############################################################## # LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS # # Any of these directives that are required, are only required if the # userplugin parameter is set to ldap. # LDAP host name/IP address # Optional, default = localhost ldap_host = localhost # LDAP port # Optional, default = 389 # Use 636 for ldaps ldap_port = 389 # LDAP protocol # Optional, default = ldap # use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is # configured correctly with TLS_CACERT ldap_protocol = ldap # The charset that strings are stored in on the LDAP server. Normally this # is utf-8, but this can differ according to your setup. The charset specified # here must be supported by your iconv(1) setup. See iconv -l for all charset ldap_server_charset = utf-8 # The DN of the user to bind as for normal operations (not used for # authentication if ldap_authentication_method is set to "bind" # Optional, default = empty (anonymous bind) # The userPassword attribute must be readable for this user if the # ldap_authentication_method option is set to password. ldap_bind_user = cn=admin,cn=users,dc=kopano,dc=com # LDAP bind password # Optional, default = empty (no password) ldap_bind_passwd = # The timeout for network operations in seconds ldap_network_timeout = 30 # When an object (user/group/company) is changed, this attribute will also change: # Active directory: uSNChanged # LDAP: modifyTimestamp ldap_last_modification_attribute = modifyTimestamp ########## # Object settings # Top level search base, every object should be available under this tree ldap_search_base = dc=kopano,dc=com # attribute name which is/(should: was) used in ldap_user_search_filter ldap_object_type_attribute = objectClass ldap_user_type_attribute_value = posixAccount ldap_group_type_attribute_value = posixGroup ldap_contact_type_attribute_value = kopano-contact ldap_company_type_attribute_value = organizationalUnit ldap_addresslist_type_attribute_value = kopano-addresslist ldap_dynamicgroup_type_attribute_value = kopano-dynamicgroup ldap_server_type_attribute_value = ipHost ########## # There should be no need to edit any values below this line ########## ########## # User settings # Extra search for users using this LDAP filter. See ldap_search(3) or RFC # 2254 for details on the filter syntax. # # Hint: Use the kopanoAccount attribute in the filter to differentiate # # Note: This filter should include contacts. # # between non-kopano and kopano users. # Optional, default = empty (match everything) # For active directory, use: # (objectCategory=Person) # For LDAP with posix users: # no need to use the search filter. ldap_user_search_filter = # unique user id for find the user # Required # For active directory, use: # objectGuid ** WARNING: This WAS: objectSid ** Updates *WILL* fail! ** # For LDAP with posixAccount, use: # uidNumber ldap_user_unique_attribute = uidNumber # Type of unique user id # default: text # For active directory, use: # binary # For LDAP with posix user, use: # text ldap_user_unique_attribute_type = text # Optional, default = cn # For active directory, use: # cn or displayName # For LDAP with posix user, use: # cn ldap_fullname_attribute = cn # Optional, default = uid # Active directory: sAMAccountName # LDAP: uid ldap_loginname_attribute = uid # Optional, default = userPassword # Active directory: unicodePwd # LDAP: userPassword ldap_password_attribute = userPassword # If set to bind, users are authenticated by trying to bind to the # LDAP tree using their username + password. Otherwise, the # ldap_password_attribute is requested and checked. # Optional, default = bind # Choices: bind, password # Active directory: bind # LDAP: password ldap_authentication_method = password # Optional, default = mail # Active directory: mail # LDAP: mail ldap_emailaddress_attribute = mail # Optional, default = kopanoAliases # Active directory: kopanoAliases # LDAP: kopanoAliases ldap_emailaliases_attribute = kopanoAliases # Whether the user is an admin. The field is interpreted as a # boolean, 0 and false (case insensitive) meaning no, all other values # yes. # Optional, default = kopanoAdmin # Active directory: kopanoAdmin # LDAP: kopanoAdmin ldap_isadmin_attribute = kopanoAdmin # Whether a user is a non-active user. This means that the user will # not count towards your user count, but the user will also not be # able to log in # Optional, default = empty # Active directory: kopanoSharedStoreOnly # LDAP: kopanoSharedStoreOnly ldap_nonactive_attribute = # A nonactive store, or resource, can be specified to be a user, room or equipment. # Set it to 'room' or 'equipment' to make such types. If set to empty, # or wrong word, or 'user' it will be a nonactive user. # Optional, default = kopanoResourceType # Active directory: kopanoResourceType # LDAP: kopanoResourceType ldap_resource_type_attribute = kopanoResourceType # Numeric resource capacity # Optional, default = kopanoResourceCapacity # Active directory: kopanoResourceCapacity # LDAP: kopanoResourceCapacity ldap_resource_capacity_attribute = kopanoResourceCapacity # Optional # The attribute which indicates which users are allowed # to send on bahalf of the selected user ldap_user_sendas_attribute = kopanoSendAsPrivilege # Optional, default = text # Active directory: dn # LDAP: text ldap_user_sendas_attribute_type = text # The attribute of the user which is listed in the # ldap_user_sendas_attribute # Empty default, using ldap_user_unique_attribute ldap_user_sendas_relation_attribute = # Optional, default = userCertificate # Active directory: userCertificate # LDAP: userCertificate ldap_user_certificate_attribute = userCertificate # Load extra user properties from the propmap file !propmap /etc/kopano/ldap.propmap.cfg ########## # Group settings # Search for groups using this LDAP filter. See ldap_search(3) for # details on the filter syntax. # Hint: Use the kopanoAccount attribute in the filter to differentiate # between non-kopano and kopano groups. # Optional, default = empty (match everything) # For active directory, use: # (objectCategory=Group) # For LDAP with posix groups, use: # no need to set the search filter ldap_group_search_filter = # unique group id for find the group # Required # For active directory, use: # objectSid # For LDAP with posix group, use: # gidNumber ldap_group_unique_attribute = gidNumber # Type of unique group id # default: text # For active directory, use: # binary # For LDAP with posix group, use: # text ldap_group_unique_attribute_type = text # Optional, default = cn # Active directory: cn # LDAP: cn ldap_groupname_attribute = cn # Optional, default = member # Active directory: member # LDAP: memberUid ldap_groupmembers_attribute = memberUid # Optional, default = text # Active directory: dn # LDAP: text ldap_groupmembers_attribute_type = text # The attribute of the user which is listed in ldap_groupmember_attribute # Active directory: empty, matching dn's # LDAP: uidNumber, matching users in ldap_user_unique_attribute ldap_groupmembers_relation_attribute = uidNumber # A group can also be used for security, eg. setting permissions on folders. # This makes a group a security group. The kopanoSecurityGroup value is boolean. # Optional, default = kopanoSecurityGroup # Active directory = groupType # LDAP: kopanoSecurityGroup ldap_group_security_attribute = kopanoSecurityGroup # In ADS servers, a special bitmask action is required on the groupType field. # This is actived by setting the ldap_group_security_attribute_type to `''ads`'' # Otherwise, just the presence of the field will make the group security enabled. # Optional, default = boolean # Active directory = ads # LDAP: boolean ldap_group_security_attribute_type = boolean ########## # Company settings # Search for companies using this LDAP filter. # Hint: Use the kopanoAccount attribute in the filter to differentiate # between non-kopano and kopano companies. # Optional, default = empty (match everything) # For active directory, use: # (objectCategory=Company) # For LDAP with posix users, use: # no need to set the filter ldap_company_search_filter = # unique company id for find the company # Active directory: objectGUID # LDAP: ou ldap_company_unique_attribute = ou # Optional, default = text # Active directory: binary # LDAP: text ldap_company_unique_attribute_type = text # Optional, default = ou # Active directory: ou # LDAP: ou ldap_companyname_attribute = ou # Optional # The attribute which indicates which companies are allowed # to view the members of the selected company ldap_company_view_attribute = kopanoViewPrivilege # Optional, default = text ldap_company_view_attribute_type = text # The attribute of the company which is listed in the # ldap_company_view_attribute # Empty default, using ldap_company_unique_attribute ldap_company_view_relation_attribute = # Optional # The attribute which indicates which users from different companies # are administrator over the selected company. ldap_company_admin_attribute = kopanoAdminPrivilege # Optional, default = text # Active directory: dn # LDAP: text ldap_company_admin_attribute_type = text # The attribute of the company which is listed in the # ldap_company_admin_attribute # Empty default, using ldap_user_unique_attribute ldap_company_admin_relation_attribute = # The attribute which indicates which user is the system administrator # for the specified company. ldap_company_system_admin_attribute = kopanoSystemAdmin # Optional, default = text # Active directory: dn # LDAP: text ldap_company_system_admin_attribute_type = text # The attribute of the company which is listed in the # ldap_company_system_admin attribute # Empty default, using ldap_user_unique_attribute ldap_company_system_admin_relation_attribute = ########## # Addresslist settings # Add a filter to the addresslist search # Hint: Use the kopanoAccount attribute in the filter to differentiate # between non-kopano and kopano addresslists. # Optional, default = empty (match everything) ldap_addresslist_search_filter = # This is the unique attribute of a addresslist which is never going # to change, unless the addresslist is removed from LDAP. When this # value changes, Kopano will remove the previous addresslist from the # database, and create a new addresslist with this unique value ldap_addresslist_unique_attribute = cn # This value can be 'text' or 'binary'. For OpenLDAP, only text is used. ldap_addresslist_unique_attribute_type = text # This is the name of the attribute on the addresslist object that # specifies the filter to be applied for this addresslist. All users # matching this filter AND matching the default # ldap_user_search_filter will be included in the addresslist ldap_addresslist_filter_attribute = kopanoFilter # This is the name of the attribute on the addresslist object that # specifies the search base to be applied for this addresslist. ldap_addresslist_search_base_attribute = kopanoBase # The attribute containing the name of the addresslist ldap_addresslist_name_attribute = cn ########## # Dynamicgroup settings # Add a filter to the dynamicgroup search # Hint: Use the kopanoAccount attribute in the filter to differentiate # between non-kopano and kopano dynamic groups. # Optional, default = empty (match everything) ldap_dynamicgroup_search_filter = # This is the unique attribute of a dynamicgroup which is never going # to change, unless the dynamicgroup is removed from LDAP. When this # value changes, Kopano will remove the previous dynamicgroup from the # database, and create a new dynamicgroup with this unique value ldap_dynamicgroup_unique_attribute = cn # This value can be 'text' or 'binary'. For OpenLDAP, only text is used. ldap_dynamicgroup_unique_attribute_type = text # This is the name of the attribute on the dynamicgroup object that # specifies the filter to be applied for this dynamicgroup. All users # matching this filter AND matching the default # ldap_user_search_filter will be included in the dynamicgroup ldap_dynamicgroup_filter_attribute = kopanoFilter # This is the name of the attribute on the dynamicgroup object that # specifies the search base to be applied for this dynamicgroup. ldap_dynamicgroup_search_base_attribute = kopanoBase # The attribute containing the name of the dynamicgroup ldap_dynamicgroup_name_attribute = cn ########## # Quota settings # Optional # The attribute which indicates which users (besides the user who exceeds his quota) # should also receive a warning mail when a user exceeds his quota. ldap_quota_userwarning_recipients_attribute = kopanoQuotaUserWarningRecipients # Optional, default = text # Active directory: dn # LDAP: text ldap_quota_userwarning_recipients_attribute_type = text # Optional, default empty ldap_quota_userwarning_recipients_relation_attribute = # Optional # The attribute which indicates which users should receive a warning mail # when a company exceeds his quota. ldap_quota_companywarning_recipients_attribute = kopanoQuotaCompanyWarningRecipients # Optional, default = text # Active directory: dn # LDAP: text ldap_quota_companywarning_recipients_attribute_type = text # Optional, default empty ldap_quota_companywarning_recipients_relation_attribute = # Whether to override the system wide quota settings ldap_quotaoverride_attribute = kopanoQuotaOverride ldap_warnquota_attribute = kopanoQuotaWarn ldap_softquota_attribute = kopanoQuotaSoft ldap_hardquota_attribute = kopanoQuotaHard # Whether to override the system wide quota settings for all users within the company ldap_userdefault_quotaoverride_attribute = kopanoUserDefaultQuotaOverride ldap_userdefault_warnquota_attribute = kopanoUserDefaultQuotaWarn ldap_userdefault_softquota_attribute = kopanoUserDefaultQuotaSoft ldap_userdefault_hardquota_attribute = kopanoUserDefaultQuotaHard # Mapping from the quota attributes to a number of bytes. Qmail-LDAP # schema uses bytes (1), ADS uses kilobytes (1024*1024). ldap_quota_multiplier = 1 ########## # Misc. settings # Attribute which indicates if the user should be hidden from addressbook ldap_addressbook_hide_attribute = kopanoHidden # LDAP object search filter. %s in this filter will be replaced with # the object being searched. # Hint: Use the kopanoAccount attribute in the filter to differentiate # between non-kopano and kopano objects. # Default: empty # ADS recommended: (anr=%s) # OpenLDAP optional: (|(mail=%s*)(uid=%s*)(cn=*%s*)(fullname=*%s*)(givenname=*%s*)(lastname=*%s*)(sn=*%s*)) ldap_object_search_filter = ########## # Multi-server settings # Optional, default kopanoUserServer ldap_user_server_attribute = kopanoUserServer # Optional, default kopanoCompanyServer ldap_company_server_attribute = kopanoCompanyServer # Optional, default empty # Active directory: ipHostNumber # LDAP: ipHostNumber ldap_server_address_attribute = ipHostNumber # Optional, default = kopanoHttpPort # Active directory: kopanoHttpPort # LDAP: kopanoHttpPort ldap_server_http_port_attribute = kopanoHttpPort # Optional, default = kopanoSslPort # Active directory: kopanoSslPort # LDAP: kopanoSslPort ldap_server_ssl_port_attribute = kopanoSslPort # Optional, default = kopanoFilePath # Active directory: kopanoFilePath #LDAP: kopanoFilePath ldap_server_file_path_attribute = kopanoFilePath # Determines if a server contains the public store of a non-hosted # environment. Only one server is allowed to host the public store. # Optional, default = kopanoContainsPublic # Active directory: kopanoContainsPublic # LDAP: kopanoContainsPublic ldap_server_contains_public_attribute = kopanoContainsPublic # Search for servers using this LDAP filter. See ldap_search(3) or RFC # 2254 for details on the filter syntax. # Optional, default = empty (match everything) # For active directory, use: # (objectCategory=Computer) # For LDAP with posix users, use: # ldap_server_search_filter = # Unique user id to find the server # Required # For active directory, use: # CN # For LDAP with posixAccount, use: # cn ldap_server_unique_attribute = cn