roundcubemail-plugins-kolab/plugins/kolab_auth/config.inc.php.dist

<?php

// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])
// or complete addressbook definition array.
// --------------------------------------------------------------------
// Note: Multi-domain (hosted) installations can resolve domain aliases
//   by adding following settings in kolab_auth_addressbook spec.:
//
//   'domain_base_dn'   => 'cn=kolab,cn=config',
//   'domain_filter'    => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',
//   'domain_name_attr' => 'associateddomain',
//
//   With this %dc variable in base_dn and groups/base_dn will be
//   replaced with DN string of resolved domain
//---------------------------------------------------------------------
$config['kolab_auth_addressbook'] = '';

// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%fu)(alias=%fu)))';

// Use this field (from fieldmap configuration) to get authentication ID. Don't use an array here!
$config['kolab_auth_login'] = 'email';

// Use these fields (from fieldmap configuration) for default identity.
// If the value array contains more than one field, first non-empty will be used
// Note: These aren't LDAP attributes, but field names in config
// Note: If there's more than one email address, as many identities will be created
$config['kolab_auth_name']         = array('name', 'cn');
$config['kolab_auth_email']        = array('email');
$config['kolab_auth_organization'] = array('organization');

// Role field (from fieldmap configuration)
$config['kolab_auth_role'] = 'role';

// Template for user names displayed in the UI.
// You can use all attributes from the 'fieldmap' property of the 'kolab_auth_addressbook' configuration
$config['kolab_auth_user_displayname'] = '{name} ({ou})';

// Login and password of the admin user. Enables "Login As" feature.
$config['kolab_auth_admin_login']    = '';
$config['kolab_auth_admin_password'] = '';

// Enable audit logging for abuse of administrative privileges.
$config['kolab_auth_auditlog'] = false;

// As set of rules to define the required rights on the target entry
// which allow an admin user to login as another user (the target).
// The effective rights value refers to either entry level attribute level rights:
//  * entry:[read|add|delete]
//  * attrib:<attribute-name>:[read|write|delete]
$config['kolab_auth_admin_rights'] = array(
    // Roundcube task => required effective right
    'settings'        => 'entry:read',
    'mail'            => 'entry:delete',
    'addressbook'     => 'entry:delete',
    // or use a wildcard entry like this:
    '*'               => 'entry:read',
);

// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin
// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.
//
// Note that this does NOT mean the 'acl' plugin is disabled for other people.
$config['kolab_auth_role_plugins'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'acl',
            ),
    );

// Settings on a role-by-role basis. In this example, the 'htmleditor' setting
// is enabled(1) for people with a 'cn=professional-user,dc=mykolab,dc=ch' role,
// and it cannot be overridden. Sample use-case: disable htmleditor for normal people,
// do not allow the setting to be controlled through the preferences, enable the
// html editor for professional users and allow them to override the setting in
// the preferences.
$config['kolab_auth_role_settings'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'htmleditor' => Array(
                        'mode' => 'override',
                        'value' => 1,
                        'allow_override' => true
                    ),
            ),
    );

// List of LDAP addressbooks (keys of ldap_public configuration array)
// for which base_dn variables (%dc, etc.) will be replaced according to authenticated user DN
// Note: special name '*' for all LDAP addressbooks
$config['kolab_auth_ldap_addressbooks'] = array('*');

// Enables storing/updating session tokens for free-busy token authentication
// See httpauth.allow_token option in Free-Busy service config.
// The option can be set to a number of seconds after which the token-session
// expires or to true (to get the configured Roundcube session time)
$config['freebusy_session_auth'] = null;

?>
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00			`<?php`

			`// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])`
			`// or complete addressbook definition array.`
Implemented auth domain resolving (#1926) 2013-06-25 17:43:58 +02:00			`// --------------------------------------------------------------------`
			`// Note: Multi-domain (hosted) installations can resolve domain aliases`
			`// by adding following settings in kolab_auth_addressbook spec.:`
			`//`
			`// 'domain_base_dn' => 'cn=kolab,cn=config',`
			`// 'domain_filter' => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',`
			`// 'domain_name_attr' => 'associateddomain',`
			`//`
			`// With this %dc variable in base_dn and groups/base_dn will be`
			`// replaced with DN string of resolved domain`
			`//---------------------------------------------------------------------`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_addressbook'] = '';`
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00
			`// This will overwrite defined filter`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_filter'] = '(&(objectClass=kolabInetOrgPerson)(\|(uid=%u)(mail=%fu)(alias=%fu)))';`
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00
Make 'kolab_auth_login' description more clear (#4113) 2014-12-16 14:15:17 +01:00			`// Use this field (from fieldmap configuration) to get authentication ID. Don't use an array here!`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_login'] = 'email';`
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00
Make 'kolab_auth_login' description more clear (#4113) 2014-12-16 14:15:17 +01:00			`// Use these fields (from fieldmap configuration) for default identity.`
Support array of fields in kolab_auth_name/kolab_auth_email config, use first non-empty value (#1012). Fix lost kolab_auth_email handling. 2012-10-08 10:15:32 +02:00			`// If the value array contains more than one field, first non-empty will be used`
Create identity for each email address of a new user 2012-10-08 11:32:49 +02:00			`// Note: These aren't LDAP attributes, but field names in config`
			`// Note: If there's more than one email address, as many identities will be created`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_name'] = array('name', 'cn');`
			`$config['kolab_auth_email'] = array('email');`
			`$config['kolab_auth_organization'] = array('organization');`
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00
Check effective rights for the login-as feature to improve the delegation model and allow controlling the administration privileges in LDAP (#1834). This deprecates the config options 'kolab_auth_group', 'kolab_auth_role_value' and 'kolab_auth_allowed_tasks'. Admin privileges (per Roundcube task) and the required effective rights are now defined in 'kolab_auth_admin_rights'. 2014-10-11 03:14:45 +02:00			`// Role field (from fieldmap configuration)`
			`$config['kolab_auth_role'] = 'role';`

Allow to configure the name (inlcude OU) displayed for virtual user folders (#3384) 2014-08-18 13:34:10 +02:00			`// Template for user names displayed in the UI.`
			`// You can use all attributes from the 'fieldmap' property of the 'kolab_auth_addressbook' configuration`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_user_displayname'] = '{name} ({ou})';`
Allow to configure the name (inlcude OU) displayed for virtual user folders (#3384) 2014-08-18 13:34:10 +02:00
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00			`// Login and password of the admin user. Enables "Login As" feature.`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_admin_login'] = '';`
			`$config['kolab_auth_admin_password'] = '';`
- kolab_auth initial commit 2011-09-20 10:56:08 +02:00
Enhance kolab_auth plugin with the ability to perform audit logging. Setting $rcmail_config['kolab_auth_auditlog'] increases all logging verbosity to the maximum, and logs the information on the session to a user + loginas specific directory if capable. 2011-09-20 12:40:24 +01:00			`// Enable audit logging for abuse of administrative privileges.`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_auditlog'] = false;`
Enhance kolab_auth plugin with the ability to perform audit logging. Setting $rcmail_config['kolab_auth_auditlog'] increases all logging verbosity to the maximum, and logs the information on the session to a user + loginas specific directory if capable. 2011-09-20 12:40:24 +01:00
Check effective rights for the login-as feature to improve the delegation model and allow controlling the administration privileges in LDAP (#1834). This deprecates the config options 'kolab_auth_group', 'kolab_auth_role_value' and 'kolab_auth_allowed_tasks'. Admin privileges (per Roundcube task) and the required effective rights are now defined in 'kolab_auth_admin_rights'. 2014-10-11 03:14:45 +02:00			`// As set of rules to define the required rights on the target entry`
			`// which allow an admin user to login as another user (the target).`
			`// The effective rights value refers to either entry level attribute level rights:`
			`// * entry:[read\|add\|delete]`
			`// * attrib:<attribute-name>:[read\|write\|delete]`
			`$config['kolab_auth_admin_rights'] = array(`
			`// Roundcube task => required effective right`
			`'settings' => 'entry:read',`
			`'mail' => 'entry:delete',`
			`'addressbook' => 'entry:delete',`
Support wildcard option to allow full access 2014-10-11 03:28:17 +02:00			`// or use a wildcard entry like this:`
			`'*' => 'entry:read',`
Check effective rights for the login-as feature to improve the delegation model and allow controlling the administration privileges in LDAP (#1834). This deprecates the config options 'kolab_auth_group', 'kolab_auth_role_value' and 'kolab_auth_allowed_tasks'. Admin privileges (per Roundcube task) and the required effective rights are now defined in 'kolab_auth_admin_rights'. 2014-10-11 03:14:45 +02:00			`);`
Add option to define list of tasks to which an admin has access (#3444) E.g. allow admins (using "Login as" feature) to see only user settings. 2014-08-25 14:27:23 -04:00
Add kolab_auth capability to use nsroledn attribute values attached to a user's entry (roles for users) to imply loading/setting configuration settings and loading additional plugins 2011-12-04 14:11:07 +00:00			`// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin`
			`// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.`
			`//`
			`// Note that this does NOT mean the 'acl' plugin is disabled for other people.`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_role_plugins'] = Array(`
Add kolab_auth capability to use nsroledn attribute values attached to a user's entry (roles for users) to imply loading/setting configuration settings and loading additional plugins 2011-12-04 14:11:07 +00:00			`'cn=professional-user,dc=mykolab,dc=ch' => Array(`
			`'acl',`
			`),`
			`);`

			`// Settings on a role-by-role basis. In this example, the 'htmleditor' setting`
			`// is enabled(1) for people with a 'cn=professional-user,dc=mykolab,dc=ch' role,`
			`// and it cannot be overridden. Sample use-case: disable htmleditor for normal people,`
			`// do not allow the setting to be controlled through the preferences, enable the`
			`// html editor for professional users and allow them to override the setting in`
			`// the preferences.`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_role_settings'] = Array(`
Add kolab_auth capability to use nsroledn attribute values attached to a user's entry (roles for users) to imply loading/setting configuration settings and loading additional plugins 2011-12-04 14:11:07 +00:00			`'cn=professional-user,dc=mykolab,dc=ch' => Array(`
			`'htmleditor' => Array(`
			`'mode' => 'override',`
			`'value' => 1,`
			`'allow_override' => true`
			`),`
			`),`
			`);`

Support multi-domain configuration of LDAP addressbooks (Bug #2292) 2013-10-04 11:54:49 +02:00			`// List of LDAP addressbooks (keys of ldap_public configuration array)`
			`// for which base_dn variables (%dc, etc.) will be replaced according to authenticated user DN`
			`// Note: special name '*' for all LDAP addressbooks`
$rcmail_config -> $config 2014-08-25 09:07:31 +02:00			`$config['kolab_auth_ldap_addressbooks'] = array('*');`
Add kolab_auth capability to use nsroledn attribute values attached to a user's entry (roles for users) to imply loading/setting configuration settings and loading additional plugins 2011-12-04 14:11:07 +00:00
Safe Unauthenticated Free/Busy for Roaming Users (Bifrost#T36327) 2017-08-01 12:48:50 +02:00			`// Enables storing/updating session tokens for free-busy token authentication`
			`// See httpauth.allow_token option in Free-Busy service config.`
			`// The option can be set to a number of seconds after which the token-session`
			`// expires or to true (to get the configured Roundcube session time)`
			`$config['freebusy_session_auth'] = null;`

- kolab_auth initial commit 2011-09-20 10:56:08 +02:00			`?>`