source: npl/mailserver/kopano_conf/root/etc/kopano/ldap.cfg @ ab298e7

##############################################################
#  LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS
#
# Any of these directives that are required, are only required if the
# userplugin parameter is set to ldap.

# LDAP host name/IP address
# Optional, default = localhost
#ldap_host = ldap-master

# LDAP port
# Optional, default = 389
# Use 636 for ldaps
#ldap_port = 389

# LDAP protocol
# Optional, default = ldap
# use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is
# configured correctly with TLS_CACERT
#ldap_protocol = ldap

ldap_uri = ldap://ldap-master:389 ldap://ldap-slave:389


# The charset that strings are stored in on the LDAP server. Normally this
# is utf-8, but this can differ according to your setup. The charset specified
# here must be supported by your iconv(1) setup. See iconv -l for all charset
ldap_server_charset = utf-8

# The DN of the user to bind as for normal operations (not used for
# authentication if ldap_authentication_method is set to "bind"
# Optional, default = empty (anonymous bind)
# The userPassword attribute must be readable for this user if the
# ldap_authentication_method option is set to password.
#ldap_bind_user = cn=admin,cn=users,dc=zarafa,dc=com
ldap_bind_user =

# LDAP bind password
# Optional, default = empty (no password)
ldap_bind_passwd = 

# The timeout for network operations in seconds
ldap_network_timeout = 30

# When an object (user/group/company) is changed, this attribute will also change:
# Active directory: uSNChanged
# LDAP: modifyTimestamp
ldap_last_modification_attribute = modifyTimestamp

##########
# Object settings

# Top level search base, every object should be available under this tree
ldap_search_base = dc=syn-3

# attribute name which is used in ldap_user_search_filter
ldap_object_type_attribute = objectClass
#(use shadowAccount instead of posixAccount, because samba-computers are also accounts!)
ldap_user_type_attribute_value = shadowAccount  
ldap_group_type_attribute_value = posixGroup
ldap_contact_type_attribute_value = zarafa-contact
ldap_company_type_attribute_value = zarafa-company
ldap_addresslist_type_attribute_value = zarafa-addresslist
ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup


##########
# There should be no need to edit any values below this line
##########

##########
# User settings

# Extra search for users using this LDAP filter.  See ldap_search(3) or RFC
# 2254 for details on the filter syntax.
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa users.
# Optional, default = empty (match everything)
# For active directory, use:
#   (objectCategory=Person)
# For LDAP with posix users:
#   no need to use the search filter.
ldap_user_search_filter = 

# unique user id for find the user
# Required
# For active directory, use:
#    objectGuid ** WARNING: This WAS: objectSid ** Updates *WILL* fail! **
# For LDAP with posixAccount, use:
#    uidNumber
ldap_user_unique_attribute = uidNumber

# Type of unique user id
# default: text
# For active directory, use:
#               binary
# For LDAP with posix user, use:
#               text
ldap_user_unique_attribute_type = text

# Optional, default = cn
# For active directory, use:
#   cn or displayName
# For LDAP with posix user, use:
#   cn
ldap_fullname_attribute = cn

# Optional, default = uid
# Active directory: sAMAccountName
# LDAP: uid
ldap_loginname_attribute = uid

# Optional, default = userPassword
# Active directory: unicodePwd
# LDAP: userPassword
ldap_password_attribute = userPassword

# If set to bind, users are authenticated by trying to bind to the
# LDAP tree using their username + password.  Otherwise, the
# ldap_password_attribute is requested and checked.
# Optional, default = bind
# Choices: bind, password
# Active directory: bind
# LDAP: password
#ldap_authentication_method = password
ldap_authentication_method = bind

# Optional, default = mail
# Active directory: mail
# LDAP: mail
ldap_emailaddress_attribute = mail

# Optional, default = zarafaAliases
# Active directory: zarafaAliases
# LDAP: zarafaAliases
# DatuX: 3-oct-2011: Disabled this because it causes zarafa to 'resolve' the aliases to the primary adres. This causes confusion and doesnt allow mailrules that filters on such adresses. ( also see https://jira.zarafa.com/browse/ZCP-4850. same 'feature' exists for to-adresses)
# DatuX: 2-mar-2020: reenabled to get rid of 'on behalf of' messages.
ldap_emailaliases_attribute = alias

# Whether the user is an admin.  The field is interpreted as a
# boolean, 0 and false (case insensitive) meaning no, all other values
# yes.
# Optional, default = zarafaAdmin
# Active directory: zarafaAdmin
# LDAP: zarafaAdmin
ldap_isadmin_attribute = zarafaAdmin

# Whether a user is a non-active user. This means that the user will
# not count towards your user count, but the user will also not be
# able to log in
# Optional, default = empty
# Active directory: zarafaSharedStoreOnly
# LDAP: zarafaSharedStoreOnly
ldap_nonactive_attribute = zarafaSharedStoreOnly

# A nonactive store, or resource, can be specified to be a user, room or equipment.
# Set it to 'room' or 'equipment' to make such types. If set to empty,
# or wrong word, or 'user' it will be a nonactive user.
# Optional, default = zarafaResourceType
# Active directory: zarafaResourceType
# LDAP: zarafaResourceType
ldap_resource_type_attribute = zarafaResourceType

# Numeric resource capacity
# Optional, default = zarafaResourceCapacity
# Active directory: zarafaResourceCapacity
# LDAP: zarafaResourceCapacity
ldap_resource_capacity_attribute = zarafaResourceCapacity

# Optional
# The attribute which indicates which users are allowed
# to send on bahalf of the selected user
ldap_user_sendas_attribute = zarafaSendAsPrivilege

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_user_sendas_attribute_type = text

# The attribute of the user which is listed in the
# ldap_user_sendas_attribute
# Empty default, using ldap_user_unique_attribute
ldap_user_sendas_relation_attribute = uid

# Optional, default = userCertificate
# Active directory: userCertificate
# LDAP: userCertificate
ldap_user_certificate_attribute = userCertificate

# Load extra user properties from the propmap file
#!propmap /etc/zarafa/ldap.propmap.cfg

##########
# Group settings

# Search for groups using this LDAP filter.  See ldap_search(3) for
# details on the filter syntax.
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa groups.
# Optional, default = empty (match everything)
# For active directory, use:
#   (objectCategory=Group)
# For LDAP with posix groups, use:
#   no need to set the search filter
ldap_group_search_filter = 

# unique group id for find the group
# Required
# For active directory, use:
#    objectSid
# For LDAP with posix group, use:
#    gidNumber
ldap_group_unique_attribute = gidNumber

# Type of unique group id
# default: text
# For active directory, use:
#               binary
# For LDAP with posix group, use:
#               text
ldap_group_unique_attribute_type = text

# Optional, default = cn
# Active directory: cn
# LDAP: cn
ldap_groupname_attribute = cn

# Optional, default = member
# Active directory: member
# LDAP: memberUid
ldap_groupmembers_attribute = memberUid

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_groupmembers_attribute_type = text

# The attribute of the user which is listed in ldap_groupmember_attribute
# Active directory: empty, matching dn's
# LDAP: uidNumber, matching users in ldap_user_unique_attribute
ldap_groupmembers_relation_attribute = uid

# A group can also be used for security, eg. setting permissions on folders.
# This makes a group a security group. The zarafaSecurityGroup value is boolean.
# Optional, default = zarafaSecurityGroup
# Active directory = groupType
# LDAP: zarafaSecurityGroup
ldap_group_security_attribute = zarafaSecurityGroup

# In ADS servers, a special bitmask action is required on the groupType field.
# This is actived by setting the ldap_group_security_attribute_type to `''ads`''
# Otherwise, just the presence of the field will make the group security enabled.
# Optional, default = boolean
# Active directory = ads
# LDAP: boolean
ldap_group_security_attribute_type = boolean

##########
# Company settings

# Search for companies using this LDAP filter.
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa companies.
# Optional, default = empty (match everything)
# For active directory, use:
#   (objectCategory=Company)
# For LDAP with posix users, use:
#   no need to set the filter
ldap_company_search_filter =

# unique company id for find the company
# Active directory: objectGUID
# LDAP: ou
ldap_company_unique_attribute = ou

# Optional, default = text
# Active directory: binary
# LDAP: text
ldap_company_unique_attribute_type = text

# Optional, default = ou
# Active directory: ou
# LDAP: ou
ldap_companyname_attribute = ou

# Optional
# The attribute which indicates which companies are allowed
# to view the members of the selected company
ldap_company_view_attribute = zarafaViewPrivilege

# Optional, default = text
ldap_company_view_attribute_type = text

# The attribute of the company which is listed in the
# ldap_company_view_attribute
# Empty default, using ldap_company_unique_attribute
ldap_company_view_relation_attribute =

# Optional
# The attribute which indicates which users from different companies
# are administrator over the selected company.
ldap_company_admin_attribute = zarafaAdminPrivilege

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_company_admin_attribute_type = text

# The attribute of the company which is listed in the
# ldap_company_admin_attribute
# Empty default, using ldap_user_unique_attribute
ldap_company_admin_relation_attribute = 

# The attribute which indicates which user is the system administrator
# for the specified company.
ldap_company_system_admin_attribute = zarafaSystemAdmin

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_company_system_admin_attribute_type = text

# The attribute of the company which is listed in the
# ldap_company_system_admin attribute
# Empty default, using ldap_user_unique_attribute
ldap_company_system_admin_relation_attribute =


##########
# Addresslist settings

# Add a filter to the addresslist search
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa addresslists.
# Optional, default = empty (match everything)
ldap_addresslist_search_filter = 

# This is the unique attribute of a addresslist which is never going
# to change, unless the addresslist is removed from LDAP. When this
# value changes, Zarafa will remove the previous addresslist from the
# database, and create a new addresslist with this unique value
ldap_addresslist_unique_attribute = cn

# This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
ldap_addresslist_unique_attribute_type = text

# This is the name of the attribute on the addresslist object that
# specifies the filter to be applied for this addresslist. All users
# matching this filter AND matching the default
# ldap_user_search_filter will be included in the addresslist
ldap_addresslist_filter_attribute = zarafaFilter

# This is the name of the attribute on the addresslist object that
# specifies the search base to be applied for this addresslist.
ldap_addresslist_search_base_attribute = zarafaBase

# The attribute containing the name of the addresslist
ldap_addresslist_name_attribute = cn


##########
# Dynamicgroup settings

# Add a filter to the dynamicgroup search
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa dynamic groups.
# Optional, default = empty (match everything)
ldap_dynamicgroup_search_filter = 

# This is the unique attribute of a dynamicgroup which is never going
# to change, unless the dynamicgroup is removed from LDAP. When this
# value changes, Zarafa will remove the previous dynamicgroup from the
# database, and create a new dynamicgroup with this unique value
ldap_dynamicgroup_unique_attribute = cn

# This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
ldap_dynamicgroup_unique_attribute_type = text

# This is the name of the attribute on the dynamicgroup object that
# specifies the filter to be applied for this dynamicgroup. All users
# matching this filter AND matching the default
# ldap_user_search_filter will be included in the dynamicgroup
ldap_dynamicgroup_filter_attribute = zarafaFilter

# This is the name of the attribute on the dynamicgroup object that
# specifies the search base to be applied for this dynamicgroup.
ldap_dynamicgroup_search_base_attribute = zarafaBase

# The attribute containing the name of the dynamicgroup
ldap_dynamicgroup_name_attribute = cn


##########
# Quota settings

# Optional
# The attribute which indicates which users (besides the user who exceeds his quota)
# should also receive a warning mail when a user exceeds his quota.
ldap_quota_userwarning_recipients_attribute = zarafaQuotaUserWarningRecipients

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_quota_userwarning_recipients_attribute_type = text

# Optional, default empty
ldap_quota_userwarning_recipients_relation_attribute =

# Optional
# The attribute which indicates which users should receive a warning mail
# when a company exceeds his quota.
ldap_quota_companywarning_recipients_attribute = zarafaQuotaCompanyWarningRecipients

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_quota_companywarning_recipients_attribute_type = text

# Optional, default empty
ldap_quota_companywarning_recipients_relation_attribute =

# Whether to override the system wide quota settings
ldap_quotaoverride_attribute = zarafaQuotaOverride

ldap_warnquota_attribute = 
ldap_softquota_attribute =
ldap_hardquota_attribute =

# Whether to override the system wide quota settings for all users within the company
ldap_userdefault_quotaoverride_attribute = zarafaUserDefaultQuotaOverride

ldap_userdefault_warnquota_attribute =
ldap_userdefault_softquota_attribute =
ldap_userdefault_hardquota_attribute =

# Mapping from the quota attributes to a number of bytes.  Qmail-LDAP
# schema uses bytes (1), ADS uses kilobytes (1024*1024).
ldap_quota_multiplier = 1

##########
# Misc. settings

# Attribute which indicates if the user should be hidden from addressbook
ldap_addressbook_hide_attribute = zarafaHidden 

# LDAP object search filter. %s in this filter will be replaced with
# the object being searched.
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa objects.
# Default: empty
# ADS recommended: (anr=%s)
# OpenLDAP optional: (|(mail=%s*)(uid=%s*)(cn=*%s*)(fullname=*%s*)(givenname=*%s*)(lastname=*%s*)(sn=*%s*))
ldap_object_search_filter =