Zarafa server.cfg synology

When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer. Default: no Explanation Of Miscelleanious Parameters enable_hosted_zarafa Enable multi-tenancy environment. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. Cfg The Zarafa Unix user plugin configuration file. Options: 0 disable, 1 sent only with errors, 2 always sent Default: 1 client_update_log_path Log location for the client auto update files You need the client_update_log_level option set to non-zero value to receive log files from the client. Default: /var/run/zarafa-indexer index_services_search_timeout Time (in seconds) to wait for a connection to the zarafa-indexer(1) before terminating the indexed search request. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server. No action is currently needed by the script. No action is currently needed by the script. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. This was the default for zarafa 6. This is useful for setups which have large addressbooks (more than 1000 entries in the addressbook). When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the tenancyname. In practice, folders of over 1000000 items are usually created by runaway processes which are therefore useless anyway. Cfg The Zarafa LDAP user plugin configuration file. Default: yes folder_max_items Limits the amount of items (messages or folders) in a single folder. Cfg The server configuration file. Default: /etc/zarafa/userscripts/creategroup deletegroup_script ZARAFA_GROUPID contains the old id of the group. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Default: 1000000 sync_gab_realtime When set to ‘yes’, zarafa will synchronize the local user list whenever a list of users is requested (eg during zarafa-admin -l or when opening the addressbook). Default: false client_update_path This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. Enabling this option requires the zarafa-indexer(1) service to be running. Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. With the this configuration option you can set how the loginname should be build up. If it is at 0 on your system, then this option has had no effect except for slowing it down. Default: /var/lib/zarafa/client client_update_log_level Receive the log information from the client auto update service. Default: no index_services_path Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service. Default: false storename_format Display format of store name. When set to true it is possible to place users and companies on specific servers. Default: /etc/zarafa/userscripts/deleteuser creategroup_script ZARAFA_GROUP contains the new groupname. See Also zarafa-server(1) zarafa-ldap. Author Written by Zarafa. When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. Default: false enable_distributed_zarafa Enable multi-server environment. You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option. A value of 0 will allow any term to be used for a prefix search. Default: /etc/zarafa/userscripts/createcompany deletecompany_script ZARAFA_COMPANYID contains the old id of the company. Default: 10 index_services_prefix_chars Number of characters a search term must contain before a prefix search is performed by zarafa-indexer(1). Default: 3 enable_enhanced_ics Allow enhanced ICS operations to speedup synchronization with cached profiles. Default: /etc/zarafa/userscripts/deletegroup createcompany_script ZARAFA_COMPANY contains the new companyname. When set to false, the normal single-tenancy environment is created. Default: /etc/zarafa/userscripts/deletecompany user_safe_mode If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. No action is currently needed by the script. When set to false, the normal single-server environment is created. Using a high value (like 99) will effectively disable prefix searching, matching only the exact search term. Default: /var/log/zarafa/autoupdate index_services_enabled Use Indexing service for faster searching. No action is currently needed by the script. When setting this value to ‘no’, synchronization will only occur during zarafa-admin –sync. This makes sure that the server will not attempt to load folders that are so large that it would require huge amounts of memory just to show the data. Allowed variables: %u Username %f Fullname %c Companyname Default: %f loginname_format Loginname format (for multi-tenancy installations). This option is forced to ‘yes’ when using the ‘db’ plugin since synchronization is implicit in that case. Allowed variables: %u Username %c Companyname Default: %u client_update_enabled Enable client updates. This may perform badly since a prefix search of one character will match almost all documents. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server. This might be useful when you are testing changes to your plugin configuration.

In the meantime I had seen questions in Zarafa and Synology forums by others that are struggling with the. 2013: I found a solution and got it working.

This is the only way you have a smooth rollback that works without having to reinstall your complete NAS. This section is explaining the actions I took to make Zarafa work. Make sure you make a backup of the file you are going to edit, before you actual edit it. This is (unfortunately) done by changing several configuration files on the filesystem of your NAS.

To get a more detailed status on running, stopped, disabled processes run zarafa-status. For backup, restore run zarafa-backup which is a custom script by Zaraaf4h on Synology not to be confused with Zarafa Backup Plus shipped with commercial offering. Zarafa-postfix, zarafa-fetchmail, zarafa-getmail are used to add and change settings for mail-delivery. The zarafa-restart command can be issued after changes to configuration has been made since a stop and start on Synology GUI only acts against the container this is a full restart. With zarafa-admin you can add and change users from the cmd-line. Details and the power of zarafa-backup for migration is described above. For the impatient here is a demo command for a new user pwd is here 007 you can also use capital -P and get prompted for password:. The cmd-line tools typically have a usage and help function to get familiarized with the features. To get full control enter ~$zarafa-cmdline (or ~$zarafa4h) and you are in the box (Docker-/Chroot-Container) and can do all other things like hardening your setup or running any other zarafa command. To get the public-folder Ids of Z-Push you enter zarafa-pubfolders and put the Id’s into the Z-Push config.

In a post I wrote 2 years ago I described how to setup an IMAP based mail server on the Synology. To How to setup Zarafa on DSM.

Default: 16777216 (16 Mb) cache_quota_size This cache contains quota values of users. See Also zarafa-server(1) zarafa-ldap. When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the tenancyname. Default: 0 (never expire) cache_server_size This cache contains server locations. Group information will read from /etc/group. This is the main cache used in Zarafa. It caches all data that comes into view in tables (ie the view of your inbox, or any other folder). Default: /etc/zarafa/userscripts/deleteuser creategroup_script ZARAFA_GROUP contains the new groupname. Default: /etc/zarafa/userscripts/createuser deleteuser_script ZARAFA_STOREID contains the old id of the store of the removed user. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server. Allowed variables: %u Username %f Fullname %c Companyname Default: %f loginname_format Loginname format (for multi-tenancy installations). Default: 0 sync_lifetime Synchronization clean cycle, in days. Default: 5 server_send_timeout SOAP send timeout value. Please read the SSL section in the zarafa-server(1) manual on how to create these files. This was the default for zarafa 6. Default: passwd max_deferred_records The server has a list of deferred writes to the tproperties table, to improve overall I/O performance. Default: /usr/lib/zarafa user_plugin The source of the user base. In case your plugin cannot provide the authentication, you may set this to pam, and set the pam_service to authenticate through pam. In practice, folders of over 1000000 items are usually created by runaway processes which are therefore useless anyway. Using a high value (like 99) will effectively disable prefix searching, matching only the exact search term. In an ideal situation, all cells would be cached, so that the database does not need to be queried for data when browsing through folders, but this would require around 1. You can get the hash value of the certificate with the following command: openssl x509 -hash -noout -in cacert. Server_ssl_ca_file The CA file which was used to sign client SSL certificates. Synchronizations older than this setting will be removed from the database. To set the default of a feature to disabled, add it here to the list, making it possible through the user plugin to enable a specific user for specific users. This might be useful when you are testing changes to your plugin configuration. With the this configuration option you can set how the loginname should be build up. When using BlackBerry synchronization) it is important for all changes to be logged regardless of the number of listeners to these changes. Pem Create a symbolic link to the certificate with the hashname like this: ln -s cacert. In the end of the filename. In some scenarios (i. No action is currently needed by the script. This makes sure that the server will not attempt to load folders that are so large that it would require huge amounts of memory just to show the data. Default: false client_update_path This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. Another choice is kerberos. Users with administrator rights are also not affected by this option and always have access to the GAB. Default: imap pop3 Explanation Of The Cache Settings Parameters cache_cell_size Size in bytes of the cell cache. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. Disabling the GAB will show an empty list in the GAB, which may be required for some installations. Default: 1048576 (1 Mb) cache_store_size This cache contains store id values. Pem server_ssl_key_pass Enter you password here when your key file contains a password to be readable. Default: no Explanation Of The Threading Parameters threads Number of server threads. Default: 1048576 (1 Mb) cache_user_size This cache contains user id values. Note that is not a single-signon method, since the server requires the user password. Cfg The Zarafa Unix user plugin configuration file. You can calculate the size with a simple equation: concurrent users * max items in a folder * 24 Default: 5242880 (5 Mb) cache_indexedobject_size This cache contains unique id’s of objects. No action is currently needed by the script. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server. Please see the server installation manual on howto enable your system for single sign-on. No action is currently needed by the script. This value must be set for clients to login with an SSL Key. Folders who are opened in other stores than your own are listed in the ACL table, and will be cached. Default: false storename_format Display format of store name. Use 0 to disable this quota level. Default: 3 enable_enhanced_ics Allow enhanced ICS operations to speedup synchronization with cached profiles. Server_ssl_ca_path When you have multiple CA’s to trust, you may use this option. Default: 0 quota_soft Size in Mb of de default quota soft level. Pam services can be found in /etc/pam. Default: yes folder_max_items Limits the amount of items (messages or folders) in a single folder. 5K per message item (e-mail, appointment task, etc) in the entire server. Author Written by Zarafa. When setting this value to ‘no’, synchronization will only occur during zarafa-admin –sync. Options: 0 disable, 1 sent only with errors, 2 always sent Default: 1 client_update_log_path Log location for the client auto update files You need the client_update_log_level option set to non-zero value to receive log files from the client. Default: 0 companyquota_warn Size in Mb of de default quota warning level for multitenant public stores. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Default: db createuser_script, deleteuser_script, creategroup_script, deletegroup_script, createcompany_script, deletecompany_script These scripts are called by the server when the external user source, like LDAP, is different from the users, groups and companies which are known to Zarafa. Enabling this option requires the zarafa-indexer(1) service to be running. If you can afford it, set this value as high as possible, up to 50% of your total RAM capacity. Default: /etc/zarafa/userscripts/deletegroup createcompany_script ZARAFA_COMPANY contains the new companyname. The name of the certificate needs to be the hash of the certificate. Passwords will be checked agains /etc/shadow. Default: 1048576 (1 Mb) cache_userdetails_lifetime This sets the lifetime for user details inside the cache. The following parameter is used for the script: createuser_script ZARAFA_USER contains the new username. Default: 0 (off) max_deferred_records_folder Same as the max_deferred_records variable, but per folder instead of total. Default: yes auth_method Authentication is normally done in the user plugin. When set to false, the normal single-tenancy environment is created. Sslkeys_path The path which contains public keys of clients which can login over SSL using their key. When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. Default: 1048576 (1 Mb) cache_userdetails_size This cache contains the details of users. Default: /var/lib/zarafa/client client_update_log_level Receive the log information from the client auto update service. Use 0 to disable this quota level. Default: no Explanation Of Miscelleanious Parameters enable_hosted_zarafa Enable multi-tenancy environment. If server details weren’t queried during this period it is removed from the cache making room for more often requested server details. The number of watchdog checks per second. The script uses a environment variable to see which user, group or tenant is affected. Default: 0 quota_hard Size in Mb of de default quota hard level. This CA will be trusted. Items older than this setting will be removed from the database. This list is space separated, and currently may contain the following features: imap, pop3. Use 0 to disable this quota level. Set to 0 to never expire, or -1 to disable this cache. Default: /var/log/zarafa/autoupdate index_services_enabled Use Indexing service for faster searching. For NTLM authentication you will need the ntlm_auth program from Samba. Setting this value to yes will cause slightly more database traffic and the value no will be the correct for most installations. Default: /etc/zarafa/userscripts/deletecompany user_safe_mode If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. The script should at least call zarafa-admin –create-store “${ZARAFA_USER}” to correctly create the store for the new user. Default: 1000000 sync_gab_realtime When set to ‘yes’, zarafa will synchronize the local user list whenever a list of users is requested (eg during zarafa-admin -l or when opening the addressbook). When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies. Make sure this doesn’t lead to swapping though. Use 0 to disable this quota level. This cache is used twice, also by the externid cache, which is the inverse of this cache. Default: /etc/zarafa/sslkeys server_ssl_enable_v2 Incoming SSL connections normally are v3. Default: 1048576 (1 Mb) cache_quota_lifetime This sets the lifetime for quota details inside the cache. Default: 1048576 (1 Mb) cache_server_lifetime This sets the lifetime for server location details inside the cache. Default: no enable_sso When you configured your system for single sign-on, you can enable this by setting the value to yes. The user password will be verified using the kerberos service. There are no additional settings for this plugin. The maximum age in ms of a task before a new thread is started. Normally all features are enabled for all users, making it possible through the user plugin to disable specific features for specific users. Default: no enable_gab Enables viewing of the Global Address Book (GAB) by users. Default: /etc/zarafa/userscripts/creategroup deletegroup_script ZARAFA_GROUPID contains the old id of the group. Use the zarafa-admin tool to create users and groups. Cfg The server configuration file. Default: plugin pam_service This is the pam service name. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. Default: false enable_distributed_zarafa Enable multi-server environment. User information will be read the /etc/passwd file. The server can autodetect between NTLM and Kerberos. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer. Allowed variables: %u Username %c Companyname Default: %u client_update_enabled Enable client updates. All additional LDAP settings are set in a separate config file, which will be defined by the user_plugin_config. Resolving addresses is not affected by this option. Default: 90 sync_log_all_changes Normally changes to messages inside folders which no user is syncing from are not logged to the database as optimization. A value of 0 will allow any term to be used for a prefix search. Ldap Retrieve the users and groups information from an LDAP server. Default: 10 index_services_prefix_chars Number of characters a search term must contain before a prefix search is performed by zarafa-indexer(1). Default: 0 Explanation Of The User Plugin Settings Parameters plugin_path The location of the Zarafa plugin directory. Default: 30 (30 minutes) Explanation Of The Quota Settings Parameters quota_warn Size in Mb of de default quota warning level. Default: 1 watchdog_max_age Watchdog max age. Default: 500 server_max_keep_alive_requests Maximum SOAP keep_alive value. Their public key must be present in the sslkeys_path directory. Cfg The Zarafa LDAP user plugin configuration file. When set to true it is possible to place users and companies on specific servers. If quota details weren’t queried during this period it is removed from the cache making room for more often requested quota details. 0 If you have several certificates which result in the same hash, use. Default: 237 server_ssl_key_file The file containing the private key and certificate. Default: /var/run/zarafa-indexer index_services_search_timeout Time (in seconds) to wait for a connection to the zarafa-indexer(1) before terminating the indexed search request. This cache is used twice, also by the index2 cache, which is the inverse of the index1 cache. All additional Unix settings are set in a separate config file, which will be defined by the user_plugin_config. This is useful for setups which have large addressbooks (more than 1000 entries in the addressbook). Possible values are: db Retrieve the users from the Zarafa database. Use the zarafa-admin(1) tool to set Zarafa specific attributes on a user. Default: 268435456 (256 Mb) cache_object_size This caches objects and their respective hierarchy of folders. The number of deferred writes is kept below this value; setting it high will allow writes to be more efficient by grouping more writes together, but may slow down reading, and setting it low will force writes to complete directly, but speed up reading of tables. Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. When set to false, the normal single-server environment is created. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. Set this to a directory which contains all your trusted CA certificates. Default: 8 watchdog_frequency Watchdog frequency. This cache is only used in multiserver mode. If it is at 0 on your system, then this option has had no effect except for slowing it down. Default: 1 (1 minute) cache_acl_size This cache contains Access Control List values. This option is forced to ‘yes’ when using the ‘db’ plugin since synchronization is implicit in that case. Pem ‘openssl x509 -hash -noout -in cacert. Default: 100 server_recv_timeout SOAP recv timeout value. Set to 0 to never expire, or -1 to disable this cache. Please read the SSL section in the zarafa-server(1) manual on how to create this file. Unix Retrieve the users and groups information from the Linux password files. Default: no index_services_path Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service. Default: /etc/zarafa/userscripts/createcompany deletecompany_script ZARAFA_COMPANYID contains the old id of the company. Default: 60 Explanation Of The Other Settings Parameters softdelete_lifetime Softdelete clean cycle, in days. Set to 0 to never expire, or -1 to disable this cache. No action is currently needed by the script. If user details weren’t queried during this period it is removed from the cache making room for more often requested user details. This may perform badly since a prefix search of one character will match almost all documents. Default: 20 disabled_features In this list you can disable certain features for users. You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option.

When set to true it is possible to place users and companies on specific servers. Default: /etc/zarafa/userscripts/createuser deleteuser_script ZARAFA_STOREID contains the old id of the store of the removed user. Ldap Retrieve the users and groups information from an LDAP server. Users with administrator rights are also not affected by this option and always have access to the GAB. For NTLM authentication you will need the ntlm_auth program from Samba. Default: /var/run/zarafa-indexer index_services_search_timeout Time (in seconds) to wait for a connection to the zarafa-indexer(1) before terminating the indexed search request. You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option. This is the main cache used in Zarafa. Use the zarafa-admin tool to create users and groups. Default: 0 companyquota_warn Size in Mb of de default quota warning level for multitenant public stores. This is useful for setups which have large addressbooks (more than 1000 entries in the addressbook). Set to 0 to never expire, or -1 to disable this cache. This option can be used to override the default mysql socket. This cache is used twice, also by the index2 cache, which is the inverse of the index1 cache. Default: yes session_timeout The session timeout specifies how many seconds must elapse without any activity from a client before the server counts the session as dead. Default: 60 server_send_timeout TCP and SSL send timeout in seconds. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server. This cache is used twice, also by the externid cache, which is the inverse of this cache. Default: localhost mysql_port The port of the MySQL server to use. The drawback of separate files is that a mysqldump is not enough for a full disaster recovery. This is the time that a TCP connection may be idle (between requests) before the TCP connection is closed from the server. Default: 0 Explanation Of The User Plugin Settings Parameters plugin_path The location of the Zarafa plugin directory. Items older than this setting will be removed from the database. Setting the compression level to 0 will effectively disable compression completely. In case your plugin cannot provide the authentication, you may set this to pam, and set the pam_service to authenticate through pam. Allowed variables: %u Username %f Fullname %c Companyname Default: %f loginname_format Loginname format (for multi-tenancy installations). Default: 90 sync_log_all_changes Normally changes to messages inside folders which no user is syncing from are not logged to the database as optimization. Default: no enable_sso When you configured your system for single sign-on, you can enable this by setting the value to yes. The user password will be verified using the kerberos service. Default: /etc/zarafa/userscripts/deleteuser creategroup_script ZARAFA_GROUP contains the new groupname. Default: imap pop3 Explanation Of The Cache Settings Parameters cache_cell_size Size in bytes of the cell cache. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. Normally, this is only ‘root’, so the unix root user can use the zarafa-admin tool. Default: no index_services_path Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service. Synchronizations older than this setting will be removed from the database. Default: 100 server_recv_timeout SOAP recv timeout value. Default: zarafa mysql_group_concat_max_len The group_concat_max_len used to set for MySQL. 0 means no logging, 5 means full logging. Default: 3306 mysql_user The user under which we connect with MySQL. Default: /var/log/zarafa/autoupdate index_services_enabled Use Indexing service for faster searching. This makes sure you can never timeout your session while the Zarafa client is running. Use 0 to disable this quota level. Setting the session timeout low will keep the session count and therefore the memory usage on the server low, but may also timeout sessions of client that have lost network connectivity temporarily. Default: 21844 attachment_storage The location where attachments are stored. Server_ssl_ca_path When you have multiple CA’s to trust, you may use this option. Set this to a directory which contains all your trusted CA certificates. Please read the SSL section in the zarafa-server(1) manual on how to create these files. This might be useful when you are testing changes to your plugin configuration. Default: database_engine The database engine to use. Default: false enable_distributed_zarafa Enable multi-server environment. Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal. Default: 0 sync_lifetime Synchronization clean cycle, in days. Default value is empty, not changing the group after starting. This can be in the MySQL database, or as separate files. Default: 8 watchdog_frequency Watchdog frequency. Default: mysql_socket The socket of the MySQL server to use. Use 0 to disable this quota level. Default: 237 server_ssl_key_file The file containing the private key and certificate. Default: 16777216 (16 Mb) cache_quota_size This cache contains quota values of users. Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. Using a high value (like 99) will effectively disable prefix searching, matching only the exact search term. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer. Default: files attachment_path When the attachment_storage option is ‘files’, this option sets the location of the attachments on disk. Setting this value to yes will cause slightly more database traffic and the value no will be the correct for most installations. When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies. Thus, users will not be able to send e-mail to this user anymore. Default: 1048576 (1 Mb) cache_quota_lifetime This sets the lifetime for quota details inside the cache. In some scenarios (i. Default: root system_email_address This is the e-mail address of the SYSTEM user. Administrators will still be able to see and use the user. To use the socket, the mysql_host value must be empty or ‘localhost’ Default: mysql_database The MySQL database to connect to. This makes sure that the server will not attempt to load folders that are so large that it would require huge amounts of memory just to show the data. Options: 0 disable, 1 sent only with errors, 2 always sent Default: 1 client_update_log_path Log location for the client auto update files You need the client_update_log_level option set to non-zero value to receive log files from the client. Server_ssl_ca_file The CA file which was used to sign client SSL certificates. Use 0 to disable this quota level. The send timeout is the amount of time that the server will wait to write data to a socket, analogous to server_read_timeout. Note that is not a single-signon method, since the server requires the user password. Default: plugin pam_service This is the pam service name. Default: db createuser_script, deleteuser_script, creategroup_script, deletegroup_script, createcompany_script, deletecompany_script These scripts are called by the server when the external user source, like LDAP, is different from the users, groups and companies which are known to Zarafa. The read timeout is the amount of time that the server will wait to read more data from a socket, after processing of the request has started. Cfg The Zarafa LDAP user plugin configuration file. Use – (minus sign) for stderr output. Note that the field is SPACE separated. Pam services can be found in /etc/pam. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Default: yes folder_max_items Limits the amount of items (messages or folders) in a single folder. Use 0 to disable this quota level. Older versions use a 32 bit session id, so then the session is easier guessable. Author Written by Zarafa. This cache is only used in multiserver mode. If it is at 0 on your system, then this option has had no effect except for slowing it down. If quota details weren’t queried during this period it is removed from the cache making room for more often requested quota details. 5K per message item (e-mail, appointment task, etc) in the entire server. Default: yes thread_stacksize This setting might be usefull on 32bit system with a lot of users. Sslkeys_path The path which contains public keys of clients which can login over SSL using their key. Default: no server_ssl_port The portnumber to accept SSL connections on. Default: yes auth_method Authentication is normally done in the user plugin. When using BlackBerry synchronization) it is important for all changes to be logged regardless of the number of listeners to these changes. The number of deferred writes is kept below this value; setting it high will allow writes to be more efficient by grouping more writes together, but may slow down reading, and setting it low will force writes to complete directly, but speed up reading of tables. The script uses a environment variable to see which user, group or tenant is affected. The number of watchdog checks per second. Valid values are: syslog Use the Linux system log. Default: 0 (never expire) cache_server_size This cache contains server locations. If user details weren’t queried during this period it is removed from the cache making room for more often requested user details. Default: mysql allow_local_users Named Unix users which connect through the unix socket (server_pipe_name) which are added here, those users will become the internal SYSTEM user in Zarafa, and have administrative rights. A value of 0 will allow any term to be used for a prefix search. Use – (minus sign) for stderr output. Default: 100 server_pipe_name Unix socket to listen on. Default: 60 server_max_keep_alive_requests Limits the number of requests allowed per connection. Note that the server runs as the ‘run_as_user’ user and ‘run_as_group’ group, which will require write access to this directory. In an ideal situation, all cells would be cached, so that the database does not need to be queried for data when browsing through folders, but this would require around 1. The client sends keepalive requests every 60 seconds, so the session timeout can never be below 60. All messages will be written to the mail facility. This CA will be trusted. File Log to a file. Use the zarafa-admin(1) tool to set Zarafa specific attributes on a user. Lower compression levels will require less CPU but will compress data less. With the this configuration option you can set how the loginname should be build up. This option is forced to ‘yes’ when using the ‘db’ plugin since synchronization is implicit in that case. Enabling this option requires the zarafa-indexer(1) service to be running. Normally all features are enabled for all users, making it possible through the user plugin to disable specific features for specific users. All additional Unix settings are set in a separate config file, which will be defined by the user_plugin_config. The following parameter is used for the script: createuser_script ZARAFA_USER contains the new username. Default: /etc/zarafa/userscripts/deletegroup createcompany_script ZARAFA_COMPANY contains the new companyname. Default: 512 license_socket Path to the zarafa-licensed(1) service. When set to false, the normal single-tenancy environment is created. Note that the log file needs to be writeable by this user, and the directory too to create new logfiles after logrotation. Default: 1048576 (1 Mb) cache_user_size This cache contains user id values. When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. 0 If you have several certificates which result in the same hash, use. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server. Pem ‘openssl x509 -hash -noout -in cacert. Default: 1 Explanation Of The Security Logging Settings Parameters audit_log_enabled Whether the security logging feature should be enabled. All additional LDAP settings are set in a separate config file, which will be defined by the user_plugin_config. Another choice is kerberos. The script should at least call zarafa-admin –create-store “${ZARAFA_USER}” to correctly create the store for the new user. In the end of the filename. Default: 0 (off) max_deferred_records_folder Same as the max_deferred_records variable, but per folder instead of total. Default: 1 audit_log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. Default: 1048576 (1 Mb) cache_userdetails_lifetime This sets the lifetime for user details inside the cache. Disabling the GAB will show an empty list in the GAB, which may be required for some installations. Group information will read from /etc/group. Cfg The server configuration file. Default: /usr/lib/zarafa user_plugin The source of the user base. Unix Retrieve the users and groups information from the Linux password files. Administrators will still be able to see and use the group. When people receive mail from the quota monitor, or receive fallback deliveries from the zarafa-dagent, the From email address is this field. Default: 1048576 (1 Mb) cache_server_lifetime This sets the lifetime for server location details inside the cache. Default: yes server_recv_timeout TCP and SSL receive timeout in seconds. Default: 1 Explanation Of The Mysql Settings Parameters mysql_host The hostname of the MySQL server to use. Passwords will be checked agains /etc/shadow. No action is currently needed by the script. If you can afford it, set this value as high as possible, up to 50% of your total RAM capacity. The value set is in Kb. Default: 1 (1 minute) cache_acl_size This cache contains Access Control List values. Settings this high makes it less necessary for clients to re-connect, but increases the total number of concurrent open sockets in the server. Default: yes server_tcp_port Port to listen on. The name of the certificate needs to be the hash of the certificate. It caches all data that comes into view in tables (ie the view of your inbox, or any other folder). When set to false, the normal single-server environment is created. To set the default of a feature to disabled, add it here to the list, making it possible through the user plugin to enable a specific user for specific users. Default: no Explanation Of The Threading Parameters threads Number of server threads. It is highly recommended to leave this check enabled, since the session id can be used by other machines, and thus introduces a large security risc. Default: [email protected] run_as_user After correctly starting, the server process will become this user, dropping root privileges. Pem Create a symbolic link to the certificate with the hashname like this: ln -s cacert. When this option is enabled, you must set the following ssl options correctly, otherwise the server may or will not start. Default: 5 server_send_timeout SOAP send timeout value. Default: file log_file When logging to a file, specify the filename in this parameter. Default: 5 server_read_timeout TCP and SSL read timeout in seconds. Default: no hide_system If this option is set to ‘yes’, the internal user SYSTEM will be hidden from the Global Addressbook. You might want to change this field so people can reply to this address. Default: no audit_log_method The method which should be used for logging. 20, the session id is 64 bits. Pid_file Write the process ID number to this file. Default: /var/lib/zarafa attachment_compression When the attachment_storage option is ‘files’, this option controls the compression level for the attachments. This file should be sent along with the crash report. All messages will be written to the authpriv facility. Default: 236 server_pipe_enabled Enable Unix pipe connections. This could be anything ranging up to several hours. No action is currently needed by the script. You can calculate the size with a simple equation: concurrent users * max items in a folder * 24 Default: 5242880 (5 Mb) cache_indexedobject_size This cache contains unique id’s of objects. Please read the SSL section in the zarafa-server(1) manual on how to create this file. For example, some clients with powersaving modes will disable the ethernet card during the screensaver. Pem server_ssl_key_pass Enter you password here when your key file contains a password to be readable. Cfg The Zarafa Unix user plugin configuration file. Should not be disabled. In fact, if you specify a timeout below 300, 300 will be taken as the session timeout instead. Higher compression levels will compress data better, but at the cost of CPU usage. Log log_level The level of output for logging in the range from 0 to 5. Default: 268435456 (256 Mb) cache_object_size This caches objects and their respective hierarchy of folders. This socket is only used by the zarafa-licensed daemon. Default: 0 quota_hard Size in Mb of de default quota hard level. This value must be set for clients to login with an SSL Key. You normally needn’t change the default value. This is used for the Kerberos single sign-on environment. Default: false storename_format Display format of store name. Default: false client_update_path This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. Default: 20 disabled_features In this list you can disable certain features for users. The filename will be specified in log_file. Default: /etc/zarafa/userscripts/creategroup deletegroup_script ZARAFA_GROUPID contains the old id of the group. The drawback of ‘database’ is that the large data of attachment will push usefull data from the MySQL cache. If server details weren’t queried during this period it is removed from the cache making room for more often requested server details. Default: 0 quota_soft Size in Mb of de default quota soft level. This list is space separated, and currently may contain the following features: imap, pop3. Thus, users will not be able to send e-mail to this group anymore, and also will not be able to set access rights on folders for this group. Their public key must be present in the sslkeys_path directory. This setting should not be set too small, or your server will crash. When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the tenancyname. Default value is empty, not changing the user after starting. Default: passwd max_deferred_records The server has a list of deferred writes to the tproperties table, to improve overall I/O performance. Default: Zarafa server_hostname DNS name of the server. Default: /var/run/zarafa server_pipe_priority Priority unix socket to listen on. If you have large distribution lists (more than 150 members), it is useful to set this value higher. Default: /var/run/zarafa-licensed license_timeout Time (in seconds) to wait for a connection to the zarafa-licensed(1) before terminating the request. Possible values are: db Retrieve the users from the Zarafa database. Leave empty for no password. Default: 500 server_max_keep_alive_requests Maximum SOAP keep_alive value. If empty (default), the FQDN or hostname will be used. This is used by the init. You can get the hash value of the certificate with the following command: openssl x509 -hash -noout -in cacert. The filename will be specified in log_file. You can add a generic user to be used by the zarafa-dagent here. There are no additional settings for this plugin. Default: 1048576 (1 Mb) cache_store_size This cache contains store id values. Default: /var/lib/zarafa/client client_update_log_level Receive the log information from the client auto update service. Allowed variables: %u Username %c Companyname Default: %u client_update_enabled Enable client updates. Set to 0 to never expire, or -1 to disable this cache. Default: 1 watchdog_max_age Watchdog max age. User information will be read the /etc/passwd file. You may want to disable this check when you have laptop’s which can get multiple ip-adresses through wired and wireless networks. File Log to a file. Values can be: mysql Use MySQL. Default: 300 session_ip_check Normally, a session is linked to an IP-address, so this check is enabled. Default: /etc/zarafa/sslkeys server_ssl_enable_v2 Incoming SSL connections normally are v3. No action is currently needed by the script. Default: no enable_gab Enables viewing of the Global Address Book (GAB) by users. When using the -F switch to run in the foreground the directory will not be changed. Default: 10 Explanation Of The Logging Settings Parameters log_method The method which should be used for logging. Folders who are opened in other stores than your own are listed in the ACL table, and will be cached. In practice, folders of over 1000000 items are usually created by runaway processes which are therefore useless anyway. Resolving addresses is not affected by this option. This may perform badly since a prefix search of one character will match almost all documents. Default: 1048576 (1 Mb) cache_userdetails_size This cache contains the details of users. Default: 30 (30 minutes) Explanation Of The Quota Settings Parameters quota_warn Size in Mb of de default quota warning level. Pid running_path Change directory to this path when running in daemonize mode. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. The server can autodetect between NTLM and Kerberos. Default: 2 log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. This needn’t be changed in most cases. This can also be achieved by setting the correct group and permissions. Default: yes hide_everyone If this option is set to ‘yes’, the internal group Everyone (which always contains all users) will be hidden from the Global Addressbook. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. Default: – audit_log_level The level of output for logging in the range from 0 to 1. Default: 10 index_services_prefix_chars Number of characters a search term must contain before a prefix search is performed by zarafa-indexer(1). Valid values are: syslog Use the Linux system log. On the other hand, some MySQL versions are known to break with a value higher than 21844. When this happens, you must set the session_timeout to a value that is higher than the time that it takes for the network connection to come back. Set to 0 to never expire, or -1 to disable this cache. Please see the server installation manual on howto enable your system for single sign-on. Make sure this doesn’t lead to swapping though. Run_as_group After correctly starting, the server process will become this group, dropping root privileges. Default: 60 Explanation Of The Other Settings Parameters softdelete_lifetime Softdelete clean cycle, in days. The maximum compression level is 9 Default: 6 Explanation Of The Ssl Settings Parameters server_ssl_enabled Enable direct SSL connections. This was the default for zarafa 6. Default: 1000000 sync_gab_realtime When set to ‘yes’, zarafa will synchronize the local user list whenever a list of users is requested (eg during zarafa-admin -l or when opening the addressbook). Default: /etc/zarafa/userscripts/deletecompany user_safe_mode If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. When setting this value to ‘no’, synchronization will only occur during zarafa-admin –sync. D script to correctly stop/restart the service. Default: no Explanation Of Miscelleanious Parameters enable_hosted_zarafa Enable multi-tenancy environment. Set to 0 to disable compression completely. Default: 3 enable_enhanced_ics Allow enhanced ICS operations to speedup synchronization with cached profiles. The maximum age in ms of a task before a new thread is started. Default: / coredump_enabled When a segfault occurs, a coredump file will be written in the running_path directory. No action is currently needed by the script. Default: /etc/zarafa/userscripts/createcompany deletecompany_script ZARAFA_COMPANYID contains the old id of the company. Default: /var/run/zarafa-prio server_name Unique name for identifying the server in a multi-server environment. This user is most likely called ‘vmail’. See Also zarafa-server(1) zarafa-ldap. 0 means no logging, 1 means full logging. Default: syslog audit_log_file When logging to a file, specify the filename in this parameter. Default: root mysql_password The password to use for MySQL.

Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. Cfg The server configuration file. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. Author Written by Zarafa. Cfg The Zarafa LDAP user plugin configuration file. If it is at 0 on your system, then this option has had no effect except for slowing it down. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Cfg The Zarafa Unix user plugin configuration file. When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. See Also zarafa-server(1) zarafa-ldap.

Both Zarafa's cannot be run the same time and it is important that when running Zarafa4h the Synology mail server Postfix SMTP is stopped to keep port 25 available. This restore then runs into the new Zarafa4h database (target and credetions from Zarafa4h-cfg-file) and this procedure can be repeated.

Zarafa sends emails to postfix and receives emails from postfix via LMTP Delivery Agent. In this setup you are hosting your own domain (e. In case you are using a dynamic IP address you need to setup a relay host to avoid you mails being rejected as SPAM for being an unknown host (see #Configure Internal Postfix and #Configure Relayhost). Postfix SmtpD has to be configured to send and receive emails via port 25 exposed to the Internet.

In the end of the filename. Default: 10 index_services_prefix_chars Number of characters a search term must contain before a prefix search is performed by zarafa-indexer(1). You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option. If user details weren’t queried during this period it is removed from the cache making room for more often requested user details. Default: no Explanation Of Miscelleanious Parameters enable_hosted_zarafa Enable multi-tenancy environment. This is the main cache used in Zarafa. Default: plugin pam_service This is the pam service name. Default: 100 server_recv_timeout SOAP recv timeout value. Make sure this doesn’t lead to swapping though. Default: 1000000 sync_gab_realtime When set to ‘yes’, zarafa will synchronize the local user list whenever a list of users is requested (eg during zarafa-admin -l or when opening the addressbook). 5K per message item (e-mail, appointment task, etc) in the entire server. Folders who are opened in other stores than your own are listed in the ACL table, and will be cached. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Default: 1048576 (1 Mb) cache_quota_lifetime This sets the lifetime for quota details inside the cache. All messages will be written to the mail facility. The number of watchdog checks per second. See Also zarafa-server(1) zarafa-ldap. If you can afford it, set this value as high as possible, up to 50% of your total RAM capacity. In some scenarios (i. Default: 16777216 (16 Mb) cache_quota_size This cache contains quota values of users. Default: 1048576 (1 Mb) cache_user_size This cache contains user id values. Default: /var/run/zarafa-indexer index_services_search_timeout Time (in seconds) to wait for a connection to the zarafa-indexer(1) before terminating the indexed search request. No action is currently needed by the script. Default: files attachment_path When the attachment_storage option is ‘files’, this option sets the location of the attachments on disk. Default: yes auth_method Authentication is normally done in the user plugin. This cache is only used in multiserver mode. Default: no enable_sso When you configured your system for single sign-on, you can enable this by setting the value to yes. Use – (minus sign) for stderr output. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. Default: false client_update_path This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. Leave empty for no password. Default: db createuser_script, deleteuser_script, creategroup_script, deletegroup_script, createcompany_script, deletecompany_script These scripts are called by the server when the external user source, like LDAP, is different from the users, groups and companies which are known to Zarafa. This was the default for zarafa 6. Author Written by Zarafa. This cache is used twice, also by the externid cache, which is the inverse of this cache. Pem server_ssl_key_pass Enter you password here when your key file contains a password to be readable. If server details weren’t queried during this period it is removed from the cache making room for more often requested server details. Default: 5 server_send_timeout SOAP send timeout value. This cache is used twice, also by the index2 cache, which is the inverse of the index1 cache. Default: false storename_format Display format of store name. This value must be set for clients to login with an SSL Key. The server can autodetect between NTLM and Kerberos. For NTLM authentication you will need the ntlm_auth program from Samba. When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. Default: false enable_distributed_zarafa Enable multi-server environment. Default: 20 disabled_features In this list you can disable certain features for users. Default: 60 Explanation Of The Other Settings Parameters softdelete_lifetime Softdelete clean cycle, in days. Default: /etc/zarafa/userscripts/deleteuser creategroup_script ZARAFA_GROUP contains the new groupname. Default: 8 watchdog_frequency Watchdog frequency. Default: passwd max_deferred_records The server has a list of deferred writes to the tproperties table, to improve overall I/O performance. Pam services can be found in /etc/pam. Enabling this option requires the zarafa-indexer(1) service to be running. Default: 3306 mysql_user The user under which we connect with MySQL. Allowed variables: %u Username %c Companyname Default: %u client_update_enabled Enable client updates. Their public key must be present in the sslkeys_path directory. Unix Retrieve the users and groups information from the Linux password files. Default: 30 (30 minutes) Explanation Of The Quota Settings Parameters quota_warn Size in Mb of de default quota warning level. Ldap Retrieve the users and groups information from an LDAP server. Synchronizations older than this setting will be removed from the database. Possible values are: db Retrieve the users from the Zarafa database. When set to true it is possible to place users and companies on specific servers. The number of deferred writes is kept below this value; setting it high will allow writes to be more efficient by grouping more writes together, but may slow down reading, and setting it low will force writes to complete directly, but speed up reading of tables. Default: /etc/zarafa/userscripts/createcompany deletecompany_script ZARAFA_COMPANYID contains the old id of the company. This CA will be trusted. Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal. 0 means no logging, 1 means full logging. Default: yes folder_max_items Limits the amount of items (messages or folders) in a single folder. Use 0 to disable this quota level. When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the tenancyname. Options: 0 disable, 1 sent only with errors, 2 always sent Default: 1 client_update_log_path Log location for the client auto update files You need the client_update_log_level option set to non-zero value to receive log files from the client. Default: – audit_log_level The level of output for logging in the range from 0 to 1. Default: mysql_socket The socket of the MySQL server to use. Default: no index_services_path Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service. Syslog Use the Linux system log. Use the zarafa-admin tool to create users and groups. Default: no enable_gab Enables viewing of the Global Address Book (GAB) by users. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server. The following parameter is used for the script: createuser_script ZARAFA_USER contains the new username. Default: /etc/zarafa/userscripts/creategroup deletegroup_script ZARAFA_GROUPID contains the old id of the group. Higher compression levels will compress data better, but at the cost of CPU usage. The filename will be specified in log_file. Setting this value to yes will cause slightly more database traffic and the value no will be the correct for most installations. Default: syslog audit_log_file When logging to a file, specify the filename in this parameter. Log log_level The level of output for logging in the range from 0 to 5. Default: 0 quota_hard Size in Mb of de default quota hard level. Default: no audit_log_method The method which should be used for logging. Using a high value (like 99) will effectively disable prefix searching, matching only the exact search term. Default: 1048576 (1 Mb) cache_userdetails_lifetime This sets the lifetime for user details inside the cache. Sslkeys_path The path which contains public keys of clients which can login over SSL using their key. To set the default of a feature to disabled, add it here to the list, making it possible through the user plugin to enable a specific user for specific users. The name of the certificate needs to be the hash of the certificate. Valid values are: syslog Use the Linux system log. Allowed variables: %u Username %f Fullname %c Companyname Default: %f loginname_format Loginname format (for multi-tenancy installations). Cfg The server configuration file. Default: /etc/zarafa/userscripts/createuser deleteuser_script ZARAFA_STOREID contains the old id of the store of the removed user. Setting the compression level to 0 will effectively disable compression completely. Set to 0 to never expire, or -1 to disable this cache. Default: /etc/zarafa/userscripts/deletecompany user_safe_mode If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. A value of 0 will allow any term to be used for a prefix search. This can be in the MySQL database, or as separate files. Default: 3 enable_enhanced_ics Allow enhanced ICS operations to speedup synchronization with cached profiles. Default: 500 server_max_keep_alive_requests Maximum SOAP keep_alive value. Note that is not a single-signon method, since the server requires the user password. In practice, folders of over 1000000 items are usually created by runaway processes which are therefore useless anyway. Resolving addresses is not affected by this option. Default: 1048576 (1 Mb) cache_server_lifetime This sets the lifetime for server location details inside the cache. You can get the hash value of the certificate with the following command: openssl x509 -hash -noout -in cacert. Set to 0 to disable compression completely. The user password will be verified using the kerberos service. Default: 21844 attachment_storage The location where attachments are stored. Please see the server installation manual on howto enable your system for single sign-on. Default: /var/lib/zarafa/client client_update_log_level Receive the log information from the client auto update service. If you have large distribution lists (more than 150 members), it is useful to set this value higher. Please read the SSL section in the zarafa-server(1) manual on how to create this file. Set to 0 to never expire, or -1 to disable this cache. Default: 0 Explanation Of The User Plugin Settings Parameters plugin_path The location of the Zarafa plugin directory. In case your plugin cannot provide the authentication, you may set this to pam, and set the pam_service to authenticate through pam. Default: 1 watchdog_max_age Watchdog max age. Default: /var/lib/zarafa attachment_compression When the attachment_storage option is ‘files’, this option controls the compression level for the attachments. No action is currently needed by the script. When set to false, the normal single-server environment is created. Default: 0 quota_soft Size in Mb of de default quota soft level. Default: 0 (never expire) cache_server_size This cache contains server locations. Cfg The Zarafa LDAP user plugin configuration file. This might be useful when you are testing changes to your plugin configuration. To use the socket, the mysql_host value must be empty or ‘localhost’ Default: mysql_database The MySQL database to connect to. 0 If you have several certificates which result in the same hash, use. Default: 268435456 (256 Mb) cache_object_size This caches objects and their respective hierarchy of folders. Pem ‘openssl x509 -hash -noout -in cacert. This option is forced to ‘yes’ when using the ‘db’ plugin since synchronization is implicit in that case. Default: 1 Explanation Of The Security Logging Settings Parameters audit_log_enabled Whether the security logging feature should be enabled. Use 0 to disable this quota level. When this option is enabled, you must set the following ssl options correctly, otherwise the server may or will not start. Lower compression levels will require less CPU but will compress data less. No action is currently needed by the script. When set to false, the normal single-tenancy environment is created. This makes sure that the server will not attempt to load folders that are so large that it would require huge amounts of memory just to show the data. Set this to a directory which contains all your trusted CA certificates. The filename will be specified in log_file. User information will be read the /etc/passwd file. On the other hand, some MySQL versions are known to break with a value higher than 21844. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. The maximum age in ms of a task before a new thread is started. Users with administrator rights are also not affected by this option and always have access to the GAB. When using BlackBerry synchronization) it is important for all changes to be logged regardless of the number of listeners to these changes. Default: 1 (1 minute) cache_acl_size This cache contains Access Control List values. The drawback of ‘database’ is that the large data of attachment will push usefull data from the MySQL cache. Default: no Explanation Of The Threading Parameters threads Number of server threads. Passwords will be checked agains /etc/shadow. When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies. Please read the SSL section in the zarafa-server(1) manual on how to create these files. This may perform badly since a prefix search of one character will match almost all documents. Default: /var/log/zarafa/autoupdate index_services_enabled Use Indexing service for faster searching. Server_ssl_ca_file The CA file which was used to sign client SSL certificates. In an ideal situation, all cells would be cached, so that the database does not need to be queried for data when browsing through folders, but this would require around 1. With the this configuration option you can set how the loginname should be build up. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer. Use – (minus sign) for stderr output. There are no additional settings for this plugin. If quota details weren’t queried during this period it is removed from the cache making room for more often requested quota details. The drawback of separate files is that a mysqldump is not enough for a full disaster recovery. All additional Unix settings are set in a separate config file, which will be defined by the user_plugin_config. Set to 0 to never expire, or -1 to disable this cache. All messages will be written to the authpriv facility. Default: no server_ssl_port The portnumber to accept SSL connections on. Pem Create a symbolic link to the certificate with the hashname like this: ln -s cacert. The maximum compression level is 9 Default: 6 Explanation Of The Ssl Settings Parameters server_ssl_enabled Enable direct SSL connections. Default: 2 log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. Cfg The Zarafa Unix user plugin configuration file. The script should at least call zarafa-admin –create-store “${ZARAFA_USER}” to correctly create the store for the new user. Default: localhost mysql_port The port of the MySQL server to use. All additional LDAP settings are set in a separate config file, which will be defined by the user_plugin_config. Items older than this setting will be removed from the database. Default: /etc/zarafa/userscripts/deletegroup createcompany_script ZARAFA_COMPANY contains the new companyname. This list is space separated, and currently may contain the following features: imap, pop3. This option can be used to override the default mysql socket. Default: 237 server_ssl_key_file The file containing the private key and certificate. Default: 1 Explanation Of The Mysql Settings Parameters mysql_host The hostname of the MySQL server to use. Group information will read from /etc/group. This is useful for setups which have large addressbooks (more than 1000 entries in the addressbook). Default: 1048576 (1 Mb) cache_userdetails_size This cache contains the details of users. Default: /etc/zarafa/sslkeys server_ssl_enable_v2 Incoming SSL connections normally are v3. Default: imap pop3 Explanation Of The Cache Settings Parameters cache_cell_size Size in bytes of the cell cache. When setting this value to ‘no’, synchronization will only occur during zarafa-admin –sync. Default: zarafa mysql_group_concat_max_len The group_concat_max_len used to set for MySQL. Default: 1048576 (1 Mb) cache_store_size This cache contains store id values. Default: root mysql_password The password to use for MySQL. Use 0 to disable this quota level. File Log to a file. Another choice is kerberos. Normally all features are enabled for all users, making it possible through the user plugin to disable specific features for specific users. Default: 0 (off) max_deferred_records_folder Same as the max_deferred_records variable, but per folder instead of total. Default: 1 audit_log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. Default: /usr/lib/zarafa user_plugin The source of the user base. Use 0 to disable this quota level. 0 means no logging, 5 means full logging. Default: 0 sync_lifetime Synchronization clean cycle, in days. Default: 90 sync_log_all_changes Normally changes to messages inside folders which no user is syncing from are not logged to the database as optimization. File Log to a file. Use the zarafa-admin(1) tool to set Zarafa specific attributes on a user. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server. The script uses a environment variable to see which user, group or tenant is affected. No action is currently needed by the script. If it is at 0 on your system, then this option has had no effect except for slowing it down. Server_ssl_ca_path When you have multiple CA’s to trust, you may use this option. You can calculate the size with a simple equation: concurrent users * max items in a folder * 24 Default: 5242880 (5 Mb) cache_indexedobject_size This cache contains unique id’s of objects. It caches all data that comes into view in tables (ie the view of your inbox, or any other folder). Default: file log_file When logging to a file, specify the filename in this parameter. Default: 0 companyquota_warn Size in Mb of de default quota warning level for multitenant public stores. Note that the server runs as the ‘run_as_user’ user and ‘run_as_group’ group, which will require write access to this directory. Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. Disabling the GAB will show an empty list in the GAB, which may be required for some installations.

A value of 0 will allow any term to be used for a prefix search. In the end of the filename. Users with administrator rights are also not affected by this option and always have access to the GAB. No action is currently needed by the script. When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies. If it is at 0 on your system, then this option has had no effect except for slowing it down. Higher compression levels will compress data better, but at the cost of CPU usage. Default: 5 server_send_timeout SOAP send timeout value. Pam services can be found in /etc/pam. Default: no Explanation Of The Threading Parameters threads Number of server threads. When this option is enabled, you must set the following ssl options correctly, otherwise the server may or will not start. User information will be read the /etc/passwd file. Default: 90 sync_log_all_changes Normally changes to messages inside folders which no user is syncing from are not logged to the database as optimization. Default: syslog audit_log_file When logging to a file, specify the filename in this parameter. Use – (minus sign) for stderr output. Default: 1048576 (1 Mb) cache_server_lifetime This sets the lifetime for server location details inside the cache. Default: 1 watchdog_max_age Watchdog max age. The script uses a environment variable to see which user, group or tenant is affected. The maximum compression level is 9 Default: 6 Explanation Of The Ssl Settings Parameters server_ssl_enabled Enable direct SSL connections. Cfg The Zarafa LDAP user plugin configuration file. The filename will be specified in log_file. This is the main cache used in Zarafa. Default: no audit_log_method The method which should be used for logging. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer. Default: 0 quota_hard Size in Mb of de default quota hard level. All messages will be written to the authpriv facility. Allowed variables: %u Username %f Fullname %c Companyname Default: %f loginname_format Loginname format (for multi-tenancy installations). Setting this value to yes will cause slightly more database traffic and the value no will be the correct for most installations. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server. Default: false enable_distributed_zarafa Enable multi-server environment. To use the socket, the mysql_host value must be empty or ‘localhost’ Default: mysql_database The MySQL database to connect to. It caches all data that comes into view in tables (ie the view of your inbox, or any other folder). Default: 1048576 (1 Mb) cache_userdetails_size This cache contains the details of users. Pem server_ssl_key_pass Enter you password here when your key file contains a password to be readable. File Log to a file. 5K per message item (e-mail, appointment task, etc) in the entire server. Default: /etc/zarafa/userscripts/deletecompany user_safe_mode If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. No action is currently needed by the script. Server_ssl_ca_path When you have multiple CA’s to trust, you may use this option. Each time a counter_reset found an incorrect item count, it increments the system statistic counter_resyncs. Default: db createuser_script, deleteuser_script, creategroup_script, deletegroup_script, createcompany_script, deletecompany_script These scripts are called by the server when the external user source, like LDAP, is different from the users, groups and companies which are known to Zarafa. Default: /etc/zarafa/userscripts/deleteuser creategroup_script ZARAFA_GROUP contains the new groupname. Author Written by Zarafa. For NTLM authentication you will need the ntlm_auth program from Samba. Default: 1048576 (1 Mb) cache_userdetails_lifetime This sets the lifetime for user details inside the cache. Default: /etc/zarafa/userscripts/creategroup deletegroup_script ZARAFA_GROUPID contains the old id of the group. Another choice is kerberos. Ldap Retrieve the users and groups information from an LDAP server. Administrators will still be able to see and use the user. Group information will read from /etc/group. Default: root mysql_password The password to use for MySQL. Resolving addresses is not affected by this option. The number of deferred writes is kept below this value; setting it high will allow writes to be more efficient by grouping more writes together, but may slow down reading, and setting it low will force writes to complete directly, but speed up reading of tables. Default: 1048576 (1 Mb) cache_user_size This cache contains user id values. Folders who are opened in other stores than your own are listed in the ACL table, and will be cached. Default: files attachment_path When the attachment_storage option is ‘files’, this option sets the location of the attachments on disk. Default: 30 (30 minutes) Explanation Of The Quota Settings Parameters quota_warn Size in Mb of de default quota warning level. Default: /etc/zarafa/userscripts/deletegroup createcompany_script ZARAFA_COMPANY contains the new companyname. This cache is used twice, also by the index2 cache, which is the inverse of the index1 cache. This CA will be trusted. Default: 10 index_services_prefix_chars Number of characters a search term must contain before a prefix search is performed by zarafa-indexer(1). When using BlackBerry synchronization) it is important for all changes to be logged regardless of the number of listeners to these changes. Their public key must be present in the sslkeys_path directory. Default: 3 enable_enhanced_ics Allow enhanced ICS operations to speedup synchronization with cached profiles. Sslkeys_path The path which contains public keys of clients which can login over SSL using their key. This cache is only used in multiserver mode. Default: zarafa mysql_group_concat_max_len The group_concat_max_len used to set for MySQL. Default: localhost mysql_port The port of the MySQL server to use. Default: false client_update_path This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. Cfg The Zarafa Unix user plugin configuration file. This may perform badly since a prefix search of one character will match almost all documents. No action is currently needed by the script. Default: plugin pam_service This is the pam service name. When set to true it is possible to place users and companies on specific servers. Please see the server installation manual on howto enable your system for single sign-on. Server_ssl_ca_file The CA file which was used to sign client SSL certificates. No action is currently needed by the script. Default: /var/run/zarafa-indexer index_services_search_timeout Time (in seconds) to wait for a connection to the zarafa-indexer(1) before terminating the indexed search request. Use 0 to disable this quota level. Default: no enable_gab Enables viewing of the Global Address Book (GAB) by users. In case your plugin cannot provide the authentication, you may set this to pam, and set the pam_service to authenticate through pam. Although this is not strictly necessary, it is a precaution to make sure that counters are always correct. The value set is in Kb. Normally all features are enabled for all users, making it possible through the user plugin to disable specific features for specific users. Leave empty for no password. File Log to a file. You can calculate the size with a simple equation: concurrent users * max items in a folder * 24 Default: 5242880 (5 Mb) cache_indexedobject_size This cache contains unique id’s of objects. You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option. Setting the compression level to 0 will effectively disable compression completely. The drawback of ‘database’ is that the large data of attachment will push usefull data from the MySQL cache. This setting should not be set too small, or your server will crash. Default: 500 server_max_keep_alive_requests Maximum SOAP keep_alive value. Default: yes folder_max_items Limits the amount of items (messages or folders) in a single folder. Default: yes Reloading The following options are reloadable by sending the zarafa-server process a HUP signal: log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth quota_warn, quota_soft, quota_hard, companyquota_warn createuser_script, deleteuser_script, creategroup_script, deletegroup_script Files /etc/zarafa/server. In some scenarios (i. Default: no hide_system If this option is set to ‘yes’, the internal user SYSTEM will be hidden from the Global Addressbook. Default: 21844 attachment_storage The location where attachments are stored. Enabling this option requires the zarafa-indexer(1) service to be running. Log log_level The level of output for logging in the range from 0 to 5. The filename will be specified in log_file. On the other hand, some MySQL versions are known to break with a value higher than 21844. All messages will be written to the mail facility. The maximum age in ms of a task before a new thread is started. Default: 20 disabled_features In this list you can disable certain features for users. Default: 8 watchdog_frequency Watchdog frequency. Default: 16777216 (16 Mb) cache_quota_size This cache contains quota values of users. In practice, folders of over 1000000 items are usually created by runaway processes which are therefore useless anyway. Default: 1048576 (1 Mb) cache_store_size This cache contains store id values. Default: 1000000 sync_gab_realtime When set to ‘yes’, zarafa will synchronize the local user list whenever a list of users is requested (eg during zarafa-admin -l or when opening the addressbook). This can be in the MySQL database, or as separate files. Use – (minus sign) for stderr output. This option can be used to override the default mysql socket. Default: no index_services_path Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service. Valid values are: syslog Use the Linux system log. Administrators will still be able to see and use the group. Default: 1 Explanation Of The Mysql Settings Parameters mysql_host The hostname of the MySQL server to use. This is useful for setups which have large addressbooks (more than 1000 entries in the addressbook). Valid values are: syslog Use the Linux system log. Default: /var/lib/zarafa attachment_compression When the attachment_storage option is ‘files’, this option controls the compression level for the attachments. Default: /var/lib/zarafa/client client_update_log_level Receive the log information from the client auto update service. Default: 0 sync_lifetime Synchronization clean cycle, in days. Default: yes hide_everyone If this option is set to ‘yes’, the internal group Everyone (which always contains all users) will be hidden from the Global Addressbook. Default: 0 (off) max_deferred_records_folder Same as the max_deferred_records variable, but per folder instead of total. Default: /var/log/zarafa/autoupdate index_services_enabled Use Indexing service for faster searching. Passwords will be checked agains /etc/shadow. Using a high value (like 99) will effectively disable prefix searching, matching only the exact search term. This value must be set for clients to login with an SSL Key. This was the default for zarafa 6. All additional LDAP settings are set in a separate config file, which will be defined by the user_plugin_config. Default: passwd max_deferred_records The server has a list of deferred writes to the tproperties table, to improve overall I/O performance. Thus, users will not be able to send e-mail to this group anymore, and also will not be able to set access rights on folders for this group. Use 0 to disable this quota level. Default: /etc/zarafa/userscripts/createcompany deletecompany_script ZARAFA_COMPANYID contains the old id of the company. Possible values are: db Retrieve the users from the Zarafa database. Items older than this setting will be removed from the database. Default: false storename_format Display format of store name. Use the zarafa-admin tool to create users and groups. 0 If you have several certificates which result in the same hash, use. Set to 0 to disable compression completely. Note that the server runs as the ‘run_as_user’ user and ‘run_as_group’ group, which will require write access to this directory. Use 0 to disable this quota level. Default: /etc/zarafa/sslkeys server_ssl_enable_v2 Incoming SSL connections normally are v3. When set to false, the normal single-server environment is created. Thus, users will not be able to send e-mail to this user anymore. The name of the certificate needs to be the hash of the certificate. Set this to a directory which contains all your trusted CA certificates. Cfg(5) Referenced By pam_mapi(8), zarafa-passwd(1). Default: /var/run/zarafa-licensed license_timeout Time (in seconds) to wait for a connection to the zarafa-licensed(1) before terminating the request. If user details weren’t queried during this period it is removed from the cache making room for more often requested user details. Set to 0 to never expire, or -1 to disable this cache. Default: 0 quota_soft Size in Mb of de default quota soft level. Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal. In an ideal situation, all cells would be cached, so that the database does not need to be queried for data when browsing through folders, but this would require around 1. See Also zarafa-server(1) zarafa-ldap. Make sure this doesn’t lead to swapping though. Default: yes thread_stacksize This setting might be usefull on 32bit system with a lot of users. Cfg The server configuration file. Default: yes auth_method Authentication is normally done in the user plugin. Default: 1 (1 minute) cache_acl_size This cache contains Access Control List values. Pem ‘openssl x509 -hash -noout -in cacert. Default: 237 server_ssl_key_file The file containing the private key and certificate. You can get the hash value of the certificate with the following command: openssl x509 -hash -noout -in cacert. Disabling the GAB will show an empty list in the GAB, which may be required for some installations. Default: 1 audit_log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. The script should at least call zarafa-admin –create-store “${ZARAFA_USER}” to correctly create the store for the new user. When set to false, the normal single-tenancy environment is created. Default: no enable_sso When you configured your system for single sign-on, you can enable this by setting the value to yes. This might be useful when you are testing changes to your plugin configuration. If quota details weren’t queried during this period it is removed from the cache making room for more often requested quota details. Default: mysql_socket The socket of the MySQL server to use. Default: 0 companyquota_warn Size in Mb of de default quota warning level for multitenant public stores. If you can afford it, set this value as high as possible, up to 50% of your total RAM capacity. Please read the SSL section in the zarafa-server(1) manual on how to create this file. Default: 1048576 (1 Mb) cache_quota_lifetime This sets the lifetime for quota details inside the cache. 0 means no logging, 1 means full logging. Pem Create a symbolic link to the certificate with the hashname like this: ln -s cacert. With the this configuration option you can set how the loginname should be build up. The user password will be verified using the kerberos service. Set to 0 to never expire, or -1 to disable this cache. Default: /etc/zarafa/userscripts/createuser deleteuser_script ZARAFA_STOREID contains the old id of the store of the removed user. To set the default of a feature to disabled, add it here to the list, making it possible through the user plugin to enable a specific user for specific users. The drawback of separate files is that a mysqldump is not enough for a full disaster recovery. This list is space separated, and currently may contain the following features: imap, pop3. Default: no Explanation Of Miscelleanious Parameters enable_hosted_zarafa Enable multi-tenancy environment. Synchronizations older than this setting will be removed from the database. This cache is used twice, also by the externid cache, which is the inverse of this cache. Default: no server_ssl_port The portnumber to accept SSL connections on. Note that is not a single-signon method, since the server requires the user password. Default: – audit_log_level The level of output for logging in the range from 0 to 1. Default: file log_file When logging to a file, specify the filename in this parameter. Default: 1 Explanation Of The Security Logging Settings Parameters audit_log_enabled Whether the security logging feature should be enabled. Default: 3306 mysql_user The user under which we connect with MySQL. Please read the SSL section in the zarafa-server(1) manual on how to create these files. All additional Unix settings are set in a separate config file, which will be defined by the user_plugin_config. When enabled, this does incur a performance penalty, especially on large (>50000 items) folders. Default: yes counter_reset The counter_reset option forces a recount of items in the folder each time a folder is opened. Options: 0 disable, 1 sent only with errors, 2 always sent Default: 1 client_update_log_path Log location for the client auto update files You need the client_update_log_level option set to non-zero value to receive log files from the client. Unix Retrieve the users and groups information from the Linux password files. When setting this value to ‘no’, synchronization will only occur during zarafa-admin –sync. There are no additional settings for this plugin. The number of watchdog checks per second. Default: 0 (never expire) cache_server_size This cache contains server locations. 0 means no logging, 5 means full logging. Default: 268435456 (256 Mb) cache_object_size This caches objects and their respective hierarchy of folders. Default: 512 license_socket Path to the zarafa-licensed(1) service. The server can autodetect between NTLM and Kerberos. Default: 60 Explanation Of The Other Settings Parameters softdelete_lifetime Softdelete clean cycle, in days. Lower compression levels will require less CPU but will compress data less. Default: imap pop3 Explanation Of The Cache Settings Parameters cache_cell_size Size in bytes of the cell cache. Default: 100 server_recv_timeout SOAP recv timeout value. Use 0 to disable this quota level. Default: /usr/lib/zarafa user_plugin The source of the user base. If server details weren’t queried during this period it is removed from the cache making room for more often requested server details. Default: 2 log_timestamp Specify whether to prefix each log line with a timestamp in ‘file’ logging mode. This makes sure that the server will not attempt to load folders that are so large that it would require huge amounts of memory just to show the data. When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the tenancyname. Allowed variables: %u Username %c Companyname Default: %u client_update_enabled Enable client updates. Set to 0 to never expire, or -1 to disable this cache. Use the zarafa-admin(1) tool to set Zarafa specific attributes on a user. The following parameter is used for the script: createuser_script ZARAFA_USER contains the new username. This option is forced to ‘yes’ when using the ‘db’ plugin since synchronization is implicit in that case. Default: 10 Explanation Of The Logging Settings Parameters log_method The method which should be used for logging. If you have large distribution lists (more than 150 members), it is useful to set this value higher. Default: 0 Explanation Of The User Plugin Settings Parameters plugin_path The location of the Zarafa plugin directory.

Leave a Reply

Your email address will not be published. Required fields are marked *