1ZARAFA-SERVER.CFG(5) Zarafa user reference ZARAFA-SERVER.CFG(5)
2
6 zarafa-server.cfg - The Zarafa configuration file
7
9 server.cfg
10
12 The server.cfg is a configuration file for the zarafa-server process.
13 server.cfg contains instructions for the software to set up the
14 database environment, logging system and license.
15
17 The file consists of one big section, but parameters can be grouped by
18 functionality.
19 The parameters are written in the form:
21 name = value
23 The file is line-based. Each newline-terminated line represents either
25 a comment, nothing, a parameter or a directive. A line beginning with
26 `#´ is considered a comment, and will be ignored by Zarafa. Parameter
27 names are case sensitive. Lines beginning with `!´ are directives.
28 Directives are written in the form:
30 !directive [argument(s)]
32 The following directives exist:
34 include
36 Include and process argument
37 Example: !include common.cfg
39
41 server_bind
42 IP address to bind to. 0.0.0.0 for any address. Keep in mind that
43 both Webaccess and Outlook should be able to connect. The Webaccess
44 normally connects on 127.0.0.1, and Outlook over the network.
45 Default: 0.0.0.0
47 server_tcp_enabled
49 Enable direct TCP connections.
50 Default: yes
52 server_tcp_port
54 Port to listen on.
55 Default: 236
57 server_pipe_enabled
59 Enable Unix pipe connections. Should not be disabled.
60 Default: yes
62 server_recv_timeout
64 TCP and SSL receive timeout in seconds. This is the time that a TCP
65 connection may be idle (between requests) before the TCP connection
66 is closed from the server. Settings this high makes it less
67 necessary for clients to re-connect, but increases the total number
68 of concurrent open sockets in the server. You normally needn´t
69 change the default value.
70 Default: 5
72 server_read_timeout
74 TCP and SSL read timeout in seconds. The read timeout is the amount
75 of time that the server will wait to read more data from a socket,
76 after processing of the request has started. This needn´t be
77 changed in most cases.
78 Default: 60
80 server_send_timeout
82 TCP and SSL send timeout in seconds. The send timeout is the amount
83 of time that the server will wait to write data to a socket,
84 analogous to server_read_timeout.
85 Default: 60
87 server_max_keep_alive_requests
89 Limits the number of requests allowed per connection.
90 Default: 100
92 server_pipe_name
94 Unix socket to listen on.
95 Default: /var/run/zarafa
97 server_name
99 Unique name for identifying the server in a multi-server
100 environment.
101 Default: Zarafa
103 server_hostname
105 DNS name of the server. This is used for the Kerberos single
106 sign-on environment. If empty (default), the FQDN or hostname will
107 be used.
108 Default:
110 database_engine
112 The database engine to use. Values can be:
113 mysql
115 Use MySQL.
116 Default: mysql
118 allow_local_users
120 Named Unix users which connect through the unix socket
121 (server_pipe_name) which are added here, those users will become
122 the internal SYSTEM user in Zarafa, and have administrative rights.
123 Normally, this is only ´root´, so the unix root user can use the
124 zarafa-admin tool. You can add a generic user to be used by the
125 zarafa-dagent here. This user is most likely called ´vmail´. Note
126 that the field is SPACE separated.
127 Default: root
129 system_email_address
131 This is the e-mail address of the SYSTEM user. When people receive
132 mail from the quota monitor, or receive fallback deliveries from
133 the zarafa-dagent, the From email address is this field. You might
134 want to change this field so people can reply to this address.
135 Default: postmaster@localhost
137 run_as_user
139 After correctly starting, the server process will become this user,
140 dropping root privileges. Note that the log file needs to be
141 writeable by this user, and the directory too to create new
142 logfiles after logrotation. This can also be achieved by setting
143 the correct group and permissions.
144 Default value is empty, not changing the user after starting.
146 run_as_group
148 After correctly starting, the server process will become this
149 group, dropping root privileges.
150 Default value is empty, not changing the group after starting.
152 pid_file
154 Write the process ID number to this file. This is used by the
155 init.d script to correctly stop/restart the service.
156 Default: /var/run/zarafa-server.pid
158 running_path
160 Change directory to this path when running in daemonize mode. When
161 using the -F switch to run in the foreground the directory will not
162 be changed.
163 Default: /
165 session_timeout
167 The session timeout specifies how many seconds must elapse without
168 any activity from a client before the server counts the session as
169 dead. The client sends keepalive requests every 60 seconds, so the
170 session timeout can never be below 60. In fact, if you specify a
171 timeout below 300, 300 will be taken as the session timeout
172 instead. This makes sure you can never timeout your session while
173 the Zarafa client is running.
174 Setting the session timeout low will keep the session count and
176 therefore the memory usage on the server low, but may also timeout
177 sessions of client that have lost network connectivity temporarily.
178 For example, some clients with powersaving modes will disable the
179 ethernet card during the screensaver. When this happens, you must
180 set the session_timeout to a value that is higher than the time
181 that it takes for the network connection to come back. This could
182 be anything ranging up to several hours.
183 Default: 300
185 session_ip_check
187 Normally, a session is linked to an IP-address, so this check is
188 enabled. You may want to disable this check when you have laptop´s
189 which can get multiple ip-adresses through wired and wireless
190 networks. It is highly recommended to leave this check enabled,
191 since the session id can be used by other machines, and thus
192 introduces a large security risc. Since version 6.20, the session
193 id is 64 bits. Older versions use a 32 bit session id, so then the
194 session is easier guessable.
195 Default: yes
197 hide_everyone
199 If this option is set to ´yes´, the internal group Everyone (which
200 always contains all users) will be hidden from the Global
201 Addressbook. Thus, users will not be able to send e-mail to this
202 group anymore, and also will not be able to set access rights on
203 folders for this group. Administrators will still be able to see
204 and use the group.
205 Default: no
207 hide_system
209 If this option is set to ´yes´, the internal user SYSTEM will be
210 hidden from the Global Addressbook. Thus, users will not be able to
211 send e-mail to this user anymore. Administrators will still be able
212 to see and use the user.
213 Default: no
215 thread_stacksize
217 This setting might be usefull on 32bit system with a lot of users.
218 This setting should not be set too small, or your server will
219 crash. The value set is in Kb.
220 Default: 512
222 license_socket
224 Path to the zarafa-licensed(1) service.
225 Default: /var/run/zarafa-licensed
227 license_timeout
229 Time (in seconds) to wait for a connection to the zarafa-
230 licensed(1) before terminating the request.
231 Default: 10
233
235 log_method
236 The method which should be used for logging. Valid values are:
237 syslog
239 Use the Linux system log. All messages will be written to the
240 mail facility. See also syslog.conf(5).
241 file
243 Log to a file. The filename will be specified in log_file.
244 Default: file
246 log_file
248 When logging to a file, specify the filename in this parameter. Use
249 - (minus sign) for stderr output.
250 Default: -
252 log_level
254 The level of output for logging in the range from 0 to 5. 0 means
255 no logging, 5 means full logging.
256 Default: 2
258 log_timestamp
260 Specify whether to prefix each log line with a timestamp in ´file´
261 logging mode.
262 Default: 1
264
266 audit_log_enabled
267 Whether the security logging feature should be enabled.
268 Default: no
270 audit_log_method
272 The method which should be used for logging. Valid values are:
273 syslog
275 Use the Linux system log. All messages will be written to the
276 authpriv facility. See also syslog.conf(5).
277 file
279 Log to a file. The filename will be specified in log_file.
280 Default: syslog
282 audit_log_file
284 When logging to a file, specify the filename in this parameter. Use
285 - (minus sign) for stderr output.
286 Default: -
288 audit_log_level
290 The level of output for logging in the range from 0 to 1. 0 means
291 no logging, 1 means full logging.
292 Default: 1
294 audit_log_timestamp
296 Specify whether to prefix each log line with a timestamp in ´file´
297 logging mode.
298 Default: 1
300
302 mysql_host
303 The hostname of the MySQL server to use.
304 Default: localhost
306 mysql_port
308 The port of the MySQL server to use.
309 Default: 3306
311 mysql_user
313 The user under which we connect with MySQL.
314 Default: root
316 mysql_password
318 The password to use for MySQL. Leave empty for no password.
319 Default:
321 mysql_socket
323 The socket of the MySQL server to use. This option can be used to
324 override the default mysql socket. To use the socket, the
325 mysql_host value must be empty or ´localhost´
326 Default:
328 mysql_database
330 The MySQL database to connect to.
331 Default: zarafa
333 mysql_group_concat_max_len
335 The group_concat_max_len used to set for MySQL. If you have large
336 distribution lists (more than 150 members), it is useful to set
337 this value higher. On the other hand, some MySQL versions are known
338 to break with a value higher than 21844.
339 Default: 21844
341 attachment_storage
343 The location where attachments are stored. This can be in the MySQL
344 database, or as separate files. The drawback of ´database´ is that
345 the large data of attachment will push usefull data from the MySQL
346 cache. The drawback of separate files is that a mysqldump is not
347 enough for a full disaster recovery.
348 Default: database
350 attachment_path
352 When the attachment_storage option is ´files´, this option sets the
353 location of the attachments on disk. Note that the server runs as
354 the ´run_as_user´ user and ´run_as_group´ group, which will require
355 write access to this directory.
356 Default: /var/lib/zarafa
358 attachment_compression
360 When the attachment_storage option is ´files´, this option controls
361 the compression level for the attachments. Higher compression
362 levels will compress data better, but at the cost of CPU usage.
363 Lower compression levels will require less CPU but will compress
364 data less. Setting the compression level to 0 will effectively
365 disable compression completely.
366 Changing the compression level, or switching it on or off, will not
368 affect any existing attachments, and will remain accessible as
369 normal.
370 Set to 0 to disable compression completely. The maximum compression
372 level is 9
373 Default: 6
375
377 server_ssl_enabled
378 Enable direct SSL connections. When this option is enabled, you
379 must set the following ssl options correctly, otherwise the server
380 may or will not start.
381 Default: no
383 server_ssl_port
385 The portnumber to accept SSL connections on.
386 Default: 237
388 server_ssl_key_file
390 The file containing the private key and certificate. Please read
391 the SSL section in the zarafa-server(1) manual on how to create
392 this file.
393 Default: /etc/zarafa/ssl/server.pem
395 server_ssl_key_pass
397 Enter you password here when your key file contains a password to
398 be readable.
399 No default set.
401 server_ssl_ca_file
403 The CA file which was used to sign client SSL certificates. This CA
404 will be trusted. This value must be set for clients to login with
405 an SSL Key. Their public key must be present in the sslkeys_path
406 directory.
407 No default set.
409 server_ssl_ca_path
411 When you have multiple CA´s to trust, you may use this option. Set
412 this to a directory which contains all your trusted CA
413 certificates. The name of the certificate needs to be the hash of
414 the certificate. You can get the hash value of the certificate with
415 the following command:
416 openssl x509 -hash -noout -in cacert.pem
419 Create a symbolic link to the certificate with the hashname like
421 this:
422 ln -s cacert.pem `openssl x509 -hash -noout -in cacert.pem`.0
425 If you have several certificates which result in the same hash, use
427 .1, .2, etc. in the end of the filename.
428 No default set.
430 sslkeys_path
432 The path which contains public keys of clients which can login over
433 SSL using their key. Please read the SSL section in the zarafa-
434 server(1) manual on how to create these files.
435 Default: /etc/zarafa/sslkeys
437
439 threads
440 Number of server threads.
441 Default: 8
443 watchdog_frequency
445 Watchdog frequency. The number of watchdog checks per second.
446 Default: 1
448 watchdog_max_age
450 Watchdog max age. The maximum age in ms of a task before a new
451 thread is started.
452 Default: 500
454 server_max_keep_alive_requests
456 Maximum SOAP keep_alive value.
457 Default: 100
459 server_recv_timeout
461 SOAP recv timeout value.
462 Default: 5
464 server_send_timeout
466 SOAP send timeout value.
467 Default: 60
469
471 softdelete_lifetime
472 Softdelete clean cycle, in days. 0 means never. Items older than
473 this setting will be removed from the database.
474 Default: 0
476 sync_lifetime
478 Synchronization clean cycle, in days. 0 means never.
479 Synchronizations older than this setting will be removed from the
480 database.
481 Default: 365
483 sync_log_all_changes
485 Normally changes to messages inside folders which no user is
486 syncing from are not logged to the database as optimization. In
487 some scenarios (i.e. when using BlackBerry synchronization) it is
488 important for all changes to be logged regardless of the number of
489 listeners to these changes.
490 Setting this value to yes will cause slightly more database traffic
492 and the value no will be the correct for most installations.
493 Default: no
495 enable_sso
497 When you configured your system for single sign-on, you can enable
498 this by setting the value to yes. The server can autodetect between
499 NTLM and Kerberos. For NTLM authentication you will need the
500 ntlm_auth program from Samba. Please see the server installation
501 manual on howto enable your system for single sign-on.
502 Default: no
504 enable_gab
506 Enables viewing of the Global Address Book (GAB) by users.
507 Disabling the GAB will show an empty list in the GAB, which may be
508 required for some installations. Resolving addresses is not
509 affected by this option.
510 Users with administrator rights are also not affected by this
512 option and always have access to the GAB.
513 Default: yes
515 auth_method
517 Authentication is normally done in the user plugin. In case your
518 plugin cannot provide the authentication, you may set this to pam,
519 and set the pam_service to authenticate through pam. Another choice
520 is kerberos. The user password will be verified using the kerberos
521 service. Note that is not a single-signon method, since the server
522 requires the user password.
523 Default: plugin
525 pam_service
527 This is the pam service name. Pam services can be found in
528 /etc/pam.d/.
529 Default: passwd
531 max_deferred_records
533 The server has a list of deferred writes to the tproperties table,
534 to improve overall I/O performance. The number of deferred writes
535 is kept below this value; setting it high will allow writes to be
536 more efficient by grouping more writes together, but may slow down
537 reading, and setting it low will force writes to complete directly,
538 but speed up reading of tables.
539 Default: 0 (off)
541 max_deferred_records_folder
543 Same as the max_deferred_records variable, but per folder instead
544 of total.
545 Default: 20
547 disabled_features
549 In this list you can disable certain features for users. Normally
550 all features are enabled for all users, making it possible through
551 the user plugin to disable specific features for specific users. To
552 set the default of a feature to disabled, add it here to the list,
553 making it possible through the user plugin to enable a specific
554 user for specific users.
555 This list is space separated, and currently may contain the
557 following features: imap, pop3.
558 Default: imap pop3
560
562 cache_cell_size
563 Size in bytes of the cell cache. This is the main cache used in
564 Zarafa. It caches all data that comes into view in tables (ie the
565 view of your inbox, or any other folder). In an ideal situation,
566 all cells would be cached, so that the database does not need to be
567 queried for data when browsing through folders, but this would
568 require around 1.5K per message item (e-mail, appointment task,
569 etc) in the entire server. If you can afford it, set this value as
570 high as possible, up to 50% of your total RAM capacity. Make sure
571 this doesn´t lead to swapping though.
572 Default: 16777216 (16 Mb)
574 cache_object_size
576 This caches objects and their respective hierarchy of folders. You
577 can calculate the size with a simple equation:
578 concurrent users * max items in a folder * 24
580 Default: 5242880 (5 Mb)
582 cache_indexedobject_size
584 This cache contains unique id´s of objects. This cache is used
585 twice, also by the index2 cache, which is the inverse of the index1
586 cache.
587 Default: 16777216 (16 Mb)
589 cache_quota_size
591 This cache contains quota values of users.
592 Default: 1048576 (1 Mb)
594 cache_quota_lifetime
596 This sets the lifetime for quota details inside the cache. If quota
597 details weren´t queried during this period it is removed from the
598 cache making room for more often requested quota details. Set to 0
599 to never expire, or -1 to disable this cache.
600 Default: 1 (1 minute)
602 cache_acl_size
604 This cache contains Access Control List values. Folders who are
605 opened in other stores than your own are listed in the ACL table,
606 and will be cached.
607 Default: 1048576 (1 Mb)
609 cache_store_size
611 This cache contains store id values.
612 Default: 1048576 (1 Mb)
614 cache_user_size
616 This cache contains user id values. This cache is used twice, also
617 by the externid cache, which is the inverse of this cache.
618 Default: 1048576 (1 Mb)
620 cache_userdetails_size
622 This cache contains the details of users.
623 Default: 1048576 (1 Mb)
625 cache_userdetails_lifetime
627 This sets the lifetime for user details inside the cache. If user
628 details weren´t queried during this period it is removed from the
629 cache making room for more often requested user details. Set to 0
630 to never expire, or -1 to disable this cache.
631 Default: 5 (5 minutes)
633 cache_server_size
635 This cache contains server locations. This cache is only used in
636 multiserver mode.
637 Default: 1048576 (1 Mb)
639 cache_server_lifetime
641 This sets the lifetime for server location details inside the
642 cache. If server details weren´t queried during this period it is
643 removed from the cache making room for more often requested server
644 details. Set to 0 to never expire, or -1 to disable this cache.
645 Default: 30 (30 minutes)
647
649 quota_warn
650 Size in Mb of de default quota warning level. Use 0 to disable this
651 quota level.
652 Default: 0
654 quota_soft
656 Size in Mb of de default quota soft level. Use 0 to disable this
657 quota level.
658 Default: 0
660 quota_hard
662 Size in Mb of de default quota hard level. Use 0 to disable this
663 quota level.
664 Default: 0
666
668 plugin_path
669 The location of the Zarafa plugin directory.
670 Default: /usr/lib/zarafa
672 user_plugin
674 The source of the user base. Possible values are:
675 db
677 Retrieve the users from the Zarafa database. Use the
678 zarafa-admin tool to create users and groups. There are no
679 additional settings for this plugin.
680 ldap
682 Retrieve the users and groups information from an LDAP server.
683 All additional LDAP settings are set in a separate config file,
684 which will be defined by the user_plugin_config. See also
685 zarafa-ldap.cfg(5).
686 unix
688 Retrieve the users and groups information from the Linux
689 password files. User information will be read the /etc/passwd
690 file. Passwords will be checked agains /etc/shadow. Group
691 information will read from /etc/group. Use the zarafa-admin(1)
692 tool to set Zarafa specific attributes on a user.
693 All additional Unix settings are set in a separate config file,
695 which will be defined by the user_plugin_config. See also
696 zarafa-unix.cfg(5) .
697 Default: db
699 createuser_script, deleteuser_script, creategroup_script,
701 deletegroup_script, createcompany_script, deletecompany_script
702 These scripts are called by the server when the external user
703 source, like LDAP, is different from the users, groups and
704 companies which are known to Zarafa. The script uses a environment
705 variable to see which user, group or tenant is affected. The
706 following parameter is used for the script:
707 createuser_script
709 ZARAFA_USER contains the new username. The script should at
710 least call zarafa-admin --create-store "${ZARAFA_USER}" to
711 correctly create the store for the new user.
712 Default: /etc/zarafa/userscripts/createuser
714 deleteuser_script
716 ZARAFA_STOREID contains the old id of the store of the removed
717 user.
718 Default: /etc/zarafa/userscripts/deleteuser
720 creategroup_script
722 ZARAFA_GROUP contains the new groupname. No action is currently
723 needed by the script.
724 Default: /etc/zarafa/userscripts/creategroup
726 deletegroup_script
728 ZARAFA_GROUPID contains the old id of the group. No action is
729 currently needed by the script.
730 Default: /etc/zarafa/userscripts/deletegroup
732 createcompany_script
734 ZARAFA_COMPANY contains the new companyname. No action is
735 currently needed by the script.
736 Default: /etc/zarafa/userscripts/createcompany
738 deletecompany_script
740 ZARAFA_COMPANYID contains the old id of the company. No action
741 is currently needed by the script.
742 Default: /etc/zarafa/userscripts/deletecompany
744 user_safe_mode
746 If enabled, the zarafa server will only log when create, delete and
747 move actions are done on an user object. This might be useful when
748 you are testing changes to your plugin configuration.
749 Default: no
751
753 enable_hosted_zarafa
754 Enable multi-tenancy environment.
755 When set to true it is possible to create companies within the
757 zarafa instance and assign all users and groups to particular
758 companies.
759 When set to false, the normal single-tenancy environment is
761 created.
762 Default: false
764 enable_distributed_zarafa
766 Enable multi-server environment.
767 When set to true it is possible to place users and companies on
769 specific servers.
770 When set to false, the normal single-server environment is created.
772 Default: false
774 storename_format
776 Display format of store name.
777 Allowed variables:
779 %u
781 Username
782 %f
784 Fullname
785 %c
787 Companyname
788 Default: %f
790 loginname_format
792 Loginname format (for multi-tenancy installations). When the user
793 does not login through a system-wide unique username (like the
794 email address) a unique name has created by combining the username
795 and the tenancyname. With the this configuration option you can set
796 how the loginname should be build up.
797 Allowed variables:
799 %u
801 Username
802 %c
804 Companyname
805 Default: %u
807 client_update_enabled
809 Enable client updates.
810 You can place the Zarafa Outlook Client installer in the
812 client_update_path directory, and enable this option. Windows
813 clients which have the automatic updater program installed will be
814 able to download the latest client from the Zarafa server.
815 Default: false
817 client_update_path
819 This is the path where you will place the Zarafa Outlook Client MSI
820 install program for Windows clients to download. You need the
821 client_update_enabled option set to true for clients to actually
822 download this file through the Zarafa server.
823 Default: /var/lib/zarafa/client
825 index_services_enabled
827 Use Indexing service for faster searching. Enabling this option
828 requires the zarafa-indexer(1) service to be running.
829 Default: no
831 index_services_path
833 Path to the zarafa-indexer(1) service, this option is only required
834 if the server is going to make use of the indexing service.
835 Default: /var/run/zarafa-indexer
837 index_services_search_timeout
839 Time (in seconds) to wait for a connection to the zarafa-indexer(1)
840 before terminating the indexed search request.
841 Default: 10
843 enable_enhanced_ics
845 Allow enhanced ICS operations to speedup synchronization with
846 cached profiles. This options should also be enabled when the
847 index_sync_stream option is set in zarafa-indexer.cfg(5).
848 Default: yes
850 folder_max_items
852 Limits the amount of items (messages or folders) in a single
853 folder. This makes sure that the server will not attempt to load
854 folders that are so large that it would require huge amounts of
855 memory just to show the data. In practice, folders of over 1000000
856 items are usually created by runaway processes which are therefore
857 useless anyway.
858 Default: 1000000
860 sync_gab_realtime
862 When set to ´yes´, zarafa will synchronize the local user list
863 whenever a list of users is requested (eg during zarafa-admin -l or
864 when opening the addressbook). This was the default for zarafa
865 6.40.4 and earlier. When setting this value to ´no´,
866 synchronization will only occur during zarafa-admin --sync. This is
867 useful for setups which have large addressbooks (more than 1000
868 entries in the addressbook).
869 This option is forced to ´yes´ when using the ´db´ plugin since
871 synchronization is implicit in that case.
872 Default: yes
874 counter_reset
876 The counter_reset option forces a recount of items in the folder
877 each time a folder is opened. Although this is not strictly
878 necessary, it is a precaution to make sure that counters are always
879 correct. When enabled, this does incur a performance penalty,
880 especially on large (>50000 items) folders. Each time a
881 counter_reset found an incorrect item count, it increments the
882 system statistic counter_resyncs. If it is at 0 on your system,
883 then this option has had no effect except for slowing it down.
884 Default: yes
886
888 The following options are reloadable by sending the zarafa-server
889 process a HUP signal:
890 log_level, session_timeout, sync_lifetime, enable_sso_ntlmauth
892 quota_warn, quota_soft, quota_hard
894 createuser_script, deleteuser_script, creategroup_script,
896 deletegroup_script
897
899 /etc/zarafa/server.cfg
900 The server configuration file.
901 /etc/zarafa/ldap.cfg
903 The Zarafa LDAP user plugin configuration file.
904 /etc/zarafa/unix.cfg
906 The Zarafa Unix user plugin configuration file.
907
909 Written by Zarafa.
910
912 zarafa-server(1) zarafa-ldap.cfg(5) zarafa-unix.cfg(5)
913Zarafa 7.0 August 2011 ZARAFA-SERVER.CFG(5)