Open Directory LDAPv3 Password and Diradmin recovery

Similar Messages

• Open directory, network homes and MS Word

  We are running OS X & Server 10.4.8, and Word 11.2. Using network home directories, with 15users and 3 of them are portable. Running Open directory wih LDAPv3, SSL, SMB and AFP for the network homes (?).
  When one of the portable users try to save his Word files he recieves the following error-message: "Word cannot save this file because it is already open elsewhere"
  Google turned up the following results and suggestions from other ppl with the same problem:
  #1 - Create .TemporaryItems and/or modify owner(s) on the network share.
  #2 - Change the directory where files are saved via: Word > Preferences > File locaion > Document > 'Modify' (change to users 'Documents' folder.
  #3 - Delete .com.microsoft.Word.prefs.plist file in: User > Library > Preferences > Microsoft > (user is the name of the account having the prob)
  Link to someone with the same problem(contains most of the solutions):
  http://forums.macosxhints.com/archive/index.php/t-46413.html
  Link to a combination of solution #1 & #2 (and a descrip of the prob):
  http://www.macfixitforums.com/php/showflat.php?Cat=&Board=OfficeX&Number=721294& page=0&view=expanded&sb=5&o=31&fpart=
  I have tried all of the solutions above, the first one seemed promesing but the folder already existed so i just verified that the permissions were correct and moved on. User still has the problem.
  End of the last thread i posted suggests that there is no solution for this problem in Os X 10.4.2 and i read another place that it is related to Os X not closing connections to the file on the share, so it is tricked into thinking the file is open in two places when you save it the first time.
  Please help!!

  It was kindof a strange problem with RDC (Remote desktop connection, windows not apple).
  After i installed the script RDC stopped working and i had to uninstall the script to save RDC (it`s more important then the error message in office). But uninstalling didnt work, so i did some experimenting and found out that RDC started working again if he just moved to another computer where he hadnt loaded his user while the script was running.
  And even more surprislingly when he moved back to his own computer again it started working again there too. (We use network accounts)
  May i ask you how you uninstalled it?

• No Open Directory under password type pulldown

  When creating a new user. I need to select a password type of "Open Directory" but it is not there. There is only "Shadow Password".
  I have gone to Server admin and changed the Open Directory from "Standalone Server" to "Open Directory Master" but no luck.
  What am I doing wrong ?

  This is the start of me trying to unlock the screensaver as a PHD user, off the network, internet on.
  Oct 8 23:11:57 DL-MBP authorizationhost[737]: k5_authenticate(): got -1765328228 (Cannot contact any KDC for requested realm) on plugins/krb5/krb5_operations.c:54
  Oct 8 23:11:58 DL-MBP authorizationhost[737]: -[SFBuiltinAuthenticate performDSPasswordAuth](): got -1765328228 (Cannot contact any KDC for requested realm) on authhostbuiltins.m:845
  Oct 8 23:11:58 DL-MBP com.apple.SecurityServer[22]: Engine::authorize: Rule::evaluate returned -60008 returning errAuthorizationInternal
  This is me now unlocking the screensaver using a local admin login.
  Oct 8 23:12:03 DL-MBP com.apple.SecurityServer[22]: uid 1045 succeeded authenticating as user admin (uid 502) for right system.login.screensaver.
  Oct 8 23:12:03 DL-MBP com.apple.SecurityServer[22]: Succeeded authorizing right system.login.screensaver by client /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app.
  This is me now unlocking the screensaver with off the network with internet off, a successful local cache result.
  Oct 8 23:13:57 DL-MBP authorizationhost[737]: k5_authenticate(): got -1765328228 (Cannot contact any KDC for requested realm) on plugins/krb5/krb5_operations.c:54
  Oct 8 23:13:57 DL-MBP authorizationhost[737]: -[SFBuiltinAuthenticate performDSPasswordAuth](): got -1765328228 (Cannot contact any KDC for requested realm) on authhostbuiltins.m:845
  Oct 8 23:13:57 DL-MBP com.apple.SecurityServer[22]: uid 1045 succeeded authenticating as user terrywest (uid 1045) for right system.login.screensaver.
  Oct 8 23:13:57 DL-MBP com.apple.SecurityServer[22]: Succeeded authorizing right system.login.screensaver by client /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app.

• Whats should i do if i forgot my login password and lost recovery key for filevault?

  I have mountain lion and i forgot my login password, it has filevault, and i lost my recovery key to decrypt the hard drive
  I called applecare and they asked me about my serial number but they said it doesnt appear in the apple care
  but!!! i bought my mac at august endings.
  Please!! i need a soon answer
  i dont care my files, i dont have important files at all, i just want to login and be able to use it!!!!

  Tayel wrote:
  I called applecare and they asked me about my serial number but they said it doesnt appear in the apple care
  but!!! i bought my mac at august endings.
  Warranty Info 
  Check Your Service and Support Coverage

• Open Directory: user authentication and logining takes a lot of time

  We have Mac OS X Server Snow Leopard 10.6.8 with OpenDirectory and some iMacs with Mac OS X Snow Leopard 10.6.8. After adding Network Account Server in iMacs (System Preferences->Accounts->Login Options->Network Account Server Edit) OD works normally and users authenticate and login their accounts rather fast (5-10 seconds). But some days or weeks later the time for authentication and logining takes for about 5 minutes. If I re-add Network Account Server, then all works greatly again. What's the matter? How to avoid this re-adding?

  Hello,
  can you tell us what is the size of this Universe in terms of:
  number of tables, number of objects, size of the .unv file?
  Also, is this behaviour specific to this universe or you have other universes having the same problem?
  Last, are you 'opening it' as in File/Open or importing it as in 'File/Import...' ?
  Thanks
  PPaolo

• No Open Directory master available and no Replica to load - Please help

  Hi, I'm trying to set up OS X Server Mavericks on my Mac Mini (mid 2010). I've been following Todd Olthoff's tutorials on that up to the "Binding the clients to the server" point, when nothing happened on my screen and could not go on. At that moment I had my master OD set up and with two local network users created. As he's not replying to my question, I start a new one in here, hoping that I'll fina solution.
  I checked every area on the server and discovered that my autosigned certificated turned into blue and was "signed by an untrusted issuer" I completely ignore the reason for that. I started the whole thing over and uninstalled and re-installed Server OS X and now my master OD is gone. When I turned it on I could not set up the OD as it happened the first time but I get a message  in a "Servers" textbox: "Unable to load replica list". I don't have any replicas (because this is the first server I'm setting, which by will seem pretty obvious).
  The funny thing is that the users are there but not the OD. Any clues how to complete the server set up? The main goal is to access the Mac Mini and the drives attached from an external network to access the contents and have backups of the work I do with my MacBook.
  Thanks a lot in advance!

  Thanks to Todd Olthoff, I could solve this problem by destroying the LDAP through the terminal: type in sudo slapconfig -destroyldapserver.

• How to integrate active directory users(credentials) to Open Directory LDAPv3?

  -I don't want to have a separate directory anymore.

  Hi RM,
  It would require that you setup your Portal in such a way being able to handle Windows Integrated Authentication via Kerberos. This is already very well explained in the following blogs:
  /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
  http://wiki.sdn.sap.com/wiki/display/EP/SingleSignOntotheJ2EEEnginefromWindows
  After setting up your datasource, in your case the ADS, you will need to run SPNego Wizard in NWA to have it integrated with SSO.
  Best regards,
  Andre

• I forgot my apple id password and my recovery email and my security questions also I restored my ipod 5 and i cant activate my ipod since i forgot my password and please help im locked from my ipod.

  <Email Edited by Host>

  If you cannot do the steps in If you forgot your Apple ID password you will need to contact Apple Support: Apple ID: Contacting Apple for help with Apple ID account security

• 10.6 Client and 10.7 Server Open Directory

  I´ve got an Mac Mini running Lion Server. It´s configured as an Open Directory Server.
  And I´ve got some 10.6 Clients running on the same local network.
  All Clients have the Mini Server as DNS Server.
  And now I want to use NetworkAccounts form the 10.7 Server on the 10.6 Clients.
  I´ve connected the 10.6 Clients to the Server (without SSL) and all Clients say "Network Accounts available".
  But if I try to log in on the Client it just shakes the login window. I´ve tried it on all my Clients with different Accounts but nothing worked.
  It just won´t work! But why? Can you please help me?
  What I´m doing wrong? Or is the combination of 10.6 Clients and 10.7 Server not Supported by OpenDirectory on 10.7 Server ?
  Thank you !

  Check your authentication against the server from one of the clients using the following command:
  dscl /LDAPv3/<server name or IP> authonly <shortname of an account that cannot login>
       The server name should be the same name or IP you used when binding your 10.6 client to a 10.7 server.
  If you get the response "Failed to authenticate user <shortname> (tDirStatus: -14103)" you are having the same issue I was having. I found an answer to this, but you are not going to like it.
  Apparently Workgroup manager and Server.app deal with accounts differently. If you are using Workgroup Manager to import a long list of accounts, don't. Server.app needs to write an addition setting that is not part of Workgroup manager or in Passenger I doesn't work correctly with accounts that have home folders that are not local. Here are the steps I used to resolve the issue:
  Export all your accounts and groups
  Using Server Admin, demote your OD to a standalone directory
  Once the demotion is complete, use Server.app to promote your server to an OD Master
  Update: I've not found it to make a difference if you use server.app or Server Admin to configure your Open Directory Master.
  Once the server is again an Open Directory Master, import the users that you exported using Server.app instead of Workgroup Manager.
  If you are importing groups, set the Home Directory by editing the account in Server.app before importing groups to avoid overwriting your group settings. Thankfully, you can select multiple accounts at a time.
  Import your groups using Server.app
  Verify group membership and test the loginsIf you test the login using the dscl command from above, you should get no error after entering the password, but as long as you have a bound client, you should be able to login at this point.
  Hope this reaches you in time to help.

• I forgotten my bit locker password and recovery key.i need help .................

  i lost my bit locker password and i lost recovery key,i need help ..please help ......such important things are there in my e drive....pls mail me [email address redacted]

  Unfortunately if you lose the password and the recovery key you are not able to decrypt and access the information, that is the sole purpose of BitLocker.
  Blogging about Windows for IT pros at
  www.theexperienceblog.com

• Don't remember my ID password and password recovery question

  How do i get my blackberry id username and password even after i don't remember my id password and security recovery question?

  Read this for full information and suggestions to regain access to your BBID >> http://supportforums.blackberry.com/t5/BlackBerry-World/How-to-regain-access-to-your-BBID/td-p/25467...
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• How to turn off Open Directory in OS X Server 10.8.2

  I am configuring a MacPro with ML Server 10.8.2 for internal-only use.  I have DNS working on it (with the annoyance that it goes out of its way to break wildcard host names, and it doesn't know how to properly create the zone files to allow a secondary DNS server to do reverse-name-lookups properly).  I have only 2 users (admin and Time Machine), Time Machine is working for client Macs using the Time Machine user account, and File Sharing is working (using either account), sharing a RAID of internal drives an a pair of USB-attached external drives.
  I briefly turned on Open Directory, just to see if I wanted or needed to go that route.  I entered an Open Directory admin (diradmin) with a password.  Looked around the options and decided I did NOT need to use Open Directory just to get the Time Machine stuff working, and I was right.
  However, now the Server App shows Open Directory is "On."  When I go to that tab, I get a message stating that there was an error reading the settings file for Open Directory services.  I click it "Off" but it refuses to turn off.  When I come back to the tab, I get a pop-up window with a message about an error reading the settings and the Off/On switch moves back to "On" and the green light never goes off next to Open Directory in the list of services.
  I've rebooted the machine and after the reboot, sometimes, it appears as if I can add/delete/modify Users and Groups.  Other times, after the reboot, the +/- buttons are greyed out and I cannot add/edit/modify Users and Groups.  I have not yet tried to add/delete/modify users yet because I'm leery of trusting the server with this error message.
  Can anyone help me to remove anything and everything related to Open Directory so that it is "off" as if I never ever turned it on?  Or any suggestions on how to fix this short of a reinstall?
  Can I download and install the Server app on a differnt machine and then just copy the Server app over to this machine?  Will that zero out the Open Directory stuf that I'm trying to get rid of?
  Thanks in advance.

  I think I solved my problem by running the following command:
  sudo slapconfig -destroyldapserver diradmin
  diradmin is the name of the Open Directory admin account I created.
  The Open Directory Service now appears "off" and no longer had the green dot next to it in the list of services.
  Obviously, NOT a good solution to someone who was actively using Open Directory as this appears to have deleted all the data associated with Open Directory.
  Users and Groups now allow me to add/delete/modify.
  Sad to see an Apple product have such issues.

• How do I unbind a local user from an Open Directory user?

  I have a couple MacBook Pros running Leopard that successfully bound a local account to a corresponding Open Directory account using Directory Utility.
  I had to re-install Leopard Server (using Standard configuration) and re-create Open Directory accounts. Now these laptops are unable to bind to the new Open Directory accounts. They receive an error that the Open Directory user ID and password provided is incorrect. In addition the local user can no longer reset or change their password. I'm thinking this is because their local accounts are still bound to the old Open Directory accounts that no longer exist. Is there are way to unbind a local account in Leopard that has been bound to an Open Directory account via the Directory Utility.

  What account are you using to bind the machine? When binding you must authenticate using the OD admin login which is usually setup as diradmin or as the current client you are logged into the machine with, but this client needs to exist on the OD server.

• RoundCube Webmail Authenticating against Open Directory on Mountain Lion 10.8.x

  Hello all,
  I've been battling this issue for over a month with no success. Here is what we got:
  Mac Mini Server running Mountain Lion Server 10.8.2 running Calendar, Contacts, Mail and Web services.
  With there being no webmail present I've gone thru the process of installing RoundCube.
  I'm using Postgres as the database.
  When I test the ability to login I get the following error messages in the console.app
  10/12/12 10:13:27.071 AM log[182]: auth: Error: od(andrew,::1): Authentication server failed to complete the requested operation.
  10/12/12 10:13:27.071 AM log[182]: auth: Error: od(andrew,::1): authentication failed for user=andrew, method=DIGEST-MD5
  The first line I find the most interesting but have had no success determinign exactly what it means.
  I'm using open directory to authenticate and it is working perfectly with every other service so I'm led to believe it's an issue between RoundCube and Open Directory.
  ANY help would be appreciated emmensely!

  Sorry about taking so long to get back on here working on this. I've switched over to MySQL. I had a hard time because mysql.sock was located under /tmp/ rather than /var/mysql/ but I fixed that by using the following command:
  sudo ln -s /tmp/mysql.sock /var/mysql/mysql.sock
  Then I reinstalled roundcube. Here is my main.inc.php file:
  <?php
  +-----------------------------------------------------------------------+
  | Main configuration file                                               |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
  | See the README file for a full license statement.                     |
  |                                                                       |
  +-----------------------------------------------------------------------+
  $rcmail_config = array();
  // LOGGING/DEBUGGING
  // system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
  $rcmail_config['debug_level'] = 1;
  // log driver:  'syslog' or 'file'.
  $rcmail_config['log_driver'] = 'file';
  // date format for log entries
  // (read http://php.net/manual/en/function.date.php for all format characters) 
  $rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
  // Syslog ident string to use, if using the 'syslog' log driver.
  $rcmail_config['syslog_id'] = 'roundcube';
  // Syslog facility to use, if using the 'syslog' log driver.
  // For possible values see installer or http://php.net/manual/en/function.openlog.php
  $rcmail_config['syslog_facility'] = LOG_USER;
  // Log sent messages to <log_dir>/sendmail or to syslog
  $rcmail_config['smtp_log'] = true;
  // Log successful logins to <log_dir>/userlogins or to syslog
  $rcmail_config['log_logins'] = false;
  // Log session authentication errors to <log_dir>/session or to syslog
  $rcmail_config['log_session'] = false;
  // Log SQL queries to <log_dir>/sql or to syslog
  $rcmail_config['sql_debug'] = false;
  // Log IMAP conversation to <log_dir>/imap or to syslog
  $rcmail_config['imap_debug'] = false;
  // Log LDAP conversation to <log_dir>/ldap or to syslog
  $rcmail_config['ldap_debug'] = false;
  // Log SMTP conversation to <log_dir>/smtp or to syslog
  $rcmail_config['smtp_debug'] = false;
  // IMAP
  // the mail host chosen to perform the log-in
  // leave blank to show a textbox at login, give a list of hosts
  // to display a pulldown menu or set one host as string.
  // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
  // Supported replacement variables:
  // %n - http hostname ($_SERVER['SERVER_NAME'])
  // %d - domain (http hostname without the first part)
  // %s - domain name after the '@' from e-mail address provided at login screen
  // For example %n = mail.domain.tld, %d = domain.tld
  $rcmail_config['default_host'] = 'localhost';
  // TCP port used for IMAP connections
  $rcmail_config['default_port'] = 143;
  // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
  // best server supported one)
  $rcmail_config['imap_auth_type'] = null;
  // If you know your imap's folder delimiter, you can specify it here.
  // Otherwise it will be determined automatically
  $rcmail_config['imap_delimiter'] = null;
  // If IMAP server doesn't support NAMESPACE extension, but you're
  // using shared folders or personal root folder is non-empty, you'll need to
  // set these options. All can be strings or arrays of strings.
  // Folders need to be ended with directory separator, e.g. "INBOX."
  // (special directory "~" is an exception to this rule)
  // These can be used also to overwrite server's namespaces
  $rcmail_config['imap_ns_personal'] = null;
  $rcmail_config['imap_ns_other']    = null;
  $rcmail_config['imap_ns_shared']   = null;
  // By default IMAP capabilities are readed after connection to IMAP server
  // In some cases, e.g. when using IMAP proxy, there's a need to refresh the list
  // after login. Set to True if you've got this case.
  $rcmail_config['imap_force_caps'] = false;
  // By default list of subscribed folders is determined using LIST-EXTENDED
  // extension if available. Some servers (dovecot 1.x) returns wrong results
  // for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225
  // Enable this option to force LSUB command usage instead.
  $rcmail_config['imap_force_lsub'] = false;
  // Some server configurations (e.g. Courier) doesn't list folders in all namespaces
  // Enable this option to force listing of folders in all namespaces
  $rcmail_config['imap_force_ns'] = false;
  // IMAP connection timeout, in seconds. Default: 0 (no limit)
  $rcmail_config['imap_timeout'] = 0;
  // Optional IMAP authentication identifier to be used as authorization proxy
  $rcmail_config['imap_auth_cid'] = null;
  // Optional IMAP authentication password to be used for imap_auth_cid
  $rcmail_config['imap_auth_pw'] = null;
  // Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
  $rcmail_config['imap_cache'] = null;
  // Enables messages cache. Only 'db' cache is supported.
  $rcmail_config['messages_cache'] = false;
  // SMTP
  // SMTP server host (for sending mails).
  // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
  // If left blank, the PHP mail() function is used
  // Supported replacement variables:
  // %h - user's IMAP hostname
  // %n - http hostname ($_SERVER['SERVER_NAME'])
  // %d - domain (http hostname without the first part)
  // %z - IMAP domain (IMAP hostname without the first part)
  // For example %n = mail.domain.tld, %d = domain.tld
  $rcmail_config['smtp_server'] = 'localhost';
  // SMTP port (default is 25; use 587 for STARTTLS or 465 for the
  // deprecated SSL over SMTP (aka SMTPS))
  $rcmail_config['smtp_port'] = 25;
  // SMTP username (if required) if you use %u as the username Roundcube
  // will use the current username for login
  $rcmail_config['smtp_user'] = '';
  // SMTP password (if required) if you use %p as the password Roundcube
  // will use the current user's password for login
  $rcmail_config['smtp_pass'] = '';
  // SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
  // best server supported one)
  $rcmail_config['smtp_auth_type'] = '';
  // Optional SMTP authentication identifier to be used as authorization proxy
  $rcmail_config['smtp_auth_cid'] = null;
  // Optional SMTP authentication password to be used for smtp_auth_cid
  $rcmail_config['smtp_auth_pw'] = null;
  // SMTP HELO host
  // Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages
  // Leave this blank and you will get the server variable 'server_name' or
  // localhost if that isn't defined.
  $rcmail_config['smtp_helo_host'] = '';
  // SMTP connection timeout, in seconds. Default: 0 (no limit)
  $rcmail_config['smtp_timeout'] = 0;
  // SYSTEM
  // THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
  // ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
  $rcmail_config['enable_installer'] = false;
  // provide an URL where a user can get support for this Roundcube installation
  // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
  $rcmail_config['support_url'] = 'http://www.crawfordworks.ca/contact';
  // replace Roundcube logo with this image
  // specify an URL relative to the document root of this Roundcube installation
  $rcmail_config['skin_logo'] = null;
  // automatically create a new Roundcube user when log-in the first time.
  // a new user will be created once the IMAP login succeeds.
  // set to false if only registered users can use this service
  $rcmail_config['auto_create_user'] = true;
  // use this folder to store log files (must be writeable for apache user)
  // This is used by the 'file' log driver.
  $rcmail_config['log_dir'] = 'logs/';
  // use this folder to store temp files (must be writeable for apache user)
  $rcmail_config['temp_dir'] = 'temp/';
  // lifetime of message cache
  // possible units: s, m, h, d, w
  $rcmail_config['message_cache_lifetime'] = '10d';
  // enforce connections over https
  // with this option enabled, all non-secure connections will be redirected.
  // set the port for the ssl connection as value of this option if it differs from the default 443
  $rcmail_config['force_https'] = false;
  // tell PHP that it should work as under secure connection
  // even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
  // e.g. when you're running Roundcube behind a https proxy
  // this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
  $rcmail_config['use_https'] = false;
  // Allow browser-autocompletion on login form.
  // 0 - disabled, 1 - username and host only, 2 - username, host, password
  $rcmail_config['login_autocomplete'] = 0;
  // Forces conversion of logins to lower case.
  // 0 - disabled, 1 - only domain part, 2 - domain and local part.
  // If users authentication is not case-sensitive this must be enabled.
  // After enabling it all user records need to be updated, e.g. with query:
  // UPDATE users SET username = LOWER(username);
  $rcmail_config['login_lc'] = 0;
  // Includes should be interpreted as PHP files
  $rcmail_config['skin_include_php'] = false;
  // display software version on login screen
  $rcmail_config['display_version'] = false;
  // Session lifetime in minutes
  // must be greater than 'keep_alive'/60
  $rcmail_config['session_lifetime'] = 10;
  // session domain: .example.org
  $rcmail_config['session_domain'] = '';
  // session name. Default: 'roundcube_sessid'
  $rcmail_config['session_name'] = null;
  // Backend to use for session storage. Can either be 'db' (default) or 'memcache'
  // If set to memcache, a list of servers need to be specified in 'memcache_hosts'
  // Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed
  $rcmail_config['session_storage'] = 'db';
  // Use these hosts for accessing memcached
  // Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file
  $rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );
  // check client IP in session athorization
  $rcmail_config['ip_check'] = false;
  // check referer of incoming requests
  $rcmail_config['referer_check'] = false;
  // X-Frame-Options HTTP header value sent to prevent from Clickjacking.
  // Possible values: sameorigin|deny. Set to false in order to disable sending them
  $rcmail_config['x_frame_options'] = 'sameorigin';
  // this key is used to encrypt the users imap password which is stored
  // in the session record (and the client cookie if remember password is enabled).
  // please provide a string of exactly 24 chars.
  $rcmail_config['des_key'] = 'Qw4jLYQK+MyNLPIRmON7Lq+Z';
  // Automatically add this domain to user names for login
  // Only for IMAP servers that require full e-mail addresses for login
  // Specify an array with 'host' => 'domain' values to support multiple hosts
  // Supported replacement variables:
  // %h - user's IMAP hostname
  // %n - http hostname ($_SERVER['SERVER_NAME'])
  // %d - domain (http hostname without the first part)
  // %z - IMAP domain (IMAP hostname without the first part)
  // For example %n = mail.domain.tld, %d = domain.tld
  $rcmail_config['username_domain'] = '';
  // This domain will be used to form e-mail addresses of new users
  // Specify an array with 'host' => 'domain' values to support multiple hosts
  // Supported replacement variables:
  // %h - user's IMAP hostname
  // %n - http hostname ($_SERVER['SERVER_NAME'])
  // %d - domain (http hostname without the first part)
  // %z - IMAP domain (IMAP hostname without the first part)
  // For example %n = mail.domain.tld, %d = domain.tld
  $rcmail_config['mail_domain'] = '';
  // Password charset.
  // Use it if your authentication backend doesn't support UTF-8.
  // Defaults to ISO-8859-1 for backward compatibility
  $rcmail_config['password_charset'] = 'ISO-8859-1';
  // How many seconds must pass between emails sent by a user
  $rcmail_config['sendmail_delay'] = 0;
  // Maximum number of recipients per message. Default: 0 (no limit)
  $rcmail_config['max_recipients'] = 0;
  // Maximum allowednumber of members of an address group. Default: 0 (no limit)
  // If 'max_recipients' is set this value should be less or equal
  $rcmail_config['max_group_members'] = 0;
  // add this user-agent to message headers when sending
  $rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION;
  // use this name to compose page titles
  $rcmail_config['product_name'] = 'Tri Innovations Webmail';
  // try to load host-specific configuration
  // see http://trac.roundcube.net/wiki/Howto_Config for more details
  $rcmail_config['include_host_config'] = false;
  // path to a text file which will be added to each sent message
  // paths are relative to the Roundcube root folder
  $rcmail_config['generic_message_footer'] = '';
  // path to a text file which will be added to each sent HTML message
  // paths are relative to the Roundcube root folder
  $rcmail_config['generic_message_footer_html'] = '';
  // add a received header to outgoing mails containing the creators IP and hostname
  $rcmail_config['http_received_header'] = false;
  // Whether or not to encrypt the IP address and the host name
  // these could, in some circles, be considered as sensitive information;
  // however, for the administrator, these could be invaluable help
  // when tracking down issues.
  $rcmail_config['http_received_header_encrypt'] = false;
  // This string is used as a delimiter for message headers when sending
  // a message via mail() function. Leave empty for auto-detection
  $rcmail_config['mail_header_delimiter'] = NULL;
  // number of chars allowed for line when wrapping text.
  // text wrapping is done when composing/sending messages
  $rcmail_config['line_length'] = 72;
  // send plaintext messages as format=flowed
  $rcmail_config['send_format_flowed'] = true;
  // don't allow these settings to be overriden by the user
  $rcmail_config['dont_override'] = array();
  // Set identities access level:
  // 0 - many identities with possibility to edit all params
  // 1 - many identities with possibility to edit all params but not email address
  // 2 - one identity with possibility to edit all params
  // 3 - one identity with possibility to edit all params but not email address
  $rcmail_config['identities_level'] = 0;
  // Mimetypes supported by the browser.
  // attachments of these types will open in a preview window
  // either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
  $rcmail_config['client_mimetypes'] = null;  # null == default
  // mime magic database
  $rcmail_config['mime_magic'] = '/usr/share/misc/magic';
  // path to imagemagick identify binary
  $rcmail_config['im_identify_path'] = null;
  // path to imagemagick convert binary
  $rcmail_config['im_convert_path'] = null;
  // maximum size of uploaded contact photos in pixel
  $rcmail_config['contact_photo_size'] = 160;
  // Enable DNS checking for e-mail address validation
  $rcmail_config['email_dns_check'] = false;
  // PLUGINS
  // List of active plugins (in plugins/ directory)
  $rcmail_config['plugins'] = array();
  // USER INTERFACE
  // default messages sort column. Use empty value for default server's sorting,
  // or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'
  $rcmail_config['message_sort_col'] = '';
  // default messages sort order
  $rcmail_config['message_sort_order'] = 'DESC';
  // These cols are shown in the message list. Available cols are:
  // subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority'
  $rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment');
  // the default locale setting (leave empty for auto-detection)
  // RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
  $rcmail_config['language'] = null;
  // use this format for date display (date or strftime format)
  $rcmail_config['date_format'] = 'Y-m-d';
  // give this choice of date formats to the user to select from
  $rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y');
  // use this format for time display (date or strftime format)
  $rcmail_config['time_format'] = 'H:i';
  // give this choice of time formats to the user to select from
  $rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A');
  // use this format for short date display (derived from date_format and time_format)
  $rcmail_config['date_short'] = 'D H:i';
  // use this format for detailed date/time formatting (derived from date_format and time_format)
  $rcmail_config['date_long'] = 'Y-m-d H:i';
  // store draft message is this mailbox
  // leave blank if draft messages should not be stored
  // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
  $rcmail_config['drafts_mbox'] = 'Drafts';
  // store spam messages in this mailbox
  // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
  $rcmail_config['junk_mbox'] = 'Junk';
  // store sent message is this mailbox
  // leave blank if sent messages should not be stored
  // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
  $rcmail_config['sent_mbox'] = 'Sent Messages';
  // move messages to this folder when deleting them
  // leave blank if they should be deleted directly
  // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
  $rcmail_config['trash_mbox'] = 'Trash';
  // display these folders separately in the mailbox list.
  // these folders will also be displayed with localized names
  // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
  $rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent Messages', 'Junk', 'Trash');
  // automatically create the above listed default folders on first login
  $rcmail_config['create_default_folders'] = false;
  // protect the default folders from renames, deletes, and subscription changes
  $rcmail_config['protect_default_folders'] = true;
  // if in your system 0 quota means no limit set this option to true
  $rcmail_config['quota_zero_as_unlimited'] = false;
  // Make use of the built-in spell checker. It is based on GoogieSpell.
  // Since Google only accepts connections over https your PHP installatation
  // requires to be compiled with Open SSL support
  $rcmail_config['enable_spellcheck'] = true;
  // Enables spellchecker exceptions dictionary.
  // Setting it to 'shared' will make the dictionary shared by all users.
  $rcmail_config['spellcheck_dictionary'] = false;
  // Set the spell checking engine. 'googie' is the default. 'pspell' is also available,
  // but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here.
  $rcmail_config['spellcheck_engine'] = 'googie';
  // For a locally installed Nox Spell Server, please specify the URI to call it.
  // Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
  // Leave empty to use the Google spell checking service, what means
  // that the message content will be sent to Google in order to check spelling
  $rcmail_config['spellcheck_uri'] = '';
  // These languages can be selected for spell checking.
  // Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
  // Leave empty for default set of available language.
  $rcmail_config['spellcheck_languages'] = NULL;
  // Makes that words with all letters capitalized will be ignored (e.g. GOOGLE)
  $rcmail_config['spellcheck_ignore_caps'] = false;
  // Makes that words with numbers will be ignored (e.g. g00gle)
  $rcmail_config['spellcheck_ignore_nums'] = false;
  // Makes that words with symbols will be ignored (e.g. g@@gle)
  $rcmail_config['spellcheck_ignore_syms'] = false;
  // Use this char/string to separate recipients when composing a new message
  $rcmail_config['recipients_separator'] = ',';
  // don't let users set pagesize to more than this value if set
  $rcmail_config['max_pagesize'] = 200;
  // Minimal value of user's 'keep_alive' setting (in seconds)
  // Must be less than 'session_lifetime'
  $rcmail_config['min_keep_alive'] = 60;
  // Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
  // By default refresh time is set to 1 second. You can set this value to true
  // or any integer value indicating number of seconds.
  $rcmail_config['upload_progress'] = false;
  // Specifies for how many seconds the Undo button will be available
  // after object delete action. Currently used with supporting address book sources.
  // Setting it to 0, disables the feature.
  $rcmail_config['undo_timeout'] = 0;
  // ADDRESSBOOK SETTINGS
  // This indicates which type of address book to use. Possible choises:
  // 'sql' (default) and 'ldap'.
  // If set to 'ldap' then it will look at using the first writable LDAP
  // address book as the primary address book and it will not display the
  // SQL address book in the 'Address Book' view.
  $rcmail_config['address_book_type'] = 'sql';
  // In order to enable public ldap search, configure an array like the Verisign
  // example further below. if you would like to test, simply uncomment the example.
  // Array key must contain only safe characters, ie. a-zA-Z0-9_
  $rcmail_config['ldap_public'] = array();
  // If you are going to use LDAP for individual address books, you will need to
  // set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
  // The recommended directory structure for LDAP is to store all the address book entries
  // under the users main entry, e.g.:
  //  o=root
  //   ou=people
  //    uid=user@domain
  //  mail=contact@contactdomain
  // So the base_dn would be uid=%fu,ou=people,o=root
  // The bind_dn would be the same as based_dn or some super user login.
  * example config for Verisign directory
  $rcmail_config['ldap_public']['Verisign'] = array(
    'name'          => 'Verisign.com',
    // Replacement variables supported in host names:
    // %h - user's IMAP hostname
    // %n - http hostname ($_SERVER['SERVER_NAME'])
    // %d - domain (http hostname without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %d = domain.tld
    'hosts'         => array('directory.verisign.com'),
    'port'          => 389,
    'use_tls'                => false,
    'ldap_version'  => 3,       // using LDAPv3
    'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
    // %fu - The full username provided, assumes the username is an email
    //       address, uses the username_domain value if not an email address.
    // %u  - The username prior to the '@'.
    // %d  - The domain name after the '@'.
    // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
    // %dn - DN found by ldap search when search_filter/search_base_dn are used
    'base_dn'       => '',
    'bind_dn'       => '',
    'bind_pass'     => '',
    // It's possible to bind for an individual address book
    // The login name is used to search for the DN to bind with
    'search_base_dn' => '',
    'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
    // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
    'search_bind_dn' => '',
    'search_bind_pw' => '',
    // Default for %dn variable if search doesn't return DN value
    'search_dn_default' => '',
    // Optional authentication identifier to be used as SASL authorization proxy
    // bind_dn need to be empty
    'auth_cid'       => '',
    // SASL authentication method (for proxy auth), e.g. DIGEST-MD5
    'auth_method'    => '',
    // Indicates if the addressbook shall be hidden from the list.
    // With this option enabled you can still search/view contacts.
    'hidden'        => false,
    // Indicates if the addressbook shall not list contacts but only allows searching.
    'searchonly'    => false,
    // Indicates if we can write to the LDAP directory or not.
    // If writable is true then these fields need to be populated:
    // LDAP_Object_Classes, required_fields, LDAP_rdn
    'writable'       => false,
    // To create a new contact these are the object classes to specify
    // (or any other classes you wish to use).
    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
    // The RDN field that is used for new entries, this field needs
    // to be one of the search_fields, the base of base_dn is appended
    // to the RDN to insert into the LDAP directory.
    'LDAP_rdn'       => 'cn',
    // The required fields needed to build a new contact as required by
    // the object classes (can include additional fields not required by the object classes).
    'required_fields' => array('cn', 'sn', 'mail'),
    'search_fields'   => array('mail', 'cn'),  // fields to search in
    // mapping of contact fields to directory attributes
    //   for every attribute one can specify the number of values (limit) allowed.
    //   default is 1, a wildcard * means unlimited
    'fieldmap' => array(
      // Roundcube  => LDAP:limit
      'name'        => 'cn',
      'surname'     => 'sn',
      'firstname'   => 'givenName',
      'title'       => 'title',
      'email'       => 'mail:*',
      'phone:home'  => 'homePhone',
      'phone:work'  => 'telephoneNumber',
      'phone:mobile' => 'mobile',
      'phone:pager' => 'pager',
      'street'      => 'street',
      'zipcode'     => 'postalCode',
      'region'      => 'st',
      'locality'    => 'l',
  // if you uncomment country, you need to modify 'sub_fields' above
  //    'country'     => 'c',
      'department'  => 'departmentNumber',
      'notes'       => 'description',
  // these currently don't work:
  //    'phone:workfax' => 'facsimileTelephoneNumber',
  //    'photo'        => 'jpegPhoto',
  //    'organization' => 'o',
  //    'manager'      => 'manager',
  //    'assistant'    => 'secretary',
    // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country'
    'sub_fields' => array(),
    'sort'          => 'cn',    // The field to sort the listing by.
    'scope'         => 'sub',   // search mode: sub|base|list
    'filter'        => '(objectClass=inetOrgPerson)',      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
    'fuzzy_search'  => true,    // server allows wildcard search
    'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    'numsub_filter' => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
    'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    'referrals'     => true|false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
    // definition for contact groups (uncomment if no groups are supported)
    // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above)
    // if the groups base_dn is empty, the contact base_dn is used for the groups as well
    // -> in this case, assure that groups and contacts are separated due to the concernig filters!
    'groups'        => array(
      'base_dn'     => '',
      'scope'       => 'sub',   // search mode: sub|base|list
      'filter'      => '(objectClass=groupOfNames)',
      'object_classes' => array("top", "groupOfNames"),
      'member_attr'  => 'member',   // name of the member attribute, e.g. uniqueMember
      'name_attr'    => 'cn',       // attribute to be used as group name
  // An ordered array of the ids of the addressbooks that should be searched
  // when populating address autocomplete fields server-side. ex: array('sql','Verisign');
  $rcmail_config['autocomplete_addressbooks'] = array('sql');
  // The minimum number of characters required to be typed in an autocomplete field
  // before address books will be searched. Most useful for LDAP directories that
  // may need to do lengthy results building given overly-broad searches
  $rcmail_config['autocomplete_min_length'] = 1;
  // Number of parallel autocomplete requests.
  // If there's more than one address book, n parallel (async) requests will be created,
  // where each request will search in one address book. By default (0), all address
  // books are searched in one request.
  $rcmail_config['autocomplete_threads'] = 0;
  // Max. numer of entries in autocomplete popup. Default: 15.
  $rcmail_config['autocomplete_max'] = 15;
  // show address fields in this order
  // available placeholders: {street}, {locality}, {zipcode}, {country}, {region}
  $rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{country} {region}';
  // Matching mode for addressbook search (including autocompletion)
  // 0 - partial (*abc*), default
  // 1 - strict (abc)
  // 2 - prefix (abc*)
  // Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode
  $rcmail_config['addressbook_search_mode'] = 0;
  // USER PREFERENCES
  // Use this charset as fallback for message decoding
  $rcmail_config['default_charset'] = 'ISO-8859-1';
  // skin name: folder from skins/
  $rcmail_config['skin'] = 'larry';
  // show up to X items in messages list view
  $rcmail_config['mail_pagesize'] = 50;
  // show up to X items in contacts list view
  $rcmail_config['addressbook_pagesize'] = 50;
  // sort contacts by this col (preferably either one of name, firstname, surname)
  $rcmail_config['addressbook_sort_col'] = 'surname';
  // the way how contact names are displayed in the list
  // 0: display name
  // 1: (prefix) firstname middlename surname (suffix)
  // 2: (prefix) surname firstname middlename (suffix)
  // 3: (prefix) surname, firstname middlename (suffix)
  $rcmail_config['addressbook_name_listing'] = 0;
  // use this timezone to display date/time
  // valid timezone identifers are listed here: php.net/manual/en/timezones.php
  // 'auto' will use the browser's timezone settings
  $rcmail_config['timezone'] = 'auto';
  // prefer displaying HTML messages
  $rcmail_config['prefer_html'] = true;
  // display remote inline images
  // 0 - Never, always ask
  // 1 - Ask if sender is not in address book
  // 2 - Always show inline images
  $rcmail_config['show_images'] = 0;
  // compose html formatted messages by default
  // 0 - never, 1 - always, 2 - on reply to HTML message only
  $rcmail_config['htmleditor'] = 0;
  // show pretty dates as standard
  $rcmail_config['prettydate'] = true;
  // save compose message every 300 seconds (5min)
  $rcmail_config['draft_autosave'] = 300;
  // default setting if preview pane is enabled
  $rcmail_config['preview_pane'] = false;
  // Mark as read when viewed in preview pane (delay in seconds)
  // Set to -1 if messages in preview pane should not be marked as read
  $rcmail_config['preview_pane_mark_read'] = 0;
  // Clear Trash on logout
  $rcmail_config['logout_purge'] = false;
  // Compact INBOX on logout
  $rcmail_config['logout_expunge'] = false;
  // Display attached images below the message body
  $rcmail_config['inline_images'] = true;
  // Encoding of long/non-ascii attachment names:
  // 0 - Full RFC 2231 compatible
  // 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
  // 2 - Full 2047 compatible
  $rcmail_config['mime_param_folding'] = 0;
  // Set true if deleted messages should not be displayed
  // This will make the application run slower
  $rcmail_config['skip_deleted'] = false;
  // Set true to Mark deleted messages as read as well as deleted
  // False means that a message's read status is not affected by marking it as deleted
  $rcmail_config['read_when_deleted'] = true;
  // Set to true to never delete messages immediately
  // Use 'Purge' to remove messages marked as deleted
  $rcmail_config['flag_for_deletion'] = false;
  // Default interval for keep-alive/check-recent requests (in seconds)
  // Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime'
  $rcmail_config['keep_alive'] = 60;
  // If true all folders will be checked for recent messages
  $rcmail_config['check_all_folders'] = false;
  // If true, after message delete/move, the next message will be displayed
  $rcmail_config['display_next'] = false;
  // 0 - Do not expand threads
  // 1 - Expand all threads automatically
  // 2 - Expand only threads with unread messages
  $rcmail_config['autoexpand_threads'] = 0;
  // When replying place cursor above original message (top posting)
  $rcmail_config['top_posting'] = false;
  // When replying strip original signature from message
  $rcmail_config['strip_existing_sig'] = true;
  // Show signature:
  // 0 - Never
  // 1 - Always
  // 2 - New messages only
  // 3 - Forwards and Replies only
  $rcmail_config['show_sig'] = 1;
  // When replying or forwarding place sender's signature above existing message
  $rcmail_config['sig_above'] = false;
  // Use MIME encoding (quoted-printable) for 8bit characters in message body
  $rcmail_config['force_7bit'] = false;
  // Defaults of the search field configuration.
  // The array can contain a per-folder list of header fields which should be considered when searching
  // The entry with key '*' stands for all folders which do not have a specific list set.
  // Please note that folder names should to be in sync with $rcmail_config['default_folders']
  $rcmail_config['search_mods'] = null;  // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1));
  // Defaults of the addressbook search field configuration.
  $rcmail_config['addressbook_search_mods'] = null;  // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
  // 'Delete always'
  // This setting reflects if mail should be always deleted
  // when moving to Trash fails. This is necessary in some setups
  // when user is over quota and Trash is included in the quota.
  $rcmail_config['delete_always'] = false;
  // Directly delete messages in Junk instead of moving to Trash
  $rcmail_config['delete_junk'] = false;
  // Behavior if a received message requests a message delivery notification (read receipt)
  // 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
  // 3 = send automatically if sender is in addressbook, otherwise ask the user
  // 4 = send automatically if sender is in addressbook, otherwise ignore
  $rcmail_config['mdn_requests'] = 0;
  // Return receipt checkbox default state
  $rcmail_config['mdn_default'] = 0;
  // Delivery Status Notification checkbox default state
  $rcmail_config['dsn_default'] = 0;
  // Place replies in the folder of the message being replied to
  $rcmail_config['reply_same_folder'] = false;
  // Sets default mode of Forward feature to "forward as attachment"
  $rcmail_config['forward_attachment'] = false;
  // Defines address book (internal index) to which new contacts will be added
  // By default it is the first writeable addressbook.
  // Note: Use '0' for built-in address book.
  $rcmail_config['default_addressbook'] = null;
  // Enables spell checking before sending a message.
  $rcmail_config['spellcheck_before_send'] = false;
  // Skip alternative email addresses in autocompletion (show one address per contact)
  $rcmail_config['autocomplete_single'] = false;
  // Default font for composed HTML message.
  // Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New,
  // Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana
  $rcmail_config['default_font'] = '';
  // end of config file

• Recently cerated Open Directory user accounts not able to login.

  Hello Everyone,
  I recently updated our companies Maverick server to version 3.2.1 and now some of my users are unable to login to our Open Directory server. Our server is currently running OS X 10.9.5 Build 13F34. The server log out put is the following when a user attempts to login to Open Directory.
  12/8/14 11:35:46.995 AM kdc[3049]: AS-REQ [email protected] from 192.168.15.95:59274 for krbtgt/[email protected]
  12/8/14 11:35:47.003 AM kdc[3049]: AS-REQ [email protected] from 192.168.15.95:59274 for krbtgt/[email protected]
  12/8/14 11:35:47.004 AM kdc[3049]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
  12/8/14 11:35:47.011 AM kdc[3049]: AS-REQ [email protected] from 192.168.15.95:50783 for krbtgt/[email protected]
  12/8/14 11:35:47.016 AM kdc[3049]: AS-REQ [email protected] from 192.168.15.95:50783 for krbtgt/[email protected]
  12/8/14 11:35:47.017 AM kdc[3049]: Client sent patypes: ENC-TS
  12/8/14 11:35:47.017 AM kdc[3049]: ENC-TS pre-authentication succeeded -- [email protected]
  12/8/14 11:35:47.019 AM kdc[3049]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
  12/8/14 11:35:47.019 AM kdc[3049]: Requested flags: forwardable
  12/8/14 11:35:47.282 AM kdc[3049]: TGS-REQ [email protected] from 192.168.15.95:50911 for host/[email protected] [canonicalize, forwardable]
  12/8/14 11:35:47.283 AM kdc[3049]: Searching referral for mbpe-0c4de9abba49.local
  12/8/14 11:35:47.284 AM kdc[3049]: Server not found in database: krbtgt/[email protected]: no such entry found in hdb
  12/8/14 11:35:47.285 AM kdc[3049]: Failed building TGS-REP to 192.168.15.95:50911
  12/8/14 11:35:47.289 AM kdc[3049]: TGS-REQ [email protected] from 192.168.15.95:64376 for krbtgt/[email protected] [forwardable]
  12/8/14 11:35:47.290 AM kdc[3049]: Server not found in database: krbtgt/[email protected]: no such entry found in hdb
  12/8/14 11:35:47.290 AM kdc[3049]: Failed building TGS-REP to 192.168.15.95:64376
  Note: I have rebuild Open Directory and still see the message above when users attempt to login. Also, I have not changed the name of the server, all server certificates are valid and for some reason time machine restores is not working. I have tried to restore the server back to June and it made the issue worse.
  Any help would be appreciated.

  Thank you for you reply Linc. Unfortunately I tried this already and it did not fix my issue. I checked the Open directory startup log and found a possible issue with the domain name in the startup file and the signing certificate. The domain name has a $ and it can find the signing certifiate with a public key. Please take a look below and let me know what you think?
  12/8/14 11:02:42.961 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:63580 for krbtgt/[email protected]
  12/8/14 11:02:42.975 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:43.082 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:52257 for krbtgt/[email protected]
  12/8/14 11:02:43.093 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:43.621 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:64357 for krbtgt/[email protected]
  12/8/14 11:02:43.633 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:43.893 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:64619 for krbtgt/[email protected]
  12/8/14 11:02:43.904 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:44.191 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:61095 for krbtgt/[email protected]
  12/8/14 11:02:44.210 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:44.560 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:52115 for krbtgt/[email protected]
  12/8/14 11:02:44.576 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:45.016 PM UserEventAgent[18]: Registered Workstation service - wdpmosx [68:5b:35:ca:f7:4b]._workstation._tcp.
  12/8/14 11:02:45.193 PM kdc[13708]: AS-REQ [email protected] from 127.0.0.1:54745 for krbtgt/[email protected]
  12/8/14 11:02:45.208 PM kdc[13708]: UNKNOWN -- [email protected]: no such entry found in hdb
  12/8/14 11:02:45.554 PM kdc[13723]: label: WDPMOSX.XYZ.ORG
  12/8/14 11:02:45.554 PM kdc[13723]: dbname: od:/LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi
  12/8/14 11:02:45.554 PM kdc[13723]: mkey_file: /var/db/krb5kdc/m_key.WDPMOSX.XYZ.ORG
  12/8/14 11:02:45.555 PM kdc[13723]: acl_file: /var/db/krb5kdc/acl_file.WDPMOSX.XYZ.ORG
  12/8/14 11:02:45.568 PM kdc[13723]: PKINIT: failed to find a signing certifiate with a public key
  12/8/14 11:02:45.618 PM kdc[13723]: KDC started
  Thanks again.