############################################################### LDAP/ACTIVE D

1. ##############################################################
2. # LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS
3. #
4. # Any of these directives that are required, are only required if the
5. # userplugin parameter is set to ldap.
6.  
7. # LDAP host name/IP address
8. # Optional, default = localhost
9. ldap_host = localhost
10.  
11. # LDAP port
12. # Optional, default = 389
13. # Use 636 for ldaps
14. ldap_port = 389
15.  
16. # LDAP protocol
17. # Optional, default = ldap
18. # use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is
19. # configured correctly with TLS_CACERT
20. ldap_protocol = ldap
21.  
22. # LDAP URI
23. # Optional, override ldap_host, ldap_port and ldap_protocol if set
24. # e.g. ldaps://servername:port. You may also specify multiple space-separated
25. # URI's
26. ldap_uri =
27.  
28. # The charset that strings are stored in on the LDAP server. Normally this
29. # is utf-8, but this can differ according to your setup. The charset specified
30. # here must be supported by your iconv(1) setup. See iconv -l for all charset
31. ldap_server_charset = utf-8
32.  
33. # The DN of the user to bind as for normal operations (not used for
34. # authentication if ldap_authentication_method is set to "bind"
35. # Optional, default = empty (anonymous bind)
36. # The userPassword attribute must be readable for this user if the
37. # ldap_authentication_method option is set to password.
38. ldap_bind_user = cn=admin,dc=mail,dc=example,dc=com
39. #ldap_bind_user = uid=vuser,ou=People,dc=mail,dc=example,dc=com
40.  
41. # LDAP bind password
42. # Optional, default = empty (no password)
43. ldap_bind_passwd = passwd
44.  
45. # The timeout for network operations in seconds
46. ldap_network_timeout = 30
47.  
48. # When an object (user/group/company) is changed, this attribute will also change:
49. # Active directory: uSNChanged
50. # LDAP: modifyTimestamp
51. ldap_last_modification_attribute = modifyTimestamp
52.  
53. # ldap_page_size limits the number of results from a query that will be downloaded at a time.
54. # Default ADS MaxPageSize is 1000.
55. ldap_page_size = 1000
56.  
57. ##########
58. # Object settings
59.  
60. # Top level search base, every object should be available under this tree
61. ldap_search_base = dc=mail,dc=example,dc=com
62.  
63. # attribute name which is/(should: was) used in ldap_user_search_filter
64. ldap_object_type_attribute = objectClass
65. ldap_user_type_attribute_value = posixAccount
66. ldap_group_type_attribute_value = posixGroup
67. ldap_contact_type_attribute_value = zarafa-contact
68. ldap_company_type_attribute_value = organizationalUnit
69. ldap_addresslist_type_attribute_value = zarafa-addresslist
70. ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup
71.  
72.  
73. ##########
74. # There should be no need to edit any values below this line
75. ##########
76.  
77. ##########
78. # User settings
79.  
80. # Extra search for users using this LDAP filter. See ldap_search(3) or RFC
81. # 2254 for details on the filter syntax.
82. #
83. # Hint: Use the zarafaAccount attribute in the filter to differentiate
84. # between non-zarafa and zarafa users.
85. #
86. # Note: This filter should include contacts.
87. #
88. # Optional, default = empty (match everything)
89. # For active directory, use:
90. # (objectCategory=Person)
91. # For LDAP with posix users:
92. # no need to use the search filter.
93. ldap_user_search_filter =
94.  
95. # unique user id for find the user
96. # Required
97. # For active directory, use:
98. # objectGuid ** WARNING: This WAS: objectSid ** Updates *WILL* fail! **
99. # For LDAP with posixAccount, use:
100. # uidNumber
101. # Note: contacts also use this field for uniqueness. If you change this,
102. # you might need to update the zarafa.schema file too, and change
103. # the MUST uidNumber to whatever you set here.dnl
104. ldap_user_unique_attribute = uidNumber
105.  
106. # Type of unique user id
107. # default: text
108. # For active directory, use:
109. # binary
110. # For LDAP with posix user, use:
111. # text
112. ldap_user_unique_attribute_type = text
113.  
114. # Optional, default = cn
115. # For active directory, use:
116. # cn or displayName
117. # For LDAP with posix user, use:
118. # cn
119. ldap_fullname_attribute = cn
120.  
121. # Optional, default = uid
122. # Active directory: sAMAccountName
123. # LDAP: uid
124. ldap_loginname_attribute = uid
125.  
126. # Optional, default = userPassword
127. # Active directory: unicodePwd
128. # LDAP: userPassword
129. ldap_password_attribute = userPassword
130.  
131. # If set to bind, users are authenticated by trying to bind to the
132. # LDAP tree using their username + password. Otherwise, the
133. # ldap_password_attribute is requested and checked.
134. # Optional, default = bind
135. # Choices: bind, password
136. # Active directory: bind
137. # LDAP: bind
138. ldap_authentication_method = bind
139.  
140. # Optional, default = mail
141. # Active directory: mail
142. # LDAP: mail
143. ldap_emailaddress_attribute = mail
144.  
145. # Optional, default = zarafaAliases
146. # Active directory: zarafaAliases
147. # LDAP: zarafaAliases
148. ldap_emailaliases_attribute = zarafaAliases
149.  
150. # Whether the user is an admin. The field is interpreted as a
151. # boolean, 0 and false (case insensitive) meaning no, all other values
152. # yes.
153. # Optional, default = zarafaAdmin
154. # Active directory: zarafaAdmin
155. # LDAP: zarafaAdmin
156. ldap_isadmin_attribute = zarafaAdmin
157.  
158. # Whether a user is a non-active user. This means that the user will
159. # not count towards your user count, but the user will also not be
160. # able to log in
161. # Optional, default = zarafaSharedStoreOnly
162. # Active directory: zarafaSharedStoreOnly
163. # LDAP: zarafaSharedStoreOnly
164. ldap_nonactive_attribute = zarafaSharedStoreOnly
165.  
166. # A nonactive store, or resource, can be specified to be a user, room or equipment.
167. # Set it to 'room' or 'equipment' to make such types. If set to empty,
168. # or wrong word, or 'user' it will be a nonactive user.
169. # Optional, default = zarafaResourceType
170. # Active directory: zarafaResourceType
171. # LDAP: zarafaResourceType
172. ldap_resource_type_attribute = zarafaResourceType
173.  
174. # Numeric resource capacity
175. # Optional, default = zarafaResourceCapacity
176. # Active directory: zarafaResourceCapacity
177. # LDAP: zarafaResourceCapacity
178. ldap_resource_capacity_attribute = zarafaResourceCapacity
179.  
180. # Optional
181. # The attribute which indicates which users are allowed
182. # to send on behalf of the selected user
183. ldap_sendas_attribute = zarafaSendAsPrivilege
184.  
185. # Optional, default = text
186. # Active directory: dn
187. # LDAP: text
188. ldap_sendas_attribute_type = text
189.  
190. # The attribute of the user and group which is listed in
191. # the ldap_sendas_attribute
192. # Empty default, using ldap_user_unique_attribute
193. ldap_sendas_relation_attribute =
194.  
195. # Optional, default = userCertificate
196. # Active directory: userCertificate
197. # LDAP: userCertificate;binary
198. ldap_user_certificate_attribute = userCertificate;binary
199.  
200. # Load extra user properties from the propmap file
201. !propmap /etc/zarafa/ldap.propmap.cfg
202.  
203. ##########
204. # Group settings
205.  
206. # Search for groups using this LDAP filter. See ldap_search(3) for
207. # details on the filter syntax.
208. # Hint: Use the zarafaAccount attribute in the filter to differentiate
209. # between non-zarafa and zarafa groups.
210. # Optional, default = empty (match everything)
211. # For active directory, use:
212. # (objectCategory=Group)
213. # For LDAP with posix groups, use:
214. # no need to set the search filter
215. ldap_group_search_filter =
216.  
217. # unique group id for find the group
218. # Required
219. # For active directory, use:
220. # objectSid
221. # For LDAP with posix group, use:
222. # gidNumber
223. ldap_group_unique_attribute = gidNumber
224.  
225. # Type of unique group id
226. # default: text
227. # For active directory, use:
228. # binary
229. # For LDAP with posix group, use:
230. # text
231. ldap_group_unique_attribute_type = text
232.  
233. # Optional, default = cn
234. # Active directory: cn
235. # LDAP: cn
236. ldap_groupname_attribute = cn
237.  
238. # Optional, default = member
239. # Active directory: member
240. # LDAP: memberUid
241. ldap_groupmembers_attribute = memberUid
242.  
243. # Optional, default = text
244. # Active directory: dn
245. # LDAP: text
246. ldap_groupmembers_attribute_type = text
247.  
248. # The attribute of the user which is listed in ldap_groupmember_attribute
249. # Active directory: empty, matching dn's
250. # LDAP: uid, matching users in ldap_loginname_attribute
251. ldap_groupmembers_relation_attribute = uid
252.  
253. # A group can also be used for security, eg. setting permissions on folders.
254. # This makes a group a security group. The zarafaSecurityGroup value is boolean.
255. # Optional, default = zarafaSecurityGroup
256. # Active directory = groupType
257. # LDAP: zarafaSecurityGroup
258. ldap_group_security_attribute = zarafaSecurityGroup
259.  
260. # In ADS servers, a special bitmask action is required on the groupType field.
261. # This is actived by setting the ldap_group_security_attribute_type to `''ads`''
262. # Otherwise, just the presence of the field will make the group security enabled.
263. # Optional, default = boolean
264. # Active directory = ads
265. # LDAP: boolean
266. ldap_group_security_attribute_type = boolean
267.  
268. ##########
269. # Company settings
270.  
271. # Search for companies using this LDAP filter.
272. # Hint: Use the zarafaAccount attribute in the filter to differentiate
273. # between non-zarafa and zarafa companies.
274. # Optional, default = empty (match everything)
275. # For active directory, use:
276. # (objectCategory=Company)
277. # For LDAP with posix users, use:
278. # no need to set the filter
279. ldap_company_search_filter =
280.  
281. # unique company id for find the company
282. # Active directory: objectGUID
283. # LDAP: ou
284. ldap_company_unique_attribute = ou
285.  
286. # Optional, default = text
287. # Active directory: binary
288. # LDAP: text
289. ldap_company_unique_attribute_type = text
290.  
291. # Optional, default = ou
292. # Active directory: ou
293. # LDAP: ou
294. ldap_companyname_attribute = ou
295.  
296. # Optional
297. # The attribute which indicates which companies are allowed
298. # to view the members of the selected company
299. ldap_company_view_attribute = zarafaViewPrivilege
300.  
301. # Optional, default = text
302. ldap_company_view_attribute_type = text
303.  
304. # The attribute of the company which is listed in the
305. # ldap_company_view_attribute
306. # Empty default, using ldap_company_unique_attribute
307. ldap_company_view_relation_attribute =
308.  
309. # Optional
310. # The attribute which indicates which users from different companies
311. # are administrator over the selected company.
312. ldap_company_admin_attribute = zarafaAdminPrivilege
313.  
314. # Optional, default = text
315. # Active directory: dn
316. # LDAP: text
317. ldap_company_admin_attribute_type = text
318.  
319. # The attribute of the company which is listed in the
320. # ldap_company_admin_attribute
321. # Empty default, using ldap_user_unique_attribute
322. ldap_company_admin_relation_attribute =
323.  
324. # The attribute which indicates which user is the system administrator
325. # for the specified company.
326. ldap_company_system_admin_attribute = zarafaSystemAdmin
327.  
328. # Optional, default = text
329. # Active directory: dn
330. # LDAP: text
331. ldap_company_system_admin_attribute_type = text
332.  
333. # The attribute of the company which is listed in the
334. # ldap_company_system_admin attribute
335. # Empty default, using ldap_user_unique_attribute
336. ldap_company_system_admin_relation_attribute =
337.  
338.  
339. ##########
340. # Addresslist settings
341.  
342. # Add a filter to the addresslist search
343. # Hint: Use the zarafaAccount attribute in the filter to differentiate
344. # between non-zarafa and zarafa addresslists.
345. # Optional, default = empty (match everything)
346. ldap_addresslist_search_filter =
347.  
348. # This is the unique attribute of a addresslist which is never going
349. # to change, unless the addresslist is removed from LDAP. When this
350. # value changes, Zarafa will remove the previous addresslist from the
351. # database, and create a new addresslist with this unique value
352. ldap_addresslist_unique_attribute = cn
353.  
354. # This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
355. ldap_addresslist_unique_attribute_type = text
356.  
357. # This is the name of the attribute on the addresslist object that
358. # specifies the filter to be applied for this addresslist. All users
359. # matching this filter AND matching the default
360. # ldap_user_search_filter will be included in the addresslist
361. ldap_addresslist_filter_attribute = zarafaFilter
362.  
363. # This is the name of the attribute on the addresslist object that
364. # specifies the search base to be applied for this addresslist.
365. ldap_addresslist_search_base_attribute = zarafaBase
366.  
367. # The attribute containing the name of the addresslist
368. ldap_addresslist_name_attribute = cn
369.  
370.  
371. ##########
372. # Dynamicgroup settings
373.  
374. # Add a filter to the dynamicgroup search
375. # Hint: Use the zarafaAccount attribute in the filter to differentiate
376. # between non-zarafa and zarafa dynamic groups.
377. # Optional, default = empty (match everything)
378. ldap_dynamicgroup_search_filter =
379.  
380. # This is the unique attribute of a dynamicgroup which is never going
381. # to change, unless the dynamicgroup is removed from LDAP. When this
382. # value changes, Zarafa will remove the previous dynamicgroup from the
383. # database, and create a new dynamicgroup with this unique value
384. ldap_dynamicgroup_unique_attribute = cn
385.  
386. # This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
387. ldap_dynamicgroup_unique_attribute_type = text
388.  
389. # This is the name of the attribute on the dynamicgroup object that
390. # specifies the filter to be applied for this dynamicgroup. All users
391. # matching this filter AND matching the default
392. # ldap_user_search_filter will be included in the dynamicgroup
393. ldap_dynamicgroup_filter_attribute = zarafaFilter
394.  
395. # This is the name of the attribute on the dynamicgroup object that
396. # specifies the search base to be applied for this dynamicgroup.
397. ldap_dynamicgroup_search_base_attribute = zarafaBase
398.  
399. # The attribute containing the name of the dynamicgroup
400. ldap_dynamicgroup_name_attribute = cn
401.  
402.  
403. ##########
404. # Quota settings
405.  
406. # Optional
407. # The attribute which indicates which users (besides the user who exceeds his quota)
408. # should also receive a warning mail when a user exceeds his quota.
409. ldap_quota_userwarning_recipients_attribute = zarafaQuotaUserWarningRecipients
410.  
411. # Optional, default = text
412. # Active directory: dn
413. # LDAP: text
414. ldap_quota_userwarning_recipients_attribute_type = text
415.  
416. # Optional, default empty
417. ldap_quota_userwarning_recipients_relation_attribute =
418.  
419. # Optional
420. # The attribute which indicates which users should receive a warning mail
421. # when a company exceeds his quota.
422. ldap_quota_companywarning_recipients_attribute = zarafaQuotaCompanyWarningRecipients
423.  
424. # Optional, default = text
425. # Active directory: dn
426. # LDAP: text
427. ldap_quota_companywarning_recipients_attribute_type = text
428.  
429. # Optional, default empty
430. ldap_quota_companywarning_recipients_relation_attribute =
431.  
432. # Whether to override the system wide quota settings
433. ldap_quotaoverride_attribute = zarafaQuotaOverride
434.  
435. ldap_warnquota_attribute = zarafaQuotaWarn
436. ldap_softquota_attribute = zarafaQuotaSoft
437. ldap_hardquota_attribute = zarafaQuotaHard
438.  
439. # Whether to override the system wide quota settings for all users within the company
440. ldap_userdefault_quotaoverride_attribute = zarafaUserDefaultQuotaOverride
441.  
442. ldap_userdefault_warnquota_attribute = zarafaUserDefaultQuotaWarn
443. ldap_userdefault_softquota_attribute = zarafaUserDefaultQuotaSoft
444. ldap_userdefault_hardquota_attribute = zarafaUserDefaultQuotaHard
445.  
446. # Mapping from the quota attributes to a number of bytes. Qmail-LDAP
447. # schema uses bytes (1), ADS uses kilobytes (1024*1024).
448. ldap_quota_multiplier = 1
449.  
450. ##########
451. # Misc. settings
452.  
453. # Attribute which indicates if the user should be hidden from addressbook
454. ldap_addressbook_hide_attribute = zarafaHidden
455.  
456. # LDAP object search filter. %s in this filter will be replaced with
457. # the object being searched.
458. # Hint: Use the zarafaAccount attribute in the filter to differentiate
459. # between non-zarafa and zarafa objects.
460. # Default: empty
461. # ADS recommended: (anr=%s)
462. # OpenLDAP optional: (|(mail=%s*)(uid=%s*)(cn=*%s*)(fullname=*%s*)(givenname=*%s*)(lastname=*%s*)(sn=*%s*))
463. ldap_object_search_filter =
464.  
465. # If a request want more objects than this value, it will download the
466. # full ldap tree (from the base with the search filter) and discard
467. # wat was not required. This is faster for large requests.
468. # Default: 1000
469. ldap_filter_cutoff_elements = 1000