summaryrefslogtreecommitdiffstats
path: root/conf/kolab.conf
blob: 654c38e5be28bced3228783caefc273682d3bf22 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
[kolab]
; Set this to the primary domain name space served within this Kolab Groupware
; deployment.
primary_domain = example.org

; This is the primary authentication mechanism used, and contains the list of
; domain name spaces for this deployment. Each domain name space may have its
; own auth_mechanism setting.
;
; Valid options currently include only 'ldap'.
auth_mechanism = ldap

; The IMAP backend to use - currently supported values include only
; 'cyrus-imap'.
imap_backend = cyrus-imap

; The default locale for this Kolab Groupware installation
default_locale = en_US

; Synchronization interval - describes the number of seconds to wait in
; between non-persistent synchronization attempts. Relevant only for
; deployments that lack persistent search and syncrepl ldap controls.
sync_interval = 300

; Synchronization interval for domains - describes the number of seconds
; to wait in between polls for new and deleted domain name spaces.
domain_sync_interval = 600

; The policy to use when originally composing the uid attribute value.
; Normally '%(surname)s.lower()', the transliterated value of the 'sn',
; in all lower-case.
;
; Other examples include:
;
; policy_uid = '%(givenname)s'[0:1]%(surname)s.lower()
; policy_uid = %(givenname)s
policy_uid = %(surname)s.lower()

; Primary and secondary recipient address policies. This is called the
; recipient policy as documented in:
;
;   http://docs.kolab.org/administrator-guide/configuring-the-kolab-server.html#recipient-policy
;
; Note this is the global default, and each [$domain] section can have
; their own (as in this default configuration, see [example.org]).
primary_mail = %(surname)s@%(domain)s
secondary_mail = {
        0: {
                "{0}.{1}@{2}": "format('%(givenname)s'[0:1].capitalize(), '%(surname)s', '%(domain)s')"
            },
        1: {
                "{0}@{1}": "format('%(uid)s', '%(domain)s')"
            },
        2: {
                "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')"
        }
    }

; To disable the application of the recipient policy by the daemon ('kolabd' service),
; uncomment the next line.
;daemon_rcpt_policy = False

; A global default for folders to create in addition to the INBOX
; folder.
autocreate_folders = {
        'Archive': {
                'quota': 0,
                'partition': 'archive'
            },
        'Calendar': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "event.default",
                        '/shared/vendor/kolab/folder-type': "event",
                    },
            },
        'Calendar/Personal Calendar': {
                'annotations': {
                        '/shared/vendor/kolab/folder-type': "event",
                    },
            },
        'Configuration': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "configuration.default",
                        '/shared/vendor/kolab/folder-type': "configuration.default",
                    },
            },
        'Contacts': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "contact.default",
                        '/shared/vendor/kolab/folder-type': "contact",
                },
            },
        'Contacts/Personal Contacts': {
                'annotations': {
                        '/shared/vendor/kolab/folder-type': "contact",
                    },
            },
        'Drafts': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "mail.drafts",
                    },
            },
        'Files': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "file.default",
                    },
            },
        'Journal': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "journal.default",
                        '/shared/vendor/kolab/folder-type': "journal",
                    },
            },
        'Notes': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': 'note.default',
                        '/shared/vendor/kolab/folder-type': 'note',
                    },
            },
        'Sent': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "mail.sentitems",
                    },
            },
        'Spam': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "mail.junkemail",
                    },
            },
        'Tasks': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "task.default",
                        '/shared/vendor/kolab/folder-type': "task",
                    },
            },
        'Trash': {
                'annotations': {
                        '/private/vendor/kolab/folder-type': "mail.wastebasket",
                    },
            },
    }

[imap]
virtual_domains = userid

[ldap]
; The URI to LDAP
ldap_uri = ldap://localhost:389

; A list of integers containing supported controls, to increase the efficiency
; of individual short-lived connections with LDAP.
supported_controls = 0,2,3

; The base dn for the deployment. Note that this is the highest level in the
; tree Kolab will ever go. Should your OU structure allow it, you could set this
; to ou=Kolab,ou=Not-So-Private,dc=example,dc=org.
base_dn = dc=example,dc=org

; The (administrative) bind dn and corresponding password.
;
; Feel free to set this to a DN with only read permissions on the tree. These
; credentials are used by the Kolab Daemon only, as it might need to set
; additional attributes in order to apply plugins successfully. Such attributes
; could include the first two values in the 'mail_attributes' list (see further
; down) to complete the 'recipient_policy' (see further down), mail quota,
; the mail server attribute, and others.
bind_dn = cn=Directory Manager
bind_pw = Welcome123

; Bind DN and password used for services. The DN should have read and search
; privileges only, but should be able to read all relevant parts of the tree.
;
; These credentials are used by, among others, Postfix, Wallace, programs that
; need to find the user DN before binding as the user (including the webadmin
; API, Roundcube, Syncroton).
service_bind_dn = uid=kolab-service,ou=Special Users,%(base_dn)s
service_bind_pw = wc18bqshFmifGtN

; The base DN, search scope and filter to use when searching for users of any
; type. User types are of primary purpose to the web admin (API), but the
; generic base DN, scope and filter allow us to configure other services as
; well, including Address Books in Roundcube and for Syncroton, the list of
; users in the web admin (API), etc.
user_base_dn = ou=People,%(base_dn)s
user_scope = sub
user_filter = (objectclass=inetorgperson)

; The base DN, scope and filter to use when searching for users of the 'kolab'
; type. This filter is preferred when searching for Kolab users specifically,
; such as in the synchronisation between LDAP and IMAP. Also, it is
; (preferrably) only Kolab users that are allowed to login, use the SMTP server,
; etc.
;
; Note that all user_* settings are valid, and those not available with a kolab_
; prefix fall back to using the generic user_* equivalent setting.
kolab_user_base_dn = ou=People,%(base_dn)s
kolab_user_filter = (objectclass=kolabinetorgperson)

; Add additional <key>_user_base_dn, <key>_user_scope and <key>_user_filter.
; Useful for configuring sub-address books, and for the webadmin API when adding
; new users of the example type key 'posix' - the new user will be added in the
; OU configured below.
;posix_user_base_dn = ou=POSIX Accounts,ou=People,%(base_dn)s
;posix_user_scope = one
;posix_user_filter = (&(objectclass=posixaccount)(uidnumber>=1000))

; The same as for users, but applicable to groups
group_base_dn = ou=Groups,%(base_dn)s
group_filter = (|(objectclass=groupofuniquenames)(objectclass=groupofurls))
group_scope = sub
kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))

; Same again
sharedfolder_base_dn = ou=Shared Folders,%(base_dn)s
sharedfolder_filter = (objectclass=kolabsharedfolder)

; The attribute entry name that controls the ACLs set on a shared folder
sharedfolder_acl_entry_attribute = acl

; Same again. Resources live in a different OU structure or;
;
; - They would appear in the address book(s) as distribution lists or individual contacts,
; - Groups or individual users would appear to be Resources.
;
resource_base_dn = ou=Resources,%(base_dn)s
resource_filter = (|%(group_filter)s(objectclass=kolabsharedfolder))

; The base DN, scope and filter to use when searching for additional domain
; name spaces in this environment.
domain_base_dn = cn=kolab,cn=config
domain_filter = (&(associatedDomain=*))
domain_name_attribute = associateddomain
; Attribute that holds the root dn for the domain name space. If this attribute
; does not exist, a standard root dn is formed from the primary domain name
; space (the value in the RDN), as follows:
;
;     'dc=' + ',dc='.join(domainname.split('.'))
;
; or, in example:
;
;     domain: example.org
;     root dn: dc=example,dc=org
domain_rootdn_attribute = inetdomainbasedn

; The attribute that holds the quota.
quota_attribute = mailquota

; The format of the modifytimestamp attribute values
modifytimestamp_format = %Y%m%d%H%M%SZ

; A unique attribute that can be used to identify the entry beyond renames and
; moves. Note that 'nsuniqueid' is specific to all Netscape-based directory
; services.
;
; For OpenLDAP, use 'entrydn' - the 'entryUUID' can regrettably not be searched
; with.
;
; For Active Directory, use 'objectsid'.
unique_attribute = nsuniqueid

; Attribute names that hold valid, internal recipient addresses. Note the use
; of mail and alias frees up the use of mailAlternateAddress to contain a user's
; external email address.
;
; Syntax is a comma- or comma-space separated list.
;
; The first value is used for the purpose of a single "primary" email address,
; that could be subject to a recipient policy, the second is used for the
; purpose of one or more secondary mail addresses, that could also be subject to
; a recipient policy.
mail_attributes = mail, alias

; The attribute that holds the FQDN to the mail server the folder exists on
mailserver_attribute = mailhost

; Attributes that hold valid authentication login names. Use 'mail', 'alias' and
; optionally 'uid' (the uid is marked as an auth_attribute automatically), so
; that a user can login with;
;
; - uid (i.e. 'jdoe'),
; - mail, fully qualified and localpart only (i.e. "john.doe" and
;   "john.doe@example.org"),
; - alias, fully qualified and localpart only (i.e. "j.doe" and
;   "j.doe@example.org).
auth_attributes = mail, alias, uid

[kolab_smtp_access_policy]
cache_uri = mysql://user:pass@localhost/database
cache_retention = 86400

; To allow users to also send using email addresses in domain name spaces not
; in their own parent and/or alias domains, add 'mailalternateaddress' to this
; list.
address_search_attrs = mail, alias

; Prepend the Sender: and/or X-Sender header(s) if the user authenticated is a
; designated delegatee of the envelope sender address?
delegate_sender_header = True

; Prepend the Sender: and/or X-Sender header(s) if the user authenticated
; is using an envelope sender address that is a secondary recipient email
; address (attached to the object entry) of the user authenticated?
alias_sender_header = True

; Prepend the Sender: header? Only relevant if delegate_sender_header or
; alias_sender_header is set to True.
sender_header = True

; Prepend the X-Sender: header? Only relevant if delegate_sender_header or
; alias_sender_header is set to True.
xsender_header = True

; "Encrypt" -- read, "obscure" -- the contents of the 'Sender:' and/or
; 'X-Sender:' header(s). Note that this invalidates client's use of the header
; value, and therefore replaces both headers with 'X-Authenticated-As'.
;
; Example: 'vanmeeuwen@kolabsys.com' becomes '6crb3dHK6ODS3qzQ4tXO0t_e5pfQ39k='
;
; sender_header_enc_key = 'simple'

; Allow hosts in these networks to submit messages with empty envelope senders,
; such as web-clients responding to MDN requests.
empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24

; Section for Hosted client interface settings. This is not enabled by default.
;[kolab_hosting]
;
;; Set the default domain name space for the list of domain name spaces (if more
;; than one) that new users that register are allowed to select.
;primary_domain = somedomain.tld
;
;; The following bind credentials should be allowed to search
;; "ldap/domain_base_dn" (i.e. cn=kolab,cn=config), but should not be allowed to
;; read any domain name space LDAP entry that users are not eligible to select.
;;
;; Note that the bind credentials usually live in the upper
;; "kolab/primary_domain".
;bind_dn = uid=hosted-service,ou=Special Users,dc=kolab,dc=net
;bind_pw = bla
;recaptcha_private_key = bla
;recaptcha_public_key = bla

[kolab_wap]
skin = default
sql_uri = mysql://user:pass@localhost/database

; Use the following setting to indicate the API is installed on a different
; system, or in a non-standard location.
;api_url = http://localhost/kolab-webadmin/api

; Configure SSL should you want to have the web admin panel (client interface)
; use the API over HTTPS.
;
; By default, httpd and coconspirators are setup to use self-signed certificates,
; so the following two settings are set to false by default.
ssl_verify_peer = false
ssl_verify_host = false
;ssl_cafile = /path/to/ca/file
;ssl_capath = /path/to/ca/dir
;ssl_local_cert = /path/to/local/cert
;ssl_passphrase = MyPassword

[cyrus-imap]
; The URI to use to connect to IMAP. Note that pykolab itself can detect whether
; or not Cyrus IMAP is deployed in a Murder topology, and should be able to
; connect to individual backends as well.
uri = imaps://localhost:993
; The login username to use for global administration.
admin_login = cyrus-admin
; The corresponding password.
admin_password = Welcome123

[cyrus-sasl]
; The user canonification result attribute.
result_attribute = mail

[wallace]
modules = resources, invitationpolicy, footer
footer_text = /etc/kolab/footer.text
footer_html = /etc/kolab/footer.html

; default settings for kolabInvitationPolicy
kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL

; This is a domain name space specific section, that enables us to override
; all settings, for example, the LDAP URI, base and bind DNs, scopes, filters,
; etc. Note that overriding the LDAP settings for the primary domain name space
; does not make any sense.
[example.org]
default_quota = 1048576
primary_mail = %(givenname)s.%(surname)s@%(domain)s