolab_smtp_access_policy] cache_uri = mysql://user:pass@localhost/database cache_retention = 86400 ; To allow users to also send using email addresses in domain name spaces not ; in their own parent and/or alias domains, add 'mailalternateaddress' to this ; list. address_search_attrs = mail, alias ; Prepend the Sender: and/or X-Sender header(s) if the user authenticated is a ; designated delegatee of the envelope sender address? delegate_sender_header = True ; Prepend the Sender: and/or X-Sender header(s) if the user authenticated ; is using an envelope sender address that is a secondary recipient email ; address (attached to the object entry) of the user authenticated? alias_sender_header = True ; Prepend the Sender: header? Only relevant if delegate_sender_header or ; alias_sender_header is set to True. sender_header = True ; Prepend the X-Sender: header? Only relevant if delegate_sender_header or ; alias_sender_header is set to True. xsender_header = True ; "Encrypt" -- read, "obscure" -- the contents of the 'Sender:' and/or ; 'X-Sender:' header(s). Note that this invalidates client's use of the header ; value, and therefore replaces both headers with 'X-Authenticated-As'. ; ; Example: 'vanmeeuwen@kolabsys.com' becomes '6crb3dHK6ODS3qzQ4tXO0t_e5pfQ39k=' ; ; sender_header_enc_key = 'simple' ; Allow hosts in these networks to submit messages with empty envelope senders, ; such as web-clients responding to MDN requests. empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24 ; Section for Hosted client interface settings. This is not enabled by default. ;[kolab_hosting] ; ;; Set the default domain name space for the list of domain name spaces (if more ;; than one) that new users that register are allowed to select. ;primary_domain = somedomain.tld ; ;; The following bind credentials should be allowed to search ;; "ldap/domain_base_dn" (i.e. cn=kolab,cn=config), but should not be allowed to ;; read any domain name space LDAP entry that users are not eligible to select. ;; ;; Note that the bind credentials usually live in the upper ;; "kolab/primary_domain". ;bind_dn = uid=hosted-service,ou=Special Users,dc=kolab,dc=net ;bind_pw = bla ;recaptcha_private_key = bla ;recaptcha_public_key = bla [kolab_wap] skin = default sql_uri = mysql://user:pass@localhost/database ; Use the following setting to indicate the API is installed on a different ; system, or in a non-standard location. ;api_url = http://localhost/kolab-webadmin/api ; Configure SSL should you want to have the web admin panel (client interface) ; use the API over HTTPS. ; ; By default, httpd and coconspirators are setup to use self-signed certificates, ; so the following two settings are set to false by default. ssl_verify_peer = false ssl_verify_host = false ;ssl_cafile = /path/to/ca/file ;ssl_capath = /path/to/ca/dir ;ssl_local_cert = /path/to/local/cert ;ssl_passphrase = MyPassword [cyrus-imap] ; The URI to use to connect to IMAP. Note that pykolab itself can detect whether ; or not Cyrus IMAP is deployed in a Murder topology, and should be able to ; connect to individual backends as well. uri = imaps://localhost:993 ; The login username to use for global administration. admin_login = cyrus-admin ; The corresponding password. admin_password = Welcome123 [cyrus-sasl] ; The user canonification result attribute. result_attribute = mail [wallace] modules = resources, invitationpolicy, footer footer_text = /etc/kolab/footer.text footer_html = /etc/kolab/footer.html ; default settings for kolabInvitationPolicy LDAP attribute on user records kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL ; automatically update the participant status from iTip REPLY messages ; in the personal calendars of all other listed participants. invitationpolicy_autoupdate_other_attendees_on_reply = false ; number of days past their end resource calendar events should be kept resource_calendar_expire_days = 100 ; This is a domain name space specific section, that enables us to override ; all settings, for example, the LDAP URI, base and bind DNs, scopes, filters, ; etc. Note that overriding the LDAP settings for the primary domain name space ; does not make any sense. [example.org] default_quota = 1048576 primary_mail = %(givenname)s.%(surname)s@%(domain)s