summaryrefslogtreecommitdiff
path: root/plugins/kolab_auth/config.inc.php.dist
blob: e7b9d1597c0a93a2624fc9e7ec8284438b6bcaee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php

// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])
// or complete addressbook definition array.
// --------------------------------------------------------------------
// Note: Multi-domain (hosted) installations can resolve domain aliases
//   by adding following settings in kolab_auth_addressbook spec.:
//
//   'domain_base_dn'   => 'cn=kolab,cn=config',
//   'domain_filter'    => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',
//   'domain_name_attr' => 'associateddomain',
//
//   With this %dc variable in base_dn and groups/base_dn will be
//   replaced with DN string of resolved domain
//---------------------------------------------------------------------
$rcmail_config['kolab_auth_addressbook'] = '';

// This will overwrite defined filter
$rcmail_config['kolab_auth_filter'] = '(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%fu)(alias=%fu)))';

// Use this fields (from fieldmap configuration) to get authentication ID
$rcmail_config['kolab_auth_login'] = 'email';

// Use this fields (from fieldmap configuration) for default identity.
// If the value array contains more than one field, first non-empty will be used
// Note: These aren't LDAP attributes, but field names in config
// Note: If there's more than one email address, as many identities will be created
$rcmail_config['kolab_auth_name']         = array('name', 'cn');
$rcmail_config['kolab_auth_email']        = array('email');
$rcmail_config['kolab_auth_organization'] = array('organization');

// Login and password of the admin user. Enables "Login As" feature.
$rcmail_config['kolab_auth_admin_login']    = '';
$rcmail_config['kolab_auth_admin_password'] = '';

// Enable audit logging for abuse of administrative privileges.
$rcmail_config['kolab_auth_auditlog'] = true;

// Role field (from fieldmap configuration)
$rcmail_config['kolab_auth_role'] = 'role';
// The required value for the role attribute to contain should the user be allowed
// to login as another user.
$rcmail_config['kolab_auth_role_value'] = '';

// Administrative group name to which user must be assigned to
// which adds privilege to login as another user.
$rcmail_config['kolab_auth_group'] = '';

// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin
// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.
//
// Note that this does NOT mean the 'acl' plugin is disabled for other people.
$rcmail_config['kolab_auth_role_plugins'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'acl',
            ),
    );

// Settings on a role-by-role basis. In this example, the 'htmleditor' setting
// is enabled(1) for people with a 'cn=professional-user,dc=mykolab,dc=ch' role,
// and it cannot be overridden. Sample use-case: disable htmleditor for normal people,
// do not allow the setting to be controlled through the preferences, enable the
// html editor for professional users and allow them to override the setting in
// the preferences.
$rcmail_config['kolab_auth_role_settings'] = Array(
        'cn=professional-user,dc=mykolab,dc=ch' => Array(
                'htmleditor' => Array(
                        'mode' => 'override',
                        'value' => 1,
                        'allow_override' => true
                    ),
            ),
    );

// List of LDAP addressbooks (keys of ldap_public configuration array)
// for which base_dn variables (%dc, etc.) will be replaced according to authenticated user DN
// Note: special name '*' for all LDAP addressbooks
$rcmail_config['kolab_auth_ldap_addressbooks'] = array('*');

?>