Linux Certif

Toute la documentation sur la certification Linux LPI

zarafa-server.cfg

NAME

zarafa-server.cfg - The Zarafa configuration file

SYNOPSIS

server.cfg

DESCRIPTION

The server.cfg is a configuration file for the Zarafa group sharing solution. server.cfg contains instructions for the software to set up the database environment, logging system and license.

FILE FORMAT

The file consists of one big section, but parameters can be grouped by functionality.

The parameters are written in the form:

name = value

The file is line-based. Each newline-terminated line represents either a comment, nothing, a parameter or a directive. A line beginning with `#' is considered a comment, and will be ignored by Zarafa. Parameter names are case sensitive. Lines beginning with `!' are directives.

Directives are written in the form:

!directive [argument(s)]

The following directives exist:

include

Include and process argument
Example: !include common.cfg

EXPLANATION OF THE SERVER SETTINGS PARAMETERS

server_bind

IP address to bind to. 0.0.0.0 for any address. Keep in mind that both Webaccess and Outlook should be able to connect. The Webaccess normally connects on 127.0.0.1, and Outlook over the network.
Default: 0.0.0.0

server_tcp_enabled

Enable direct TCP connections.
Default: yes

server_tcp_port

Port to listen on.
Default: 236

server_pipe_enabled

Enable Unix pipe connections. Should not be disabled.
Default: yes

server_recv_timeout

TCP and SSL receive timeout in seconds.
Default: 5

server_send_timeout

TCP and SSL send timeout in seconds.
Default: 60

server_max_keep_alive_requests

Limits the number of requests allowed per connection.
Default: 100

server_pipe_name

Unix socket to listen on.
Default: /var/run/zarafa

server_name

Unique name for identifying the server in a multi-server environment.
Default: Zarafa

server_hostname

DNS name of the server. This is used for the Kerberos single sign-on environment. If empty (default), the FQDN or hostname will be used.
Default:

database_engine

The database engine to use. Values can be:
mysql

Use MySQL.

Default: mysql

allow_local_users

Named Unix users which connect through the unix socket (server_pipe_name) which are added here, those users will become the internal SYSTEM user in Zarafa, and have administrative rights. Normally, this is only 'root', so the unix root user can use the zarafa-admin tool. You can add a generic user to be used by the zarafa-dagent here. This user is most likely called 'vmail'. Note that the field is SPACE separated.
Default: root

system_email_address

This is the e-mail address of the SYSTEM user. When people receive mail from the quota monitor, or receive fallback deliveries from the zarafa-dagent, the From email address is this field. You might want to change this field so people can reply to this address.
Default: postmaster@localhost

run_as_user

After correctly starting, the server process will become this user, dropping root privileges. Note that the log file needs to be writeable by this user, and the directory too to create new logfiles after logrotation. This can also be achieved by setting the correct group and permissions.
Default value is empty, not changing the user after starting.

run_as_group

After correctly starting, the server process will become this group, dropping root privileges.
Default value is empty, not changing the group after starting.

pid_file

Write the process ID number to this file. This is used by the init.d script to correctly stop/restart the service.
Default: /var/run/zarafa-server.pid

running_path

Change directory to this path when running in daemonize mode. When using the -F switch to run in the foreground the directory will not be changed.
Default: /

session_timeout

The session timeout specifies how many seconds must elapse without any activity from a client before the server counts the session as dead. The client sends keepalive requests every 60 seconds, so the session timeout can never be below 60. In fact, if you specify a timeout below 300, 300 will be taken as the session timeout instead. This makes sure you can never timeout your session while the Zarafa client is running.
Setting the session timeout low will keep the session count and therefore the memory usage on the server low, but may also timeout sessions of client that have lost network connectivity temporarily. For example, some clients with powersaving modes will disable the ethernet card during the screensaver. When this happens, you must set the session_timeout to a value that is higher than the time that it takes for the network connection to come back. This could be anything ranging up to several hours.
Default: 300

session_ip_check

Normally, a session is linked to an IP-address, so this check is enabled. You may want to disable this check when you have laptop's which can get multiple ip-adresses through wired and wireless networks. It is highly recommended to leave this check enabled, since the session id can be used by other machines, and thus introduces a large security risc. Since version 6.20, the session id is 64 bits. Older versions use a 32 bit session id, so than the session is easier guessable.
Default: yes

hide_everyone

If this option is set to 'yes', the internal group Everyone (which always contains all users) will be hidden from the Global Addressbook. Thus, users will not be able to send e-mail to this group anymore, and also will not be able to set access rights on folders for this group. Administrators will still be able to see and use the group.
Default: no

hide_system

If this option is set to 'yes', the internal user SYSTEM will be hidden from the Global Addressbook. Thus, users will not be able to send e-mail to this user anymore. Administrators will still be able to see and use the user.
Default: no

thread_stacksize

This setting might be usefull on 32bit system with a lot of users. This setting should not be set too small, or your server will crash. The value set is in Kb.
Default: 512

EXPLANATION OF THE LOGGING SETTINGS PARAMETERS

log_method

The method which should be used for logging. Valid values are:
syslog

Use the Linux system log. All messages will be written to the mail facility. See also syslog.conf(5).

file

Log to a file. The filename will be specified in log_file.

Default: file

log_file

When logging to a file, specify the filename in this parameter. Use - (minus sign) for stderr output.
Default: -

log_level

The level of output for logging in the range from 0 to 5. 0 means no logging, 5 means full logging.
Default: 2

log_timestamp

Specify whether to prefix each log line with a timestamp in 'file' logging mode.
Default: 1

EXPLANATION OF THE MYSQL SETTINGS PARAMETERS

mysql_host

The hostname of the MySQL server to use.
Default: localhost

mysql_port

The port of the MySQL server to use.
Default: 3306

mysql_user

The user under which we connect with MySQL.
Default: root

mysql_password

The password to use for MySQL. Leave empty for no password.
Default:

mysql_database

The MySQL database to connect to.
Default: zarafa

attachment_storage

The location where attachments are stored. This can be in the MySQL database, or as separate files. The drawback of 'database' is that the large data of attachment will push usefull data from the MySQL cache. The drawback of separate files is that a mysqldump is not enough for a full disaster recovery.
Default: database

attachment_path

When the attachment_storage option is 'files', this option sets the location of the attachments on disk. Note that the server runs as the 'run_as_user' user and 'run_as_group' group, which will require write access to this directory.
Default: /var/lib/zarafa

attachment_compression

When the attachment_storage option is 'files', this option controls the compression level for the attachments. Higher compression levels will compress data better, but at the cost of CPU usage. Lower compression levels will require less CPU but will compress data less. Setting the compression level to 0 will effectively disable compression completely.
Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal.
Set to 0 to disable compression completely. The maximum compression level is 9
Default: 6

EXPLANATION OF THE SSL SETTINGS PARAMETERS

server_ssl_enabled

Enable direct SSL connections. When this option is enabled, you must set the following ssl options correctly, otherwise the server may or will not start.
Default: no

server_ssl_port

The portnumber to accept SSL connections on.
Default: 237

server_ssl_key_file

The file containing the private key and certificate. Please read the SSL section in the zarafa-server(1) manual on how to create this file.
Default: /etc/zarafa/ssl/server.pem

server_ssl_key_pass

Enter you password here when your key file contains a password to be readable.
No default set.

server_ssl_ca_file

The CA file which was used to sign client SSL certificates. This CA will be trusted. This value must be set for clients to login with an SSL Key. Their public key must be present in the sslkeys_path directory.
No default set.

server_ssl_ca_path

When you have multiple CA's to trust, you may use this option. Set this to a directory which contains all your trusted CA certificates. The name of the certificate needs to be the hash of the certificate. You can get the hash value of the certificate with the following command:

openssl x509 -hash -noout -in cacert.pem
Create a symbolic link to the certificate with the hashname like this:

ln -s cacert.pem `openssl x509 -hash -noout -in cacert.pem`.0
If you have several certificates which result in the same hash, use .1, .2, etc. in the end of the filename.
No default set.

sslkeys_path

The path which contains public keys of clients which can login over SSL using their key. Please read the SSL section in the zarafa-server(1) manual on how to create these files.
Default: /etc/zarafa/sslkeys

EXPLANATION OF THE THREADING PARAMETERS

threads

Number of server threads
Default: 8

watchdog_frequency

Watchdog frequency. The number of watchdog checks per second.
Default: 1

watchdog_max_age

Watchdog max age. The maximum age in ms of a task before a new thread is started.
Default: 500

server_max_keep_alive_requests

Maximum SOAP keep_alive value
Default: 100

server_recv_timeout

SOAP recv timeout value
Default: 5

server_send_timeout

SOAP send timeout value
Default: 60

EXPLANATION OF THE OTHER SETTINGS PARAMETERS

softdelete_lifetime

Softdelete clean cycle, in days. 0 means never. Items older than this setting will be removed from the database.
Default: 0

sync_lifetime

Synchronization clean cycle, in days. 0 means never. Synchronizations older than this setting will be removed from the database.
Default: 365

sync_log_all_changes

Normally changes to messages inside folders which no user is syncing from are not logged to the database as optimization. In some scenarios (i.e. when using BlackBerry synchronization) it is important for all changes to be logged regardless of the number of listeners to these changes.
Setting this value to yes will cause slightly more database traffic and the value no will be the correct for most installations.
Default: no

enable_sso

When you configured your system for single sign-on, you can enable this by setting the value to yes. The server can autodetect between NTLM and Kerberos. For NTLM authentication you will need the ntlm_auth program from Samba. Please see the server installation manual on howto enable your system for single sign-on.
Default: no

enable_gab

Enables viewing of the Global Address Book (GAB) by users. Disabling the GAB will show an empty list in the GAB, which may be required for some installations. Resolving addresses is not affected by this option.
Users with administrator rights are also not affected by this option and always have access to the GAB.
Default: yes

auth_method

Authentication is normally done in the user plugin. In case your plugin cannot provide the authentication, you may set this to pam, and set the pam_service to authenticate through pam. Another choice is kerberos. The user password will be verified using the kerberos service. Note that is not a single-signon method, since the server requires the user password.
Default: plugin

pam_service

This is the pam service name. Pam services can be found in /etc/pam.d/.
Default: passwd

EXPLANATION OF THE CACHE SETTINGS PARAMETERS

cache_cell_size

Size in bytes of the cell cache. This is the main cache used in Zarafa. It caches all data that comes into view in tables (ie the view of your inbox, or any other folder). In an ideal situation, all cells would be cached, so that the database does not need to be queried for data when browsing through folders, but this would require around 1.5K per message item (e-mail, appointment task, etc) in the entire server. If you can afford it, set this value as high as possible, up to 50% of your total RAM capacity. Make sure this doesn't lead to swapping though.
Default: 16777216 (16 Mb)

cache_object_size

This caches objects and their respective hierarchy of folders. You can calculate the size with a simple equation:
concurrent users * max items in a folder * 24
Default: 5242880 (5 Mb)

cache_indexedobject_size

This cache contains unique id's of objects. This cache is used twice, also by the index2 cache, which is the inverse of the index1 cache.
Default: 16777216 (16 Mb)

cache_quota_size

This cache contains quota values of users.
Default: 1048576 (1 Mb)

cache_quota_lifetime

This sets the lifetime for quota details inside the cache. If quota details weren't queried during this period it is removed from the cache making room for more often requested quota details.
Default: 1 (1 minute)

cache_acl_size

This cache contains Access Control List values. Folders who are opened in other stores than your own are listed in the ACL table, and will be cached.
Default: 1048576 (1 Mb)

cache_store_size

This cache contains store id values.
Default: 1048576 (1 Mb)

cache_user_size

This cache contains user id values. This cache is used twice, also by the externid cache, which is the inverse of this cache.
Default: 1048576 (1 Mb)

cache_userdetails_size

This cache contains the details of users.
Default: 1048576 (1 Mb)

cache_userdetails_lifetime

This sets the lifetime for user details inside the cache. If user details weren't queried during this period it is removed from the cache making room for more often requested user details.
Default: 5 (5 minutes)

cache_server_size

This cache contains server locations. This cache is only used in multiserver mode.
Default: 1048576 (1 Mb)

EXPLANATION OF THE QUOTA SETTINGS PARAMETERS

quota_warn

Size in Mb of de default quota warning level. Use 0 to disable this quota level.
Default: 0

quota_soft

Size in Mb of de default quota soft level. Use 0 to disable this quota level.
Default: 0

quota_hard

Size in Mb of de default quota hard level. Use 0 to disable this quota level.
Default: 0

EXPLANATION OF THE USER PLUGIN SETTINGS PARAMETERS

plugin_path

The location of the Zarafa plugin directory.
Default: /usr/lib/zarafa

user_plugin

The source of the user base. Possible values are:
db

Retrieve the users from the Zarafa database. Use the zarafa-admin tool to create users and groups. There are no additional settings for this plugin.

ldap

Retrieve the users and groups information from an LDAP server. All additional LDAP settings are set in a separate config file, which will be defined by the user_plugin_config. See also zarafa-ldap.cfg(5).

unix

Retrieve the users and groups information from the Linux password files. User information will be read the /etc/passwd file. Passwords will be checked agains /etc/shadow. Group information will read from /etc/group. Use the zarafa-admin(1) tool to set Zarafa specific attributes on a user.
All additional Unix settings are set in a separate config file, which will be defined by the user_plugin_config. See also zarafa-unix.cfg(5) .

Default: db

createuser_script, deleteuser_script, creategroup_script, deletegroup_script, createcompany_script, deletecompany_script

These scripts are called by the server when the external user source, like LDAP, is different from the users, groups and companies which are known to Zarafa. The script uses a environment variable to see which user, group or company is affected. The following parameter is used for the script:
createuser_script

ZARAFA_USER contains the new username. The script should atleast call zarafa-admin --create-store "${ZARAFA_USER}" to correctly create the store for the new user.
Default: /etc/zarafa/userscripts/createuser

deleteuser_script

ZARAFA_STOREID contains the old id of the store of the removed user.
Default: /etc/zarafa/userscripts/deleteuser

creategroup_script

ZARAFA_GROUP contains the new groupname. No action is currently needed by the script.
Default: /etc/zarafa/userscripts/creategroup

deletegroup_script

ZARAFA_GROUPID contains the old id of the group. No action is currently needed by the script.
Default: /etc/zarafa/userscripts/deletegroup

createcompany_script

ZARAFA_COMPANY contains the new companyname. No action is currently needed by the script.
Default: /etc/zarafa/userscripts/createcompany

deletecompany_script

ZARAFA_COMPANYID contains the old id of the company. No action is currently needed by the script.
Default: /etc/zarafa/userscripts/deletecompany

user_safe_mode

If enabled, the zarafa server will only log when create, delete and move actions are done on an user object. This might be useful when you are testing changes to your plugin configuration.
Default: no

EXPLANATION OF MISCELLEANIOUS PARAMETERS

enable_hosted_zarafa

Enable multi-company environment
When set to true it is possible to create companies within the zarafa instance and assign all users and groups to particular companies.
When set to false, the normal single-company environment is created.
Default: false

enable_distributed_zarafa

Enable multi-server environment
When set to true it is possible to place users and companies on specific servers.
When set to false, the normal single-server environment is created.
Default: false

storename_format

Display format of store name
Allowed variables:
%u

Username

%f

Fullname

%c

Companyname

Default: %f

loginname_format

Loginname format (for multi-company installations). When the user does not login through a system-wide unique username (like the email address) a unique name has created by combining the username and the companyname. With the this configuration option you can set how the loginname should be build up.
Allowed variables:
%u

Username

%c

Companyname

Default: %u

client_update_enabled

Enable client updates
You can place the Zarafa Outlook Client installer in the client_update_path directory, and enable this option. Windows clients which have the automatic updater program installed will be able to download the latest client from the Zarafa server.
Default: false

client_update_path

This is the path where you will place the Zarafa Outlook Client MSI install program for Windows clients to download. You need the client_update_enabled option set to true for clients to actually download this file through the Zarafa server.
Default: /var/lib/zarafa/client

index_services_enabled

Use Indexing service for faster searching. Enabling this option requires the zarafa-indexer(1) service to be running.
Default: no

index_services_path

Path to the zarafa-indexer(1) service, this option is only required if the server is going to make use of the indexing service.
Default: /var/run/zarafa-indexer

enable_enhanced_ics

Allow enhanced ICS operations to speedup synchronization with cached profiles. This options should also be enabled when the index_sync_stream option is set in zarafa-indexer.cfg(5).
Default: yes

RELOADING

The following options are reloadable by sending the zarafa-server process a HUP signal:

log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth

quota_warn, quota_soft, quota_hard

createuser_script, deleteuser_script, creategroup_script, deletegroup_script

FILES

/etc/zarafa/server.cfg

The server configuration file.

/etc/zarafa/ldap.cfg

The Zarafa LDAP user plugin configuration file.

/etc/zarafa/unix.cfg

The Zarafa Unix user plugin configuration file.

AUTHOR

Written by Zarafa.

SEE ALSO

zarafa-server(1) zarafa-ldap.cfg(5) zarafa-unix.cfg(5)