summaryrefslogtreecommitdiff
path: root/plugins/kolab_auth/config.inc.php.dist
blob: b353d61afeb2078fd0aec2fad3cb18422082cf47 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php

// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])
// or complete addressbook definition array.
// --------------------------------------------------------------------
// Note: Multi-domain (hosted) installations can resolve domain aliases
//   by adding following settings in kolab_auth_addressbook spec.:
//
//   'domain_base_dn'   => 'cn=kolab,cn=config',
//   'domain_filter'    => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',
//   'domain_name_attr' => 'associateddomain',
//
//   With this %dc variable in base_dn and groups/base_dn will be
//   replaced with DN string of resolved domain
//---------------------------------------------------------------------
$config['kolab_auth_addressbook'] = '';

// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%fu)(alias=%fu)))';

// Use this fields (from fieldmap configuration) to get authentication ID
$config['kolab_auth_login'] = 'email';

// Use this fields (from fieldmap configuration) for default identity.
// If the value array contains more than one field, first non-empty will be used
// Note: These aren't LDAP attributes, but field names in config
// Note: If there's more than one email address, as many identities will be created
$config['kolab_auth_name']         = array('name', 'cn');
$config['kolab_auth_email']        = array('email');
$config['kolab_auth_organization'] = array('organization');

// Role field (from fieldmap configuration)
$config['kolab_auth_role'] = 'role';

// Template for user names displayed in the UI.
// You can use all attributes from the 'fieldmap' property of the 'kolab_auth_addressbook' configuration
$config['kolab_auth_user_displayname'] = '{name} ({ou})';

// Login and password of the admin user. Enables "Login As" feature.
$config['kolab_auth_admin_login']    = '';
$config['kolab_auth_admin_password'] = '';

// Enable audit logging for abuse of administrative privileges.
$config['kolab_auth_auditlog'] = false;

// As set of rules to define the required rights on the target entry
// which allow an admin user to login as another user (the target).
// The effective rights value refers to either entry level attribute level rights:
//  * entry:[read|add|delete]
//  * attrib:<attribute-name>:[read|write|delete]
$config['kolab_auth_admin_rights'] = array(
    // Roundcube task => required effective right
    'settings'        => 'entry:read',
    'mail'            => 'entry:delete',
    'addressbook'     => 'entry:delete',
);

// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin
// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.
//
// Note that this does NOT mean the 'acl' plugin is disabled for other people.
$config['kolab_auth_role_plugins'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'acl',
            ),
    );

// Settings on a role-by-role basis. In this example, the 'htmleditor' setting
// is enabled(1) for people with a 'cn=professional-user,dc=mykolab,dc=ch' role,
// and it cannot be overridden. Sample use-case: disable htmleditor for normal people,
// do not allow the setting to be controlled through the preferences, enable the
// html editor for professional users and allow them to override the setting in
// the preferences.
$config['kolab_auth_role_settings'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'htmleditor' => Array(
                        'mode' => 'override',
                        'value' => 1,
                        'allow_override' => true
                    ),
            ),
    );

// List of LDAP addressbooks (keys of ldap_public configuration array)
// for which base_dn variables (%dc, etc.) will be replaced according to authenticated user DN
// Note: special name '*' for all LDAP addressbooks
$config['kolab_auth_ldap_addressbooks'] = array('*');

?>