How to do an Open Directory Restore in Lion Server?

Lion Server on a Mac Mini was having issues when being rebooted. We've pulled the plug a few times in the past to bring it back up, An update was done last night to 10.7.5, then it hung on restart. Once it was hard reset, it hung on start, went into Safe Mode and everything came up, rebooted normally and Open Direcorty services won't start and all users are missing.
Never did a manual archive of OD with Server Admin, but have Time Machine backups going back a few weeks.
Is there anyway to just restore Open Directory? Can I use Server Admin to point to a TM backup and pull a file there? If so, what type of file am I looking for?

Hi,
actually this functionality does not work. The reason for this is that Forms9i is Web only and there is no functionality downloaded with the generic Java Applet. For the moment I filed an enhancement request to have this on our radar. Meanwhile, if you need thi sfunctionality you can help yourself by writing a PJC that opens a dialog and performs the action that you want to.
Frank
Forms Product Management

Similar Messages

How to turn off Open Directory in OS X Server 10.8.2

I am configuring a MacPro with ML Server 10.8.2 for internal-only use. I have DNS working on it (with the annoyance that it goes out of its way to break wildcard host names, and it doesn't know how to properly create the zone files to allow a secondary DNS server to do reverse-name-lookups properly). I have only 2 users (admin and Time Machine), Time Machine is working for client Macs using the Time Machine user account, and File Sharing is working (using either account), sharing a RAID of internal drives an a pair of USB-attached external drives.
I briefly turned on Open Directory, just to see if I wanted or needed to go that route. I entered an Open Directory admin (diradmin) with a password. Looked around the options and decided I did NOT need to use Open Directory just to get the Time Machine stuff working, and I was right.
However, now the Server App shows Open Directory is "On." When I go to that tab, I get a message stating that there was an error reading the settings file for Open Directory services. I click it "Off" but it refuses to turn off. When I come back to the tab, I get a pop-up window with a message about an error reading the settings and the Off/On switch moves back to "On" and the green light never goes off next to Open Directory in the list of services.
I've rebooted the machine and after the reboot, sometimes, it appears as if I can add/delete/modify Users and Groups. Other times, after the reboot, the +/- buttons are greyed out and I cannot add/edit/modify Users and Groups. I have not yet tried to add/delete/modify users yet because I'm leery of trusting the server with this error message.
Can anyone help me to remove anything and everything related to Open Directory so that it is "off" as if I never ever turned it on? Or any suggestions on how to fix this short of a reinstall?
Can I download and install the Server app on a differnt machine and then just copy the Server app over to this machine? Will that zero out the Open Directory stuf that I'm trying to get rid of?
Thanks in advance.

I think I solved my problem by running the following command:
sudo slapconfig -destroyldapserver diradmin
diradmin is the name of the Open Directory admin account I created.
The Open Directory Service now appears "off" and no longer had the green dot next to it in the list of services.
Obviously, NOT a good solution to someone who was actively using Open Directory as this appears to have deleted all the data associated with Open Directory.
Users and Groups now allow me to add/delete/modify.
Sad to see an Apple product have such issues.

Open Directory Usefulness for Home Server

I'm using Mountain Lion Server primarily as a web server, but as a retired tech writer/programmer I like to fool around with things in case I ever need to return to work. I set up the Open Directory master as part of the installation process, but I'm not sure how useful it is for me. When my site was hosted on Mobileme I got about 30 visits in a day max, and about 1 comment every year or two. So my questions are:
How useful is the Open Directory for me, and is there any point in keeping it turned on?
Is it useful for people outside of my LAN?
Any additional comments, or information are appreciated.

<bump>

How do I perform a clean install of Lion Server?

There seem to be many sites documenting how to pull out the ESD image and burn a bootable copy of Lion.
What I'd like to know is how do I perform a clean installation of Lion Server?
Is it possible to just install Lion and then open the App Store and install from Purchase without being charged again?

Okay....so Apple does have a guide related to Mass deployment which includes a rough way to do a clean OS X Server clean install. You need to use a NetBoot Lion Server as a boot, but it works.
http://support.apple.com/kb/HT4746
Use these steps to create a NetRestore image of an un-configured Lion Server:
Install OS X Lion, and then Lion Server. This server will be used to create the NetRestore image.
On the server, install the app named "Install Mac OS X Lion" from the Mac App Store (a network connection is required for this process).
Install the Server Admin Tools from http://support.apple.com/downloads/ on the server.
Open the "Install Mac OS X Lion" application, and install to an empty volume. This volume can be a spare partition or external hard drive. Be sure to click the Customize button and to select the Lion Server software.
Once installation is complete, the server will restart from the newly installed volume. Instead of completing the setup assistant, press Command-Q to quit the assistant.
Select the option to shut the server down.
Restart the server and hold the Option key.
When the Startup Manager appears, select the volume which you've already configured Lion Server on.
Open System Image Utility and create a NetRestore image from the newly installed (and still un-configured) volume. If you'd prefer to image the volume after it has already been configured, you can proceed with the setup assistant before booting back to the original installation created in step 1.

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!

try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system.

Viewing/disconnecting open file connections on Lion Server?

Has anyone found a way to view open file connections on Lion Server? With 10.6 Server Admin, you can view/disconnect open connections by protocol. I haven't been able to locate a way to do this in the new Server app or new version of Server Admin.

Hi kevinfromhunt,
Try sudo launchctl unload /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist
sudo serveradmin start afp
Suppose it would work with other services as well.
It worked for FileSharing for me.
It appears that 10.7 Lion doesn't unload properly and as it fails loading it cause it's already loaded it fails.
Good luck.
Beno

How to set up Open Directory Users with local home folders?

Hi folks,
i set up a Mac mini Server with the services DNS, DHCP, AFP and OpenDirectory running. Everything is working fine so far but i want my OpenDirectory Users to have their home folders locally on the clients harddisk. My Leopard clients are already bound to the directory but everytime i try to login the login window is shaking even when i use the Directory Administrator account. What am i doing wrong?
Thanks.

(Did you read my other reply? You need to make it a portable account for the caching of login credentials.)
With network homes and portable account enabled on a machine you always run from the locally stored homefolder on that machine.
This homefolder syncs with the server network home folder for that account.
If either of these folders get corrupt or unintentionally altered files (permission problems) somehow, there is risk of losing files, syncing problems and more (can take long time to sync at login/out, during even without corruption - I prefer gigabit cable to WiFi for this for obvious reasons).
You at least need to monitor storage space in both places. You don't want either to fill up the disk (worse on server because several users can have their folders corrupted at the same time). Working quota settings / account is probably a good thing.
And you probably need to decide what is synced : all folders or just some (and when / how often).
You either do this form the server (you decide) or let the user have some say or a mix of these two.
You might want to leave out the user's personal files (music, movies and such) and also depending on emaIl client used, maybe not sync email if the client saves it like Entourage does it, in big ever changing database files. Might be better to just backup the mailserver if IMAP based.
If a user puts other large files in their homefolder (often on the Desktop) they can fill up the server fast. DVD-projects anyone?
Mixing different versions server/client might not work too good either.
So having said that, when syncing works it can be really good and you can restore a machine/account fast with pretty recent data. You can if in a hurry even log in from another machine using the account network home folder, getting access to the synced folders/files.
Using Time Machine it's a one way "sync" (more like "duplicate changed and new files" - which I like) and you have to manually set TM settings on the client for what is going to be backed up and when. I do atleast don't know how to do it from/on the server. This "less intervention by the server" can be a good thing but if your users don't "behave" you might want to be in the drivers seat "saving them from themselves".
TM backups can grow fast and probably demands more user interaction when storage space is used up.
As with all "backup" configurations you probably want some rotating media backup of both network homes and/or TM backups so you can do a restore. Of these two, network homes are the more important one to backup "further".

Open directory restore

I have a file here I found after a server was upgraded and I am picking up the pieces.
It's running Lion, and before it was running Snow Leopard. I was unable to restore the OD because this file isn't a sparsebundle backup of the users, rather, it seems to be a simple list of the users...?
It's got all the properties there, but it's just not .. a sparsebundle..
On top of that the former admin moved most of the users' folders so I am having to move them back and fix Open directory after he quit.
I have all the user folders apparently, but I will need to get OD restored properly.
Thanks

Make sure you are clicking on the second file picker button by the "restore from" box. If you choose the archive box on top, you wont be able to pick the file. Also, make sure the archive file on the server ends with ".sparseimage" suffix. It should have been appended automatically when the archive was saved.
As a workaround, you can use the command line. Open Terminal, and run, "sudo slapconfig -mergedb <path-to-archive>" which is the same command the GUI uses.

How to turn off Open Directory?

How do I turn off Open Directory? In Server Admin.app, if I uncheck the Open Directory service and click 'save', it re-checks itself on.

In Lion, you have to install the server admin apps (server admin and workgroup manager - it's a separate download). Once you configure Server Admin to manage Open Directory, you can then demote the server to standalone from there.
Miles

HT3801 How do I remove Open directory services from primary MDC?

I configured my xSAN mdc as an open directory master but I don't need to manage users from the MDC. How do I turn off Open directory on my master mdc and replicas?
Thanks,
Tom

Hi
Launch Server Admin on your Replica. Select the server's name in the sidebar on the left. Select the Open Directory Service. Click on Settings and change the Role to Standalone.
Treat any other Replica you may have the same way.
Launch Server Admin on your Master. Select the server's name in the sidebar on the left. Select the Open Directory Service. Click on Settings and change the Role to Standalone.
Once you've demoted your OD Master to Standalone you will delete everything to do with the LDAP Database - users, groups, passwords etc but not home folders. If you have local users these won't be affected.
If for some reason you may want to revert back to users etc that were stored in the LDAP Database then back them up first using the usual methods available on the platform.
HTH?
Tony

How to test against Open Directory

Hi,
In my company we develop an LDAP client application.
A customer has asked us if we support Mac OS X Open Directory LDAP server. We support OpenLDAP servers, so I guess Open Directory should be supported too. But we need to be sure. The probem is that we don't own any Mac OS X Servers here.
Is there any way we could test this?. Thanks.

In Lion, you have to install the server admin apps (server admin and workgroup manager - it's a separate download). Once you configure Server Admin to manage Open Directory, you can then demote the server to standalone from there.
Miles

Creating Open Directory Replica fails with Server Admin Error Value 1127

Hallo,
I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
When executing
slapconfig -createreplica master.ourdomain.com diradmin
as root on the prospective replica machine, I get the following error message:
ssh command failed with status 127
That command is not allowed with the root account via public key authentication.
That makes perfect sense to me, but how is it meant to work then?
Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
root login is not permitted to this machine via public key authentication.
While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
Replica Setup failed : This machine does not have a valid computer name
I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
Thanks and bye, Christian Völker

ssh command failed with status 127
That command is not allowed with the root account via public key authentication.
Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
Then configure the /etc/sshd_config file on the OD master like this:
\# Authentication:
PermitRootLogin yes
PasswordAuthentication yes
PubkeyAuthentication no
and the /etc/ssh_config file on the OD replica like this:
PasswordAuthentication yes
PubkeyAuthentication no
Then from the OD replica as the 'root' user issue:
slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

RoundCube Webmail Authenticating against Open Directory on Mountain Lion 10.8.x

Hello all,
I've been battling this issue for over a month with no success. Here is what we got:
Mac Mini Server running Mountain Lion Server 10.8.2 running Calendar, Contacts, Mail and Web services.
With there being no webmail present I've gone thru the process of installing RoundCube.
I'm using Postgres as the database.
When I test the ability to login I get the following error messages in the console.app
10/12/12 10:13:27.071 AM log[182]: auth: Error: od(andrew,::1): Authentication server failed to complete the requested operation.
10/12/12 10:13:27.071 AM log[182]: auth: Error: od(andrew,::1): authentication failed for user=andrew, method=DIGEST-MD5
The first line I find the most interesting but have had no success determinign exactly what it means.
I'm using open directory to authenticate and it is working perfectly with every other service so I'm led to believe it's an issue between RoundCube and Open Directory.
ANY help would be appreciated emmensely!

Sorry about taking so long to get back on here working on this. I've switched over to MySQL. I had a hard time because mysql.sock was located under /tmp/ rather than /var/mysql/ but I fixed that by using the following command:
sudo ln -s /tmp/mysql.sock /var/mysql/mysql.sock
Then I reinstalled roundcube. Here is my main.inc.php file:
<?php
+-----------------------------------------------------------------------+
| Main configuration file                                               |
|                                                                       |
| This file is part of the Roundcube Webmail client                     |
| Copyright (C) 2005-2011, The Roundcube Dev Team                       |
|                                                                       |
| Licensed under the GNU General Public License version 3 or            |
| any later version with exceptions for skins & plugins.                |
| See the README file for a full license statement.                     |
|                                                                       |
+-----------------------------------------------------------------------+
$rcmail_config = array();
// LOGGING/DEBUGGING
// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
$rcmail_config['debug_level'] = 1;
// log driver: 'syslog' or 'file'.
$rcmail_config['log_driver'] = 'file';
// date format for log entries
// (read http://php.net/manual/en/function.date.php for all format characters)
$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
// Syslog ident string to use, if using the 'syslog' log driver.
$rcmail_config['syslog_id'] = 'roundcube';
// Syslog facility to use, if using the 'syslog' log driver.
// For possible values see installer or http://php.net/manual/en/function.openlog.php
$rcmail_config['syslog_facility'] = LOG_USER;
// Log sent messages to <log_dir>/sendmail or to syslog
$rcmail_config['smtp_log'] = true;
// Log successful logins to <log_dir>/userlogins or to syslog
$rcmail_config['log_logins'] = false;
// Log session authentication errors to <log_dir>/session or to syslog
$rcmail_config['log_session'] = false;
// Log SQL queries to <log_dir>/sql or to syslog
$rcmail_config['sql_debug'] = false;
// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = false;
// Log LDAP conversation to <log_dir>/ldap or to syslog
$rcmail_config['ldap_debug'] = false;
// Log SMTP conversation to <log_dir>/smtp or to syslog
$rcmail_config['smtp_debug'] = false;
// IMAP
// the mail host chosen to perform the log-in
// leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
$rcmail_config['default_host'] = 'localhost';
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['imap_auth_type'] = null;
// If you know your imap's folder delimiter, you can specify it here.
// Otherwise it will be determined automatically
$rcmail_config['imap_delimiter'] = null;
// If IMAP server doesn't support NAMESPACE extension, but you're
// using shared folders or personal root folder is non-empty, you'll need to
// set these options. All can be strings or arrays of strings.
// Folders need to be ended with directory separator, e.g. "INBOX."
// (special directory "~" is an exception to this rule)
// These can be used also to overwrite server's namespaces
$rcmail_config['imap_ns_personal'] = null;
$rcmail_config['imap_ns_other']    = null;
$rcmail_config['imap_ns_shared']   = null;
// By default IMAP capabilities are readed after connection to IMAP server
// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list
// after login. Set to True if you've got this case.
$rcmail_config['imap_force_caps'] = false;
// By default list of subscribed folders is determined using LIST-EXTENDED
// extension if available. Some servers (dovecot 1.x) returns wrong results
// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225
// Enable this option to force LSUB command usage instead.
$rcmail_config['imap_force_lsub'] = false;
// Some server configurations (e.g. Courier) doesn't list folders in all namespaces
// Enable this option to force listing of folders in all namespaces
$rcmail_config['imap_force_ns'] = false;
// IMAP connection timeout, in seconds. Default: 0 (no limit)
$rcmail_config['imap_timeout'] = 0;
// Optional IMAP authentication identifier to be used as authorization proxy
$rcmail_config['imap_auth_cid'] = null;
// Optional IMAP authentication password to be used for imap_auth_cid
$rcmail_config['imap_auth_pw'] = null;
// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
$rcmail_config['imap_cache'] = null;
// Enables messages cache. Only 'db' cache is supported.
$rcmail_config['messages_cache'] = false;
// SMTP
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$rcmail_config['smtp_server'] = 'localhost';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$rcmail_config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$rcmail_config['smtp_user'] = '';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = '';
// Optional SMTP authentication identifier to be used as authorization proxy
$rcmail_config['smtp_auth_cid'] = null;
// Optional SMTP authentication password to be used for smtp_auth_cid
$rcmail_config['smtp_auth_pw'] = null;
// SMTP HELO host
// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages
// Leave this blank and you will get the server variable 'server_name' or
// localhost if that isn't defined.
$rcmail_config['smtp_helo_host'] = '';
// SMTP connection timeout, in seconds. Default: 0 (no limit)
$rcmail_config['smtp_timeout'] = 0;
// SYSTEM
// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
$rcmail_config['enable_installer'] = false;
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$rcmail_config['support_url'] = 'http://www.crawfordworks.ca/contact';
// replace Roundcube logo with this image
// specify an URL relative to the document root of this Roundcube installation
$rcmail_config['skin_logo'] = null;
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$rcmail_config['auto_create_user'] = true;
// use this folder to store log files (must be writeable for apache user)
// This is used by the 'file' log driver.
$rcmail_config['log_dir'] = 'logs/';
// use this folder to store temp files (must be writeable for apache user)
$rcmail_config['temp_dir'] = 'temp/';
// lifetime of message cache
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$rcmail_config['force_https'] = false;
// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$rcmail_config['use_https'] = false;
// Allow browser-autocompletion on login form.
// 0 - disabled, 1 - username and host only, 2 - username, host, password
$rcmail_config['login_autocomplete'] = 0;
// Forces conversion of logins to lower case.
// 0 - disabled, 1 - only domain part, 2 - domain and local part.
// If users authentication is not case-sensitive this must be enabled.
// After enabling it all user records need to be updated, e.g. with query:
// UPDATE users SET username = LOWER(username);
$rcmail_config['login_lc'] = 0;
// Includes should be interpreted as PHP files
$rcmail_config['skin_include_php'] = false;
// display software version on login screen
$rcmail_config['display_version'] = false;
// Session lifetime in minutes
// must be greater than 'keep_alive'/60
$rcmail_config['session_lifetime'] = 10;
// session domain: .example.org
$rcmail_config['session_domain'] = '';
// session name. Default: 'roundcube_sessid'
$rcmail_config['session_name'] = null;
// Backend to use for session storage. Can either be 'db' (default) or 'memcache'
// If set to memcache, a list of servers need to be specified in 'memcache_hosts'
// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed
$rcmail_config['session_storage'] = 'db';
// Use these hosts for accessing memcached
// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file
$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );
// check client IP in session athorization
$rcmail_config['ip_check'] = false;
// check referer of incoming requests
$rcmail_config['referer_check'] = false;
// X-Frame-Options HTTP header value sent to prevent from Clickjacking.
// Possible values: sameorigin|deny. Set to false in order to disable sending them
$rcmail_config['x_frame_options'] = 'sameorigin';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$rcmail_config['des_key'] = 'Qw4jLYQK+MyNLPIRmON7Lq+Z';
// Automatically add this domain to user names for login
// Only for IMAP servers that require full e-mail addresses for login
// Specify an array with 'host' => 'domain' values to support multiple hosts
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$rcmail_config['username_domain'] = '';
// This domain will be used to form e-mail addresses of new users
// Specify an array with 'host' => 'domain' values to support multiple hosts
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$rcmail_config['mail_domain'] = '';
// Password charset.
// Use it if your authentication backend doesn't support UTF-8.
// Defaults to ISO-8859-1 for backward compatibility
$rcmail_config['password_charset'] = 'ISO-8859-1';
// How many seconds must pass between emails sent by a user
$rcmail_config['sendmail_delay'] = 0;
// Maximum number of recipients per message. Default: 0 (no limit)
$rcmail_config['max_recipients'] = 0;
// Maximum allowednumber of members of an address group. Default: 0 (no limit)
// If 'max_recipients' is set this value should be less or equal
$rcmail_config['max_group_members'] = 0;
// add this user-agent to message headers when sending
$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION;
// use this name to compose page titles
$rcmail_config['product_name'] = 'Tri Innovations Webmail';
// try to load host-specific configuration
// see http://trac.roundcube.net/wiki/Howto_Config for more details
$rcmail_config['include_host_config'] = false;
// path to a text file which will be added to each sent message
// paths are relative to the Roundcube root folder
$rcmail_config['generic_message_footer'] = '';
// path to a text file which will be added to each sent HTML message
// paths are relative to the Roundcube root folder
$rcmail_config['generic_message_footer_html'] = '';
// add a received header to outgoing mails containing the creators IP and hostname
$rcmail_config['http_received_header'] = false;
// Whether or not to encrypt the IP address and the host name
// these could, in some circles, be considered as sensitive information;
// however, for the administrator, these could be invaluable help
// when tracking down issues.
$rcmail_config['http_received_header_encrypt'] = false;
// This string is used as a delimiter for message headers when sending
// a message via mail() function. Leave empty for auto-detection
$rcmail_config['mail_header_delimiter'] = NULL;
// number of chars allowed for line when wrapping text.
// text wrapping is done when composing/sending messages
$rcmail_config['line_length'] = 72;
// send plaintext messages as format=flowed
$rcmail_config['send_format_flowed'] = true;
// don't allow these settings to be overriden by the user
$rcmail_config['dont_override'] = array();
// Set identities access level:
// 0 - many identities with possibility to edit all params
// 1 - many identities with possibility to edit all params but not email address
// 2 - one identity with possibility to edit all params
// 3 - one identity with possibility to edit all params but not email address
$rcmail_config['identities_level'] = 0;
// Mimetypes supported by the browser.
// attachments of these types will open in a preview window
// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
$rcmail_config['client_mimetypes'] = null; # null == default
// mime magic database
$rcmail_config['mime_magic'] = '/usr/share/misc/magic';
// path to imagemagick identify binary
$rcmail_config['im_identify_path'] = null;
// path to imagemagick convert binary
$rcmail_config['im_convert_path'] = null;
// maximum size of uploaded contact photos in pixel
$rcmail_config['contact_photo_size'] = 160;
// Enable DNS checking for e-mail address validation
$rcmail_config['email_dns_check'] = false;
// PLUGINS
// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array();
// USER INTERFACE
// default messages sort column. Use empty value for default server's sorting,
// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'
$rcmail_config['message_sort_col'] = '';
// default messages sort order
$rcmail_config['message_sort_order'] = 'DESC';
// These cols are shown in the message list. Available cols are:
// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority'
$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment');
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$rcmail_config['language'] = null;
// use this format for date display (date or strftime format)
$rcmail_config['date_format'] = 'Y-m-d';
// give this choice of date formats to the user to select from
$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y');
// use this format for time display (date or strftime format)
$rcmail_config['time_format'] = 'H:i';
// give this choice of time formats to the user to select from
$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A');
// use this format for short date display (derived from date_format and time_format)
$rcmail_config['date_short'] = 'D H:i';
// use this format for detailed date/time formatting (derived from date_format and time_format)
$rcmail_config['date_long'] = 'Y-m-d H:i';
// store draft message is this mailbox
// leave blank if draft messages should not be stored
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$rcmail_config['drafts_mbox'] = 'Drafts';
// store spam messages in this mailbox
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$rcmail_config['junk_mbox'] = 'Junk';
// store sent message is this mailbox
// leave blank if sent messages should not be stored
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$rcmail_config['sent_mbox'] = 'Sent Messages';
// move messages to this folder when deleting them
// leave blank if they should be deleted directly
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$rcmail_config['trash_mbox'] = 'Trash';
// display these folders separately in the mailbox list.
// these folders will also be displayed with localized names
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent Messages', 'Junk', 'Trash');
// automatically create the above listed default folders on first login
$rcmail_config['create_default_folders'] = false;
// protect the default folders from renames, deletes, and subscription changes
$rcmail_config['protect_default_folders'] = true;
// if in your system 0 quota means no limit set this option to true
$rcmail_config['quota_zero_as_unlimited'] = false;
// Make use of the built-in spell checker. It is based on GoogieSpell.
// Since Google only accepts connections over https your PHP installatation
// requires to be compiled with Open SSL support
$rcmail_config['enable_spellcheck'] = true;
// Enables spellchecker exceptions dictionary.
// Setting it to 'shared' will make the dictionary shared by all users.
$rcmail_config['spellcheck_dictionary'] = false;
// Set the spell checking engine. 'googie' is the default. 'pspell' is also available,
// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here.
$rcmail_config['spellcheck_engine'] = 'googie';
// For a locally installed Nox Spell Server, please specify the URI to call it.
// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
// Leave empty to use the Google spell checking service, what means
// that the message content will be sent to Google in order to check spelling
$rcmail_config['spellcheck_uri'] = '';
// These languages can be selected for spell checking.
// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
// Leave empty for default set of available language.
$rcmail_config['spellcheck_languages'] = NULL;
// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE)
$rcmail_config['spellcheck_ignore_caps'] = false;
// Makes that words with numbers will be ignored (e.g. g00gle)
$rcmail_config['spellcheck_ignore_nums'] = false;
// Makes that words with symbols will be ignored (e.g. g@@gle)
$rcmail_config['spellcheck_ignore_syms'] = false;
// Use this char/string to separate recipients when composing a new message
$rcmail_config['recipients_separator'] = ',';
// don't let users set pagesize to more than this value if set
$rcmail_config['max_pagesize'] = 200;
// Minimal value of user's 'keep_alive' setting (in seconds)
// Must be less than 'session_lifetime'
$rcmail_config['min_keep_alive'] = 60;
// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
// By default refresh time is set to 1 second. You can set this value to true
// or any integer value indicating number of seconds.
$rcmail_config['upload_progress'] = false;
// Specifies for how many seconds the Undo button will be available
// after object delete action. Currently used with supporting address book sources.
// Setting it to 0, disables the feature.
$rcmail_config['undo_timeout'] = 0;
// ADDRESSBOOK SETTINGS
// This indicates which type of address book to use. Possible choises:
// 'sql' (default) and 'ldap'.
// If set to 'ldap' then it will look at using the first writable LDAP
// address book as the primary address book and it will not display the
// SQL address book in the 'Address Book' view.
$rcmail_config['address_book_type'] = 'sql';
// In order to enable public ldap search, configure an array like the Verisign
// example further below. if you would like to test, simply uncomment the example.
// Array key must contain only safe characters, ie. a-zA-Z0-9_
$rcmail_config['ldap_public'] = array();
// If you are going to use LDAP for individual address books, you will need to
// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
// The recommended directory structure for LDAP is to store all the address book entries
// under the users main entry, e.g.:
// o=root
//   ou=people
//    uid=user@domain
// mail=contact@contactdomain
// So the base_dn would be uid=%fu,ou=people,o=root
// The bind_dn would be the same as based_dn or some super user login.
* example config for Verisign directory
$rcmail_config['ldap_public']['Verisign'] = array(
'name'          => 'Verisign.com',
// Replacement variables supported in host names:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
'hosts'         => array('directory.verisign.com'),
'port'          => 389,
'use_tls'                => false,
'ldap_version' => 3,       // using LDAPv3
'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
// %fu - The full username provided, assumes the username is an email
//       address, uses the username_domain value if not an email address.
// %u - The username prior to the '@'.
// %d - The domain name after the '@'.
// %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// %dn - DN found by ldap search when search_filter/search_base_dn are used
'base_dn'       => '',
'bind_dn'       => '',
'bind_pass'     => '',
// It's possible to bind for an individual address book
// The login name is used to search for the DN to bind with
'search_base_dn' => '',
'search_filter' => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
// DN and password to bind as before searching for bind DN, if anonymous search is not allowed
'search_bind_dn' => '',
'search_bind_pw' => '',
// Default for %dn variable if search doesn't return DN value
'search_dn_default' => '',
// Optional authentication identifier to be used as SASL authorization proxy
// bind_dn need to be empty
'auth_cid'       => '',
// SASL authentication method (for proxy auth), e.g. DIGEST-MD5
'auth_method'    => '',
// Indicates if the addressbook shall be hidden from the list.
// With this option enabled you can still search/view contacts.
'hidden'        => false,
// Indicates if the addressbook shall not list contacts but only allows searching.
'searchonly'    => false,
// Indicates if we can write to the LDAP directory or not.
// If writable is true then these fields need to be populated:
// LDAP_Object_Classes, required_fields, LDAP_rdn
'writable'       => false,
// To create a new contact these are the object classes to specify
// (or any other classes you wish to use).
'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
// The RDN field that is used for new entries, this field needs
// to be one of the search_fields, the base of base_dn is appended
// to the RDN to insert into the LDAP directory.
'LDAP_rdn'       => 'cn',
// The required fields needed to build a new contact as required by
// the object classes (can include additional fields not required by the object classes).
'required_fields' => array('cn', 'sn', 'mail'),
'search_fields'   => array('mail', 'cn'), // fields to search in
// mapping of contact fields to directory attributes
//   for every attribute one can specify the number of values (limit) allowed.
//   default is 1, a wildcard * means unlimited
'fieldmap' => array(
    // Roundcube => LDAP:limit
    'name'        => 'cn',
    'surname'     => 'sn',
    'firstname'   => 'givenName',
    'title'       => 'title',
    'email'       => 'mail:*',
    'phone:home' => 'homePhone',
    'phone:work' => 'telephoneNumber',
    'phone:mobile' => 'mobile',
    'phone:pager' => 'pager',
    'street'      => 'street',
    'zipcode'     => 'postalCode',
    'region'      => 'st',
    'locality'    => 'l',
// if you uncomment country, you need to modify 'sub_fields' above
//    'country'     => 'c',
    'department' => 'departmentNumber',
    'notes'       => 'description',
// these currently don't work:
//    'phone:workfax' => 'facsimileTelephoneNumber',
//    'photo'        => 'jpegPhoto',
//    'organization' => 'o',
//    'manager'      => 'manager',
//    'assistant'    => 'secretary',
// Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country'
'sub_fields' => array(),
'sort'          => 'cn',    // The field to sort the listing by.
'scope'         => 'sub',   // search mode: sub|base|list
'filter'        => '(objectClass=inetOrgPerson)',      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true,    // server allows wildcard search
'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
'numsub_filter' => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
'referrals'     => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
// definition for contact groups (uncomment if no groups are supported)
// for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above)
// if the groups base_dn is empty, the contact base_dn is used for the groups as well
// -> in this case, assure that groups and contacts are separated due to the concernig filters!
'groups'        => array(
    'base_dn'     => '',
    'scope'       => 'sub',   // search mode: sub|base|list
    'filter'      => '(objectClass=groupOfNames)',
    'object_classes' => array("top", "groupOfNames"),
    'member_attr' => 'member',   // name of the member attribute, e.g. uniqueMember
    'name_attr'    => 'cn',       // attribute to be used as group name
// An ordered array of the ids of the addressbooks that should be searched
// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
$rcmail_config['autocomplete_addressbooks'] = array('sql');
// The minimum number of characters required to be typed in an autocomplete field
// before address books will be searched. Most useful for LDAP directories that
// may need to do lengthy results building given overly-broad searches
$rcmail_config['autocomplete_min_length'] = 1;
// Number of parallel autocomplete requests.
// If there's more than one address book, n parallel (async) requests will be created,
// where each request will search in one address book. By default (0), all address
// books are searched in one request.
$rcmail_config['autocomplete_threads'] = 0;
// Max. numer of entries in autocomplete popup. Default: 15.
$rcmail_config['autocomplete_max'] = 15;
// show address fields in this order
// available placeholders: {street}, {locality}, {zipcode}, {country}, {region}
$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{country} {region}';
// Matching mode for addressbook search (including autocompletion)
// 0 - partial (*abc*), default
// 1 - strict (abc)
// 2 - prefix (abc*)
// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode
$rcmail_config['addressbook_search_mode'] = 0;
// USER PREFERENCES
// Use this charset as fallback for message decoding
$rcmail_config['default_charset'] = 'ISO-8859-1';
// skin name: folder from skins/
$rcmail_config['skin'] = 'larry';
// show up to X items in messages list view
$rcmail_config['mail_pagesize'] = 50;
// show up to X items in contacts list view
$rcmail_config['addressbook_pagesize'] = 50;
// sort contacts by this col (preferably either one of name, firstname, surname)
$rcmail_config['addressbook_sort_col'] = 'surname';
// the way how contact names are displayed in the list
// 0: display name
// 1: (prefix) firstname middlename surname (suffix)
// 2: (prefix) surname firstname middlename (suffix)
// 3: (prefix) surname, firstname middlename (suffix)
$rcmail_config['addressbook_name_listing'] = 0;
// use this timezone to display date/time
// valid timezone identifers are listed here: php.net/manual/en/timezones.php
// 'auto' will use the browser's timezone settings
$rcmail_config['timezone'] = 'auto';
// prefer displaying HTML messages
$rcmail_config['prefer_html'] = true;
// display remote inline images
// 0 - Never, always ask
// 1 - Ask if sender is not in address book
// 2 - Always show inline images
$rcmail_config['show_images'] = 0;
// compose html formatted messages by default
// 0 - never, 1 - always, 2 - on reply to HTML message only
$rcmail_config['htmleditor'] = 0;
// show pretty dates as standard
$rcmail_config['prettydate'] = true;
// save compose message every 300 seconds (5min)
$rcmail_config['draft_autosave'] = 300;
// default setting if preview pane is enabled
$rcmail_config['preview_pane'] = false;
// Mark as read when viewed in preview pane (delay in seconds)
// Set to -1 if messages in preview pane should not be marked as read
$rcmail_config['preview_pane_mark_read'] = 0;
// Clear Trash on logout
$rcmail_config['logout_purge'] = false;
// Compact INBOX on logout
$rcmail_config['logout_expunge'] = false;
// Display attached images below the message body
$rcmail_config['inline_images'] = true;
// Encoding of long/non-ascii attachment names:
// 0 - Full RFC 2231 compatible
// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
// 2 - Full 2047 compatible
$rcmail_config['mime_param_folding'] = 0;
// Set true if deleted messages should not be displayed
// This will make the application run slower
$rcmail_config['skip_deleted'] = false;
// Set true to Mark deleted messages as read as well as deleted
// False means that a message's read status is not affected by marking it as deleted
$rcmail_config['read_when_deleted'] = true;
// Set to true to never delete messages immediately
// Use 'Purge' to remove messages marked as deleted
$rcmail_config['flag_for_deletion'] = false;
// Default interval for keep-alive/check-recent requests (in seconds)
// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime'
$rcmail_config['keep_alive'] = 60;
// If true all folders will be checked for recent messages
$rcmail_config['check_all_folders'] = false;
// If true, after message delete/move, the next message will be displayed
$rcmail_config['display_next'] = false;
// 0 - Do not expand threads
// 1 - Expand all threads automatically
// 2 - Expand only threads with unread messages
$rcmail_config['autoexpand_threads'] = 0;
// When replying place cursor above original message (top posting)
$rcmail_config['top_posting'] = false;
// When replying strip original signature from message
$rcmail_config['strip_existing_sig'] = true;
// Show signature:
// 0 - Never
// 1 - Always
// 2 - New messages only
// 3 - Forwards and Replies only
$rcmail_config['show_sig'] = 1;
// When replying or forwarding place sender's signature above existing message
$rcmail_config['sig_above'] = false;
// Use MIME encoding (quoted-printable) for 8bit characters in message body
$rcmail_config['force_7bit'] = false;
// Defaults of the search field configuration.
// The array can contain a per-folder list of header fields which should be considered when searching
// The entry with key '*' stands for all folders which do not have a specific list set.
// Please note that folder names should to be in sync with $rcmail_config['default_folders']
$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1));
// Defaults of the addressbook search field configuration.
$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
// 'Delete always'
// This setting reflects if mail should be always deleted
// when moving to Trash fails. This is necessary in some setups
// when user is over quota and Trash is included in the quota.
$rcmail_config['delete_always'] = false;
// Directly delete messages in Junk instead of moving to Trash
$rcmail_config['delete_junk'] = false;
// Behavior if a received message requests a message delivery notification (read receipt)
// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
// 3 = send automatically if sender is in addressbook, otherwise ask the user
// 4 = send automatically if sender is in addressbook, otherwise ignore
$rcmail_config['mdn_requests'] = 0;
// Return receipt checkbox default state
$rcmail_config['mdn_default'] = 0;
// Delivery Status Notification checkbox default state
$rcmail_config['dsn_default'] = 0;
// Place replies in the folder of the message being replied to
$rcmail_config['reply_same_folder'] = false;
// Sets default mode of Forward feature to "forward as attachment"
$rcmail_config['forward_attachment'] = false;
// Defines address book (internal index) to which new contacts will be added
// By default it is the first writeable addressbook.
// Note: Use '0' for built-in address book.
$rcmail_config['default_addressbook'] = null;
// Enables spell checking before sending a message.
$rcmail_config['spellcheck_before_send'] = false;
// Skip alternative email addresses in autocompletion (show one address per contact)
$rcmail_config['autocomplete_single'] = false;
// Default font for composed HTML message.
// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New,
// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana
$rcmail_config['default_font'] = '';
// end of config file

Can't login to open directory accounts unless using server machine

I cannot login to any network accounts from my macbook on my local network i have tried bindind the machine to the open directory with local ip, local address and domain and all appear to be working but i cant login to any of the accounts although the passwords are correct.

Hi Salda,
I'm currently experiencing a similar problem to yours.
My situation is that I have just created a new user account which is part of our media users group.
This group is in the list of allowed users for our mac pro client host, but when I attempt to login using their credentials I get the same error you had, namely that their home directory is located on a afp or smb server (which is of course the case).
I hope you can tell me a resolution that doesn't require a re-installation of the OS.
Thanks for your help.
Rich

[OBPM 10gR3]How to configer a hybrid directory with Oracle LDAP Server

Hey, guys,
Does anyone have experience on configering a hybrid directory with Oracle LDAP Server? How to config the mapping conf file for Oracle LDAP in the directory of \OraBPMwlHome\conf?
Here is my conf file. But I got some LDAP mapping errors. It's really weird OBPM doesn't support Oracle's self LDAP, at least it does not provide the conf file.
-----------errors------------
Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. Reason: [LDAP: error code 53 - Function Not Implemented] fuego.directory.DirectoryRuntimeException: Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. at fuego.directory.DirectoryRuntimeException.wrapException(DirectoryRuntimeException.java:85) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:203) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:84) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:64) at fuego.directory.hybrid.ldap.Repository.selectAllFromView(Repository.java:54) at fuego.directory.hybrid.ldap.LDAPPollingEventGenerator.buildCurrentProxies(LDAPPollingEventGenerator.java:98) at fuego.directory.provider.notifiers.BasePollingEventGenerator.generateEvents(BasePollingEventGenerator.java:41) at fuego.directory.hybrid.HybridMultipleEventGenerator.generateEvents(HybridMultipleEventGenerator.java:43) at fuego.directory.provider.notifiers.DirectoryNotifier.notifyChanges(DirectoryNotifier.java:403) at fuego.server.service.DirectoryListener.updateEngineFromDirectoryImpl(DirectoryListener.java:309) at fuego.server.service.DirectoryListener$DirectoryPollingItem.execute(DirectoryListener.java:351) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.DefaultEngineExecution.executeAutomaticWork(DefaultEngineExecution.java:62) at fuego.server.execution.EngineExecution.executeAutomaticWork(EngineExecution.java:42) at fuego.ejbengine.ejb.EngineStartupBean.executeItem(EngineStartupBean.java:192) at fuego.ejbengine.ejb.EngineStartupBean.updateFromDirectory(EngineStartupBean.java:172) at fuego.ejbengine.ejb.engine_startup_bpmengine_wodkyx_ELOImpl.updateFromDirectory(engine_startup_bpmengine_wodkyx_ELOImpl.java:365) at fuego.ejbengine.servlet.SchedulerServlet$DirectoryPollingTask.runImpl(SchedulerServlet.java:269) at fuego.ejbengine.servlet.SchedulerServlet$ScheduledTask.run(SchedulerServlet.java:208) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at fuego.jndi.FaultTolerantDirContext.search(FaultTolerantDirContext.java:867) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:190) ... 23 more
-----------mapping conf file for Oracle LDAP---------
<?xml version="1.0" encoding="UTF-8"?>
<?fuego version="6.1 ALPHA" application="albpmenterprise"?>

<config>
     <object id="person">
          <object-filter>
               <![CDATA[
                    (objectclass=inetOrgPerson)
               ]]>
          </object-filter>
          <relative-dn>
               
          </relative-dn>
          <attribute id="id" value="uid"/>
          <attribute id="lastName" value="sn"/>
          <attribute id="firstName" value="givenname"/>
          <attribute id="accountLock" value="orclIsEnabled">
               <attribute-comparator operation="EQUALS" compareTo="ENABLED"/>
               <filter>
                    <![CDATA[
                         ($accountLock=ENABLED)
                    ]]>
               </filter>
          </attribute>
          <attribute id="facsimileTelephoneNumber" value="facsimileTelephoneNumber"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="mail" value="mail"/>
          <attribute id="telephoneNumber" value="telephoneNumber"/>
          <attribute id="employeeId" value="employeeNumber"/>
          <attribute id="thumbnailPhoto" value="jpegPhoto"/>
          <attribute id="manager" value="manager"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
     </object>
     <object id="group">
          <object-filter>
               <![CDATA[
                    (objectclass=orclGroup)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="id" value="dn"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="name" value="cn"/>
          <attribute id="description" value="description"/>
          <attribute id="assignedParticipants" value="uniquemember"/>
          
          <attribute id="ou" value="uniquemember"/>
     </object>
     <object id="ou">
          <object-filter>
               <![CDATA[
                    (objectclass=domain)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="name" value="orclsubscriberfullname"/>
          <attribute id="description" value="description"/>
     </object>
</config>
Edited by: Lemonice on 2009-3-30 上午2:08
Edited by: Lemonice on 2009-3-30 下午7:01
Edited by: Lemonice on 2009-3-30 下午8:43

Hi,
in my case, I am trying to configure the OBPM directory using ALUI and its native LDAP service.
Now, I found that the first name and the last name in BPM are retrieved from the ALUI display name : provided we enter the display name in the format %first name% + %last name% we get them into BPM. But the display name is not always in this format...
In addition, it's the portal telephone number information which is retrieved into BPM Telephone and Fax numbers.
And, the email adress remains blank
I have installed the latest patch for OBPM (Version: 10.3.1.0.0 Build: #97172)
Would you have any documentation about creating a Profile Web Service in ALUI and specifying which LDAP attributes to map to which ALUI properties in the Profile Source ?
Thanks !
Edited by: vVince on May 6, 2009 3:46 PM

How to do an Open Directory Restore in Lion Server?

Similar Messages

Maybe you are looking for