-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig.inc.php.dist
261 lines (237 loc) · 11.1 KB
/
config.inc.php.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
<?php
// identity_from_directory plugin settings
$config = [];
// Parameters for connecting to and searching in LDAP or Active Directory.
// A full example for Active Directory with the following characteristics:
//
// 1. Connect to Domain Controller "dc01.contoso.com" with LDAPS on Port 636 (hosts).
// You can specify more than one as it is an array. They will be tried one after
// another.
// 2. Use the "roundcube-svc" user located in the OU "service-accounts" to
// bind/connect (bind_dn) with a password (bind_pass).
// 3. Search in all organization units below DC=contoso,DC=com (base_dn, scope).
// 4. Search only for active non-system user accounts (filter).
// 5. Search in the directory object attributes "mail" and "sAMAccountName"
// (search_fields) for the username of the current Roundcube username
// ($this->rc->user->data['username'] will be used by this plugin).
// 6. Define which directory object attributes to use for the Roundcube identity
// values and signature placeholders (fieldmap, the array keys are the names
// of the Roundcube values, the array values are the corresponding directory
// attribute names to grab the data from).
//
// This would result in the following plugin config value:
//
// $config['identity_from_directory_ldap'] = [
// 'hosts' => [ 'ldaps://dc01.contoso.com:636' ],
// 'base_dn' => 'DC=contoso,DC=com',
// 'bind_dn' => 'CN=roundcube-svc,OU=service-accounts,DC=contoso,DC=com',
// 'bind_pass' => 'password-of-service-user-defined-in-bind_dn',
// 'scope' => 'sub', // search mode: sub|base|list
// 'filter' => '(&(sAMAccountType=805306368)(!(servicePrincipalName=*))(!(isCriticalSystemObject=TRUE))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
// 'search_fields' => ['mail', 'sAMAccountName'],
// 'fieldmap' => [
// 'name' => 'displayName',
// 'email' => 'mail',
// 'surname' => 'sn',
// 'firstname' => 'givenName',
// 'jobtitle' => 'title',
// 'department' => 'department',
// 'phone' => 'telephoneNumber',
// 'fax' => 'facsimileTelephoneNumber',
// 'website' => 'wWWHomePage',
// 'company' => 'organization',
// 'username' => 'sAMAccountName',
// ],
// ];
$config['identity_from_directory_ldap'] = [
'hosts' => ['ldaps://dc01.contoso.com:636'],
'base_dn' => 'DC=contoso,DC=com',
'bind_dn' => 'CN=roundcube-svc,OU=service-accounts,DC=contoso,DC=com',
'bind_pass' => 'password-of-service-user-defined-in-bind_dn',
'scope' => 'sub', // available search modes: sub|base|list
'filter' => '(&(sAMAccountType=805306368)(!(servicePrincipalName=*))(!(isCriticalSystemObject=TRUE))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
'search_fields' => ['mail', 'sAMAccountName'],
// fieldmap:
// - key: value name in Roundcube
// - values: corresponding attribute name in your LDAP
//
// You can use the mapped fields keys (e.g. 'foo") as placeholders in
// $config['identity_from_directory_signature_template_plaintext'] and
// $config['identity_from_directory_signature_template_html']). See the
// comment there for details.
'fieldmap' => [
// mandatory RC identity fields
'name' => 'displayName',
'email' => 'mail',
'organization' => 'company',
// additional data
'surname' => 'sn',
'firstname' => 'givenName',
'jobtitle' => 'title',
'department' => 'department',
'phone' => 'telephoneNumber',
'fax' => 'facsimileTelephoneNumber',
'website' => 'wWWHomePage',
'username' => 'sAMAccountName',
],
];
// optional fallback values that will be used if a LDAP attribute defined
// in $config['identity_from_directory_ldap']['fieldmap'] provides no or empty
// data. Just remove or add keys you do (not) need to have a fallback value for.
$config['identity_from_directory_fallback_values'] = [
'organization' => 'ACME Inc.',
'phone' => '+49 123 123 123',
//'fax' => '+49 123 123 999',
'website' => 'https://example.com/',
];
// Regular expression (used with preg_match()) to exclude email alias addresses
// from handling.
//
// An empty string ('') disables the feature (=all of a user's email alias
// addresses defined by the directory data will be handled).
//
// There are environments with unwanted but still needed email aliases. A good
// example is a company re-branding including a domain change, where the
// organization wants that users are not being able to use email addresses with
// the old domain as identity in Roundcube but still needs to be able to receive
// emails addressed to the old domain.
//
// Examples:
// - '/^.+@example\.com$/im'
// Excludes all email addresses ending with "@example.com" (not case
// sensitive).
// - '/^.+@example\.(com|net|org)$/im'
// Excludes all email addresses ending with "@example.com", "@example.net" or
// "@example.org" (case-insensitive)
$config['identity_from_directory_exclude_alias_regex'] = '';
// Switch to control if unmanaged identities should be deleted.
//
// true: Delete all identities without a matching email address in the user's
// directory dataset (= identities not maintained by this plugin). Strongly
// recommended for automatic housekeeping in most environments once everything
// is working as expected.
//
// false: Do not delete unmanaged identities (= identities with no fitting
// email address in the directory record of the user). These identities will
// remain untouched until users delete them themselves or the identity gets
// updated because the email address was added to a user's directory data.
//
// It makes sense to start testing with false to prevent unwanted deletions on
// running systems until you are sure that all identities should be defined by
// the user's directory data.
//
// You can define exceptions from this automatic cleanup by using the
// $config['identity_from_directory_exclude_delete_unmanaged_regex'] option.
// This might be helpful for edge cases or when other plugins are in use
// that create or influence a user's identities.
$config['identity_from_directory_delete_unmanaged'] = false;
// Regular expression (used with preg_match()) to exclude identities with
// matching email addresses from automatic cleanup when
// $config['identity_from_directory_delete_unmanaged'] is true.
//
// An empty string ('') disables the exclusion feature (= all of a user's
// unmanaged identities are deleted). This setting has no effect if
// $config['identity_from_directory_delete_unmanaged'] is set to false (as this
// disables the entire automatic deletion cleanup mechanism).
//
// Examples:
// - '/^.+@example\.com$/im'
// Excludes all identities using email addresses ending with "@example.com"
// (case-insensitive).
// - '/^.+@example\.(com|net|org)$/im'
// Excludes all identities using email addresses ending with "@example.com",
// "@example.net" or "@example.org" (case-insensitive)
$config['identity_from_directory_exclude_delete_unmanaged_regex'] = '';
// Switch for signature handling
//
// true: Overwrite existing signatures on each login (not only name, organization,
// email and other attributes).
//
// false: Do not touch or overwrite the signature of an identity (so a user can
// still maintain the signature value and format in a self-reliant way).
$config['identity_from_directory_update_signatures'] = true;
// Signature templates
//
// You can use each key from $config['identity_from_directory_ldap']['fieldmap']
// as %placeholder(_html|url)%. They will be replaced with the values from the
// either the directory or $config['identity_from_directory_fallback_values']
// (if there is no or empty data for this key in LDAP). Each value is available
// in three ways (as provided by LDAP, with encoded HTML entities and URL encoded
// for using it in URLs).
//
// Example for 'foo':
// - %foo%: raw value of 'foo'
// - %foo_html%: HTML entities encoded value of 'foo'
// - %foo_url%: URL encoded value of 'foo'. Additional optimizations are
// applied it the key is named 'email' (usage of Punycode for email domains),
// 'phone' or 'fax' (stripping of chars not compatible with tel:// URLs)
//
// $config['identity_from_directory_signature_template_plaintext'] will be used
// if $config['identity_from_directory_use_html_signature'] is false.
//
// On images in HTML signatures:
// - The easiest way is the usage of base64 data URLs with e.g.
// data:image/png;base64,[...]:
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs
// Most mail user agents (MUAs) are supporting this but check if the all over
// compatibility is good enough for you:
// https://www.caniemail.com/features/image-base64/
// - The second option are CID (or Content-ID) images. They work by attaching
// the image to the email you send and then using standard HTML image tags
// that reference that image to embed it in the email when the user opens it.
// Most MUAs are supporting this and Roundcube also provides and uses this
// functionality for HTML signatures. But tinkering out how to use it for
// this plugin and documenting is still an open issue (contributions welcome):
// https://github.com/foundata/roundcube-plugin-identity-from-directory/issues/3
$config['identity_from_directory_signature_template_html'] = '
<p>
Kind regards<br />
<strong>%name_html%</strong><br />
%organization_html%
</p>
<p>
mailto: <a href="mailto:%email_html%">%email_html%</a><br />
phone: <a href="tel:%phone_url%">%phone_html%</a><br />
web: <a href="%website_html%">%website_html%</a>
</p>
';
$config['identity_from_directory_signature_template_plaintext'] = '
Kind regards
%name%
%organization%
mailto: %email%
phone: %phone%
web: %website%
';
// Switch: Also search the 'proxyAddresses' field for email alias addresses?
//
// 'proxyAddresses' is a Active Directory user attribute which may contain
// a CSV string like 'smtp:[email protected],smtp:[email protected]' or an
// array with such values. They represent alias email addresses (if any).
// The directory server needs to provide this field (which is the default
// for MS Active Directory but not for most other LDAP servers out there;
// Therefore this option defaults to false).
//
// true: The plugin will also maintain identities for email aliases in
// 'proxyAddresses' (if any).
//
// false: Do not care about email aliases in 'proxyAddresses'.
$config['identity_from_directory_handle_proxyaddresses'] = false;
// Switch for signature format
//
// true: use HTML instead of plain text signatures.
$config['identity_from_directory_use_html_signature'] = true;
// Switch for signature sanitation
//
// true: Use rcmail_action_settings_index::wash_html() on HTML signatures.
// You can disable this if you got problems with stripped HTML attributes
// and you are sure that you can trust the LDAP data in any case.
$config['identity_from_directory_wash_html_signature'] = true;
// Switch for logging additional debug data into the Roundcube log
// "identity_from_directory".
//
// true: Write LDAP search info, records and other useful debugging info into
// the log file. You might want to also set $config['ldap_debug'] = true for
// logging Roundcube's LDAP conversations, including the ones triggered by
// this plugin.
$config['identity_from_directory_debug'] = false;