Table Of Contents

Previous topic

Kolab Freebusy Service Settings Reference

Next topic

Glossary

This Page

Roundcube Settings Reference Guide

Roundcube is configured using a default settings file, a settings file for site-specific configuration, host-specific configuration files, and configuration files specific to plugins.

The configuration inheritance model looks as follows:

config/defaults.inc.php

This configuration file ships the default settings for Roundcube.

Note

On the expanded sources (from tarball releases), this file is at your/install/path/config/defaults.inc.php. On packaged distributions however, this path is a symbolic link to /etc/roundcubemail/defaults.inc.php.

config/config.inc.php

Site-specific global settings are in this configuration file.

Note

On the expanded sources (from tarball releases), this file starts out as your/install/path/config/config.inc.php.dist.

You would rename this original .dist file to your/install/path/config/config.inc.php, but on packaged distributions, this is already done by the packaging. Similar to defaults.inc.php, this configuration file also lives in /etc/roundcubemail/, at /etc/roundcubemail/config.inc.php to be precise, and a symbolic link is created from to original file location to this location.

config/<site>.inc.php

<site> being a placeholder for an arbitrary site name, Roundcube allows the inclusion of additional configuration using the include_host_config setting.

This is, however, NOT the recommended solution.

plugins/<plugin_name>/config.inc.php

Each plugin that requires configuration ships a config.inc.php.dist.

As you may have suspected, these configuration files too are created symbolic links for, to /etc/roundcubemail/<plugin_name>.inc.php.

Since the configuration files are PHP code that is being executed while the configuration loads, one might add include statements such that configured condititions load additional configuration files on top of the aforementioned four (types).

For example, /etc/roundcubemail/config.inc.php might have a segment to establish defaults at the start, then include a site specific configuration file:

// Do test whether the file exists before requiring it.
if (file_exists(dirname(__FILE__) . PATH_SEPARATOR . $_SERVER["HTTP_HOST"] . PATH_SEPARATOR . basename(__FILE__))) {
    require_once(dirname(__FILE__) . PATH_SEPARATOR . $_SERVER["HTTP_HOST"] . PATH_SEPARATOR . basename(__FILE__));
}

and then re-apply mandatory defaults:

$mandatory_plugins = Array(
        'kolab_auth',           # Applies globally required routines
                                # including authentication,
                                # authorization and canonification.

        'kolab_folders',        # Hides groupware folders if the
                                # plugins for them are not loaded.
    );

foreach ( $mandatory_plugins as $num => $plugin ) {
    if (!in_array($plugin, $config['plugins'])) {
            $config['plugins'][] = $plugin;
    }
}

Database Settings

db_dsnr

The database URI read-only operations.

Read operations are executed against this URI, but – by default – only if there is no penalty requiring Roundcube to reconnect or separately connect to this DSN after one or more write operations.

In a replicated database environment, the write vs. read operations might be balanced unfairly – see db_dsnw_noread.

db_dsnw

The write DSN to the database.

If specified exclusively, meaning db_dsnr is an empty value, or the same value, the write DSN becomes the database URI for both write and read operations.

db_dsnw_noread

Only applicable if db_dsnr is set to a non-empty value not equal to db_dsnw, this setting adjusts the default behaviour of Roundcube with regards to database read operations.

By default, when Roundcube writes out to a database, subsequent read operations are executed over the same database connection.

This may not be desirable in a replicated database environment, for most page hits (by far) include one or more write operations against the database – such as an update to the session – resulting in write vs. read operations being unfairly balanced between the write master(s) and read-only slave(s).

Set db_dsnw_noread to true to ensure all read operations are executed against read slave(s) rather then write master(s), despite the potential overhead in needing to create a new database connection, and regardless of the read slave(s) potentially lagging in replication.

Note

Setting db_dsnw_noread to true implies you have your database replication sorted out, and monitored continuously.

There is great benefit in enabling this setting when you have multiple read slaves with optimal query cache settings, versus limited numbers of write masters.

db_persistent

Whether or not pconnect() or simply connect() capabilities should be used if at all available.

Persistent connections, as the name suggests, are not closed when the processing of a request ends. When using persistent connections, you’re trusting the verification routines that PHP applies to make sure a connection that was around already, and is being re-used, is not suddenly privileged more or less than it should be, and is the right database server and database.

You enable persistent connections to reduce the overhead of needing to build new database connections on every request.

db_prefix

Prefix Roundcube’s table names with the prefix configured here.

When, for example, only a single database is available to you, should multiple applications you wish to run both have a table named users, than specify a db_prefix to make sure the Roundcube table for users can be created next to an existing table users, and avoid the conflict in the schema definitions for the tables.

Example Configuration

$config['db_prefix'] = 'rc_';

db_table_dsn

Sadly, this setting has not yet been documented.

See also

For more database related settings, see also:

IMAP Settings

imap_cache

Cache generic IMAP metadata, such as lists of mailboxes, and the last known status of each mailbox in that list.

The default for Roundcube is set to null, meaning not cache anything. In Kolab Groupware, the default is db (see below).

In many deployments, disk I/O on the IMAP server is a major concern and possibly a bottleneck, so it is recommended to turn on caching.

If caching is not enabled, Roundcube will address IMAP directly every time it needs metadata about IMAP folders.

Valid values include one of:

  • db

    Store IMAP caches in the database configured with db_dsnw.

    In Kolab Groupware, this is made the default, as it does not introduce any additional requirements to the environment.

    Using the database for IMAP caches however does introduce a little bit of overhead, for connections need to be made, authenticated, databases selected, connections authorized, queries be executed, authorized and awaited the answer for. That said, IMAP caches make little use of the relational capabilities of such database.

  • apc

    Store IMAP caches in the Alternative PHP Cache (or “APC) – the memory segment(s) for PHP originally intended to store already binary compiled PHP code, so that PHP does not need to read from disk, interpret, compile and execute the PHP code every time a user hits a page.

    Note

    It is recommended to use APC for caching binary compiled PHP code, but it is not recommended to use APC for IMAP caches.

  • memcache

    Store the IMAP caches in memcache, configured using memcache_hosts.

    Memcache introduces far less overhead compared to a relational database, and does not require authentication and authorization.

    For larger deployments, this is the recommended setting. However, you would need to configure memcache hosts, and making those highly available is possible with replicated memcached daemons available and supported only as part of Kolab Enterprise 13 and later enterprise editions.

imap_cache_ttl

The Time To Live (TTL) for the IMAP caches – the time it should be considered valid, or expunged from the current caches at the first opportunity.

Really applicable when used alongside a caching technology that allows the retention to be specified upon entry, and purges caches automatically.

This setting controls, for example, how long folder lists are retained in cache.

With the folder list being cached, should the user create a folder and subscribe the folder (using a different client), than the web client session will have to wait for as long as the imap_cache is within its defined TTL before it is made visible automatically, or, alternatively, the user might look in his Settings > Folders to bypass caches and refresh the folder list.

messages_cache

Controls whether or not to cache messages.

Valid configuration values are limited to db only, for message caching makes extensive use of the relational capabilities of the database.

Store cached messages in the database configured with db_dsnw.

messages_cache_threshold

Messages with a size over the configured threshold are not cached.

This allows an administrator to make sure no cheap 30 MB videos of cats wearing a custome end up in the expensive database.

messages_cache_ttl

Messages are usually displayed ordered by date (of submission or arrival), with the most recent few first.

In effect, this tends to result in a view that does underappreciate older messages – they are not regularly displayed in the user’s mail (list) views.

Since these messages are only retrieved occasionally, it makes sense to not spend too much cache capacity on these messages.

Set messages_cache_ttl to the maximum amount of time that may have passed since the message became available, during which caching is still considered appropriate.

Note

A rule of thumb for establishing the appropriate TTL for the messages cache would be to cache 2 times a single mail_pagesize for any one mail folder (using the default, that would amount to 80 messages).

Example: Low-turnover Sites

Example settings with only a few mails per week per mail folder, and not too many users.

$config['messages_cache_ttl'] = '3m';       # Three months

Example: High-turnover Sites

$config['messages_cache_ttl'] = '5d';       # 5 days

Note

The messages_cache_ttl does not impact the kolab_cache, but may impact the applicability of kolab_messages_cache_bypass being set to 0.

memcache_hosts

Configure a list of memcached hosts to use for caches and/or storage.

Usually, it is sufficient to use one memcached host address in this list, and this one memcached host address might be a load-balanced, high-availability replicated memcached cluster.

Replicated memcached is available and supported only as part of Kolab Enterprise 13, and later, however.

Use multiple addresses in case the size of all information stored exceeds the capacity of one (replicated) memcached host.

Example Configuration for a Replicated Memcached Cluster

$config['memcache_hosts'] = Array(
        'memcached.example.org:11211'
    );

Example Configuration for Multiple Memcached Hosts

$config['memcache_hosts'] = Array(
        'memcached1.example.org:11211',
        'memcached2.example.org:11211'
    );

delete_always

This setting controls whether mail should be deleted, even when moving the mail to the Trash folder fails.

Note

This setting has no effect in a default Kolab Groupware installation, which does not attempt to move the mail to the Trash folder in the first place.

delete_junk

Delete messages marked as junk right-away, and do not move them to the Trash folder.

logout_expunge

Expunge a user’s INBOX upon logout. To expunge a user’s INBOX means to issue an EXPUNGE command to the IMAP server, deleting all messages from the mailbox that have previously been flagged as Deleted.

Note

Note that this requires a successful logout, and does not kick in when the browser (tab) is simply closed.

logout_purge

Purge the Trash folder upon successful logout.

Note

Note that this requires a successful logout, and does not kick in when the browser (tab) is simply closed.

flag_for_deletion

When a user deletes a message, should Roundcube flag the message as deleted in IMAP, or move the message to the Trash folder?

The default in Kolab Groupware is to flag a message as deleted.

create_default_folders

Whether or not Roundcube should create the default folders configured for the user.

This includes, for example, the folders for sent items and the trash folder.

Note

In a Kolab Groupware environment, a set of default folders is usually created by the Kolab daemon. Which folders are created is controlled through the autocreate_folders setting in kolab.conf(5).

default_folders

This setting is obsolete and should not be used.

junk_mbox

The name of the folder to use as the Junk folder.

protect_default_folders

Protect the configured create_default_folders from being unsubscribed.

check_all_folders

If true all folders will be checked for recent messages.

default_host

The default_host setting configures the IMAP server address to connect to, and if omitted, allows the user to specify the IMAP server address.

A drop-down select list could be provided by configuring default_host as follows:

$config['default_host'] = Array(
        'imap.example.org',
        'tls://imap.gmail.com',
        (...)
    );

To show user-friendly, legible labels instead of server addresses, give each of the items in the list a value:

$config['default_host'] = Array(
        'imap.example.org' => "Example",
        'tls://imap.gmail.com' => "GMail",
        (...)
    );

Neither of these options is used by Kolab Groupware. By default, the default_host is set to tls://localhost.

For environments with multiple parent or alias domains, and hosted environments, and co-located service providers, we recommend using the file inclusion method outlined at the very start of the Roundcube Settings Reference Guide, for the flexibility required in such environments is likely to exceed just the IMAP server address to use.

Furthermore, Kolab Groupware really likes the Cyrus IMAP Murder topology, where the IMAP server address used to connect to matters less.

default_port

TCP port used for IMAP connections

imap_auth_cid

Optional IMAP authentication identifier to be used as authorization proxy

imap_auth_pw

Optional IMAP authentication password to be used for imap_auth_cid

imap_auth_type

IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use best server supported)

imap_delimiter

Set the delimiter to use in IMAP.

Be warned that the delimiter is a hierarchy element (i.e., for nested folders), and often has implications if configured incorrectly.

The default is not configured, so that the results of the IMAP command NAMESPACE are interpreted. This is the recommended setting, and we suggest you only fiddle with this setting should your IMAP server not support the NAMESPACE command.

imap_disabled_caps

Specify a list of capabilities to filter from the capabilities advertised by the server.

Useful if you do not have control over the server, so useless for Kolab Groupware deployments in production (but useful again in testing and development).

Examples of capabilities advertised by a server that you may want to disable include ESEARCH for UW-IMAP.

Default: Array()

imap_force_caps

By default IMAP capabilities are readed after connection to IMAP server In some cases, e.g. when using IMAP proxy, there’s a need to refresh the list after login. Set to True if you’ve got this case.

imap_force_lsub

Force the use of the LSUB command over the LIST-EXTENDED command to list folders.

Some IMAP servers (including Dovecot 1.x) return wrong results when using LIST-EXTENDED.

imap_force_ns

Some server configurations (e.g. Courier) doesn’t list folders in all namespaces Enable this option to force listing of folders in all namespaces

imap_ns_other

Sadly, this setting has not yet been documented.

imap_ns_personal

Sadly, this setting has not yet been documented.

imap_ns_shared

Sadly, this setting has not yet been documented.

imap_timeout

IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout)

min_refresh_interval

Minimal value of user’s ‘refresh_interval’ setting (in seconds)

no_save_sent_messages

Disables saving sent messages in Sent folder (like gmail) (Default: false) Note: useful when SMTP server stores sent mail in user mailbox

quota_zero_as_unlimited

if in your system 0 quota means no limit set this option to true

refresh_interval

Default interval for auto-refresh requests (in seconds) These are requests for system state updates e.g. checking for new messages, etc. Setting it to 0 disables the feature.

sent_mbox

Store sent message is this mailbox. Leave blank if sent messages should not be stored. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)

skip_deleted

Set true if deleted messages should not be displayed This will make the application run slower

trash_mbox

Move messages to this folder when deleting them. Leave blank if they should be deleted directly. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP).

LDAP Settings

ldap_public

A list of so-called Global Address Books, or Global Address Lists, useful for auto-completion of addresses being typed in to the To, CC and BCC fields when composing an email, when using the ACL plugin, and for searches from mobile devices and desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony).

The first item configured here is the identifier of the address book. That being said, an example would look as follows:

$config['ldap_public'] = Array(
        'addressbook1' => Array(
                (... settings for address book #1 omitted ...)
            ),

        'addressbook2' => Array(
                (... settings for address book #2 omitted ...)
            ),
    );

While it is not very common to have multiple global address books, some organizations put one address book in the list of address books to use for auto-completion, and use another address book to store a copy of the local phone book – you know, with residents and businesses in the area – or address books of partner organizations.

Using the autocomplete_addressbooks setting, one address book can be used for auto-completion, while the other address book is available for searching in the web client, on mobile devices and using desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony).

A large amount of settings are available for the global address books. By default, Kolab Groupware configures the organization’s address book to use a set of configuration options that is designed to provide an easy growth-path to beyond 1.000 entries.

name

The name of the address book as it is presented in Roundcube.

Example:

$config['ldap_public'] = Array(
        'addressbook1' => Array(
                'name' => 'Global Address Book',
            ),
    );

Note

The label used here is not available for localization.

hosts

A list of LDAP server addresses to use to connect to.

Magic configuration values are available:

%h

The user’s IMAP hostname.

%n

The value of $_SERVER['SERVER_NAME'].

Warning

The $_SERVER['SERVER_NAME'] value is not the same as the $_SERVER['HTTP_HOST'] value.

$_SERVER['SERVER_NAME'] is a server-side configuration item, $_SERVER['HTTP_HOST'] is an item specified by the client.

%t

The value of $_SERVER['SERVER_NAME'] but without the hostname – ergo, this is the domain name space that $_SERVER['SERVER_NAME'] resides in.

For a webserver virtualhost named webmail.example.org, %t is example.org.

For a webserver virtualhost named webmail.someone.somewhere.tld, %t is someone.somewhere.tld.

port

The port to use to connect to LDAP.

Note

Note that the port number specified here is used for all server addresses configured in hosts.

use_tls

Whether or not to encrypt the connection. Useful with port set to 389 (explicit SSL through STARTTLS), not so much with the port set to 636 (implicit SSL).

ldap_version

The LDAP protocol version to use. Set this to 3 or be prepared to be (unpleasantly) surprised.

network_timeout

The timeout.

user_specific

Whether or not to bind to LDAP with the user’s credentials, as opposed to global credentials, allowing for organizations to hide or show parts of the Directory Information Tree hierarchy, and/or hide or show certain attributes of certain entries.

Set this to true – the default in Kolab Groupware – and configure search_base_dn and search_filter, and if anonymous binding is not allowed – the default in Kolab Groupware – or anonymous searches are not allowed – the default in Kolab Groupware – also configure search_bind_dn and search_bind_pw.

Note

There is no setting for the search scope.

base_dn

The base DN to use for searching entries to be presented in the global address book, such as ou=Employees,ou=People,dc=example,dc=org.

See group_filters for more examples on what else this allows you to do.

bind_dn

The bind dn to use for displaying the address book. Kolab Groupware sets this to %dn by default, to have the connection be bound with the user’s credentials.

bind_pass

The password, which when bind_dn is set to %dn (the default), better be %p.

config_root_dn

Use config_root_dn to search for VLV and SSS settings.

domain_base_dn

domain_filter

domain_name_attr

domain_result_attr

search_base_dn

When searching for object entries that match the logged in user, start searching at this base DN.

Useful when you want to limit who can use the address book with their own credentials, versus ‘anonymously’, and/or when attribute values searched for are not globally unique.

One could set base_dn to ou=People,dc=example,dc=org, while setting search_base_dn to ou=Management,ou=Employees,ou=People,dc=example,dc=org.

One could then set an ACL on ou=Employees,ou=People,dc=example,dc=org, that does not permit the credentials configured in search_dn_default to read certain attributes of entries, such as street, mobile, and other such information that might be personal in nature.

search_filter

When searching for object entries that match the logged in user, use the search filter configured with this setting.

Magic configuration values are available:

%fu

The full username, usually also the user’s primary email address, though possibly of the form <username>@<imaphostname>.

The full extent of possibilities (which depend on configuration and plugins interacting with the authentication process) is beyond the scope of this document, so suffice it to say that The kolab_auth Plugin applies a process called canonification that makes %fu be substituted by the fully qualified primary recipient email address of the Kolab user.

In Kolab Groupware, by default, the attribute value of mail is used.

This is also the user’s mailbox name (user/<mail> or user/john.doe@example.org for user john.doe@example.org) and is globally unique.

Example: (&(objectclass=kolabinetorgperson)(mail=%fu)).

%u

The username local part, or “everything before the ‘@’”.

In john.doe@example.org, this would become john.doe.

To allow users to log in with their uid attribute value, one could specify (&(objectclass=kolabinetorgperson)(uid=%u)).

%d

The domain name space of the username, or “everything after the ‘@’”.

In john.doe@example.org, this would become example.org.

%dc

The root dn that corresponds with the domain name space used to login.

When john.doe@example.org logs in, the domain name space of example.org would typically correspond with a root dn of dc=example,dc=org – if example.org is a parent domain name space and no domain_result_attribute is available for the domainrelatedobject entry.

search_bind_dn

The bind dn to use when searching for object entries that match the user currently logged in.

This should be a privileged entity that is allowed to search throughout the tree configured in search_base_dn, but has no privileges other than to read the relevant attributes of entries.

By default, Kolab Groupware configures this setting to be the same setting used for Postfix lookup tables, namely uid=kolab-service,ou=Special Users,dc=example,dc=org.

This entry has specific search, time and lookthrough limitations configured, allowing it to search throughout the entire Directory Information Tree hierarchy.

search_bind_pw

The bind password to use alongside search_bind_dn.

search_bind_attrib

Undocumented.

search_dn_default

Undocumented.

auth_cid

Not used in Kolab Groupware.

auth_method

Not used in Kolab Groupware.

hidden

A boolean, this configuration option allows you to hide this address book from the address book task view. Default: false.

searchonly

Renders the address book searchable only – meaning, its contents cannot be browsed. Default: false.

writable

Not used in Kolab Groupware.

LDAP_Object_Classes

Not used in Kolab Groupware.

LDAP_rdn

Not used in Kolab Groupware.

required_fields

Not used in Kolab Groupware.

search_fields

A list of attribute names to search values for, when searching is executed.

Default: displayName, mail.

Note

Only list attribute names for which the appropriate indexes have been created. In the context of searching, presence and equality indexes are insufficient.

Note

The attribute alias is not included by default, because the attribute does not – by default – have an index created on it. See Controlling Indexes and Indexing for information on indexes.

fieldmap

The fieldmap maps LDAP attribute names to Roundcube placeholder names.

Example

'fieldmap' => Array(
        'name'          => 'displayName',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'initials'      => 'initials',
        'jobtitle'      => 'title',
        'email'         => 'mail:*'
        'phone:home'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'department'    => 'ou',
        (...)
    ),

sub_fields

Undocumented.

autovalues

Undocumented.

sort

A list of attribute names to sort entries by.

Kolab Groupware uses a default of displayname, sn, givenname, cn, in that order, which very much corresponds with the default Server-Side Sorting configuration we recommend you use when your Directory Information Tree is likely to contain over 1.000 entries.

See also

scope

The search scope to use when looking for address book entries, starting at the base_dn.

filter

The filter to use when searching for entries to display in the address book.

By default, Kolab Groupware sets this to (objectclass=inetorgperson), so that not only Kolab users ((objectclass=kolabinetorgperson)) are a part of the address book, but any non-Kolab users in LDAP, and any non-Groupware users (such as external contacts) are part of the address book too.

See also

vlv

true or false (default), the vlv boolean configures Roundcube to use the server-side Virtual List View control, ideal for sorting, pagination and – a particular feature of Kolab Groupware’s Net/LDAP3 – responsive, fuzzy searching capabilities regardless of the size of the Directory Information Tree.

In order to automatically delect available VLV indexes, the option config_root_dn needs to be set as well.

See also

numsub_filter

With vlv enabled, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting.

Only set this option if your php-ldap module doesn’t support the ldap_parse_virtuallist_control() function which is part of an unofficial patch to php-ldap.

config_root_dn

The base DN to be used for searching LDAP configuration sesstings such as VLV indexes. Set to cn=config as the default value for standard Kolab setups.

Without this option, no VLV will be used for LDAP queries.

sizelimit

Undocumented.

timelimit

Undocumented.

referrals

Undocumented.

groups

Undocumented.

base_dn

Undocumented.

scope

Undocumented.

filter

Undocumented.

object_classes

Undocumented.

member_attr

Undocumented.

name_attr

Undocumented.

email_attr

Undocumented.

member_filter

Undocumented.

vlv

Undocumented.

class_member_attr

Undocumented.

group_filters

Group filters are used for advanced navigation of LDAP hierarchies, using the web client’s address book pages.

name

Undocumented.

scope

Undocumented.

base_dn

Undocumented.

filter

Undocumented.

name_attr

Undocumented.

ldap_cache

Type of LDAP cache. Supported values: ‘db’, ‘apc’ and ‘memcache’.

ldap_cache_ttl

Lifetime of LDAP cache. Possible units: s, m, h, d, w

autocomplete_addressbooks

Specify a list of address books to search for auto-completion.

The list includes the names of address books as they are defined in ldap_public – i.e. we start that section by naming ‘addressbook1’ and ‘addressbook2’, and those are the names you use here.

Note

Names of Kolab address books do not need to be included in the list of address books to use for autocompletion.

Session & Login Configuration

assets_path

The assets_path setting controls where Roundcube (and also plugins) point the user’s browser to to obtain static content such as skin markup files (Cascaded Style Sheets or CSS files) and JavaScript files, commonly referred to as assets.

In combination with use_secure_urls, which enforces a dynamic base URL to Roundcube, this helps the browsers retain their cached assets and prevents page load times from increasing.

New in version roundcubemail-1.0.1: Available for Kolab Enterprise 13

New in version roundcubemail-1.1: Available with Kolab 3.3

See also

ip_check

Enforce a session may only come from one source IP address.

Should a user be a roaming user – for example, connect from one source IP address that is one Wifi network, and later connect from another source IP address that is another Wifi network – then enabling the IP check using this setting will force the existing session to be invalidated, and require the user to login again.

This is useful for paranoid tracking of user’s session validity with as many parameters as possible, but also has major caveats.

To have to login again is not user-friendly, and some networks employ load-balanced outgoing connections (with help of proxies) – meaning that the user may appear to come from two or more separate source IP addresses, while in fact the user has not been roaming.

login_autocomplete

Enable or disable parts of the login form to allow for auto-completion.

This setting knows three distinct values:

  • 0, meaning no parts of the login form should be remembered by the browser.

  • 1, meaning the login username may be remembered.

    Note

    Note that the login username is a regular form field, and as such it may be difficult for the user to opt-out of remembering the form field value.

  • 2, meaning the login username and password may both be remembered.

    Warning

    This leaves the user to choose whether or not to store the password using the browser, but still implies the login username is remembered – without too many options to opt-out of that.

    As such, this setting should only be set to 2, if the users are known to only use private and personal computers.

The default in Kolab Groupware is to indicate to the browser no form field values should be remembered (0).

login_lc

Should Roundcube lower-case the login username? A boolean, the default in Kolab Groupware is set to true – exploiting case-sensitivity in email addresses, which are the default logins and result attributes, is prohibited.

log_logins

Log successful/failed logins to <log_dir>/userlogins or to syslog

log_session

Log session authentication errors to <log_dir>/session or to syslog

session_auth_name

Session authentication cookie name. Default: ‘roundcube_sessauth’

session_domain

Session domain: .example.org

session_lifetime

Session lifetime in minutes

session_name

Sadly, this setting has not yet been documented.

session_path

Session path. Defaults to PHP session.cookie_path setting.

session_storage

Backend to use for session storage. Can either be ‘db’ (default), ‘redis’, ‘memcache’, or ‘php’

If set to ‘memcache’, a list of servers need to be specified in ‘memcache_hosts’. Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed.

If set to ‘redis’, a server needs to be specified in ‘redis_hosts’ Make sure the Redis extension (http://pecl.php.net/package/redis) version >= 2.0.0 is installed.

Setting this value to ‘php’ will use the default session save handler configured in PHP.

user_aliases

Enables possibility to log in using email address from user identities

mail_domain

This domain will be used to form e-mail addresses of new users Specify an array with ‘host’ => ‘domain’ values to support multiple hosts Supported replacement variables:

  • %h - user’s IMAP hostname
  • %n - http hostname ($_SERVER[‘SERVER_NAME’])
  • %d - domain (http hostname without the first part)
  • %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld

referer_check

check referer of incoming requests

use_secure_urls

Improve the system’s security by enabling the use of secure URLs.

Using secure URLs is to say that once a user’s session is authenticated, the session is directly correlated with a unique URL that is very hard to guess. This way, so-called Cross-Site Rquest Forgery attacks can be prevented.

Note

Using this setting, which is enabled in Kolab by default, requires the use of a mod_rewrite ruleset such as the following:

RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT]

New in version roundcubemail-1.0.1: Available for Kolab Enterprise 13

New in version roundcubemail-1.1: Available with Kolab 3.3

See also

username_domain_forced

Force domain configured in username_domain to be used for login. Any domain in username will be replaced by username_domain.

username_domain

Automatically add this domain to user names for login Only for IMAP servers that require full e-mail addresses for login Specify an array with ‘host’ => ‘domain’ values to support multiple hosts Supported replacement variables:

  • %h - user’s IMAP hostname
  • %n - hostname ($_SERVER[‘SERVER_NAME’])
  • %t - hostname without the first part
  • %d - domain (http hostname $_SERVER[‘HTTP_HOST’] without the first part)
  • %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld

Log Settings

debug_level

System error reporting, sum of: 1 = log; 4 = show

imap_debug

To debug, or not do debug IMAP.

When enabled, provides a near protocol level dump of events in the imap file in the log directory specified by log_dir.

See also

ldap_debug

Log LDAP conversation to <log_dir>/ldap or to syslog.

log_date_format

date format for log entries (read http://php.net/manual/en/function.date.php for all format characters)

log_dir

Activate this option if logs should be written to per-user directories. Data will only be logged if a directry <log_dir>/<username>/ exists and is writable.

log_driver

log driver: ‘syslog’ or ‘file’.

per_user_logging

Extremely useful for production sites with a lot of traffic, that want to debug a particular user.

Normally, debugging is enabled on a global level – this is not feasible for two reasons:

  1. Your disk I/O for logging and incurred latency in processing requests goes through the proverbial roof (though more likely literally).
  2. The way logging is implemented does not make a user session, or the log items related to a given user, very recognizable. An insurmountable heap of log messages would require analysis, and you could probably throw away 99.9% of the logs you collected.

This setting, when turned on, enables an administrator to make a user-specific directory writeable for the webserver user.

If this option is enabled, and the directory for a particular exists, only then is all debugging turned on, and only for the relevant user.

Example Usage

  1. User “John Doe <john.doe@example.org>” has a problem.

  2. Enable per_user_logging, and create the directory for the user:

    # mkdir -p /var/log/roundcubemail/john.doe@example.org
    # chown apache /var/log/roundcubemail/john.doe@example.org
    
  3. Get a cup of coffee while John reproduces his problem.

  4. Disable per_user_logging.

Warning

Do not “just” enable per_user_logging for the sake of it. The amount of stat() calls executed are, for busy sites, causing your production to run far from optimally.

smtp_debug

Log SMTP conversation to <log_dir>/smtp or to syslog.

sql_debug

Log SQL queries to <log_dir>/sql or to syslog.

syslog_facility

Syslog facility to use, if using the ‘syslog’ log driver. For possible values see installer or http://php.net/manual/en/function.openlog.php.

syslog_id

Syslog ident string to use, if using the ‘syslog’ log driver.

Other Settings

addressbook_name_listing

the way how contact names are displayed in the list - 0: display name - 1: (prefix) firstname middlename surname (suffix) - 2: (prefix) surname firstname middlename (suffix) - 3: (prefix) surname, firstname middlename (suffix)

addressbook_pagesize

Show up to X items in contacts list view.

addressbook_search_mode

Matching mode for addressbook search (including autocompletion)

  • 0 - partial (abc), default
  • 1 - strict (abc)
  • 2 - prefix (abc*)

Note: For LDAP sources fuzzy_search must be enabled to use ‘partial’ or ‘prefix’ mode.

addressbook_search_mods

Defaults of the addressbook search field configuration. Example: array(‘name’=>1, ‘firstname’=>1, ‘surname’=>1, ‘email’=>1, ‘*’=>1);

addressbook_sort_col

Sort contacts by this column (preferably either one of name, firstname, surname)

address_book_type

This indicates which type of address book to use. Possible choises: ‘sql’ (default), ‘ldap’ and ‘’.

If set to ‘ldap’ then it will look at using the first writable LDAP address book as the primary address book and it will not display the SQL address book in the ‘Address Book’ view. If set to ‘’ then no address book will be displayed or only the addressbook which is created by a plugin (like CardDAV).

address_template

Show address fields in this order. Available placeholders: {street}, {locality}, {zipcode}, {country}, {region}

advanced_prefs

Define which settings should be listed under the ‘advanced’ block which is hidden by default

autocomplete_max

Max. numer of entries in autocomplete popup. Default: 15.

autocomplete_min_length

The minimum number of characters required to be typed in an autocomplete field before address books will be searched. Most useful for LDAP directories that may need to do lengthy results building given overly-broad searches

autocomplete_single

Default font for composed HTML message. Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana

autocomplete_threads

Number of parallel autocomplete requests. If there’s more than one address book, n parallel (async) requests will be created, where each request will search in one address book. By default (0), all address books are searched in one request.

auto_create_user

Automatically create a new Roundcube user when log-in the first time. A new user will be created once the IMAP login succeeds. Set to false if only registered users can use this service

autoexpand_threads

0 - Do not expand threads 1 - Expand all threads automatically 2 - Expand only threads with unread messages

client_mimetypes

Mimetypes supported by the browser. Attachments of these types will open in a preview window either a comma-separated list or an array: ‘text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf’

compose_extwin

Open message compose form in new window

compose_responses_static

A static list of canned responses which are immutable for the user

contact_photo_size

Maximum size of uploaded contact photos in pixels.

date_formats

Give this choice of date formats to the user to select from Note: do not use ambiguous formats like m/d/Y

date_format

Use this format for date display (date or strftime format).

date_long

Use this format for detailed date/time formatting (derived from date_format and time_format).

date_short

Use this format for detailed date/time formatting (derived from date_format and time_format).

default_addressbook

Defines address book (internal index) to which new contacts will be added. By default it is the first writeable addressbook. Note: Use ‘0’ for built-in address book.

default_charset

Use this charset as fallback for message decoding.

default_font_size

Default font size for composed HTML message. Supported sizes: 8pt, 10pt, 12pt, 14pt, 18pt, 24pt, 36pt.

default_font

Default font for composed HTML message. Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana.

des_key

This key is used for encrypting purposes, like storing of imap password in the session. For historical reasons it’s called DES_key, but it’s used with any configured cipher_method (see below).

display_next

If true, after message delete/move, the next message will be displayed.

display_version

Display software version on login screen.

dont_override

Don’t allow these settings to be overriden by the user.

draft_autosave

Save compose message every 300 seconds (5min)

drafts_mbox

Store draft message is this mailbox. Leave blank if draft messages should not be stored. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)

dsn_default

Delivery Status Notification checkbox default state. Note: This can be used only if smtp_server is non-empty.

email_dns_check

Enable DNS checking for e-mail address validation.

enable_installer

THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. ONLY ENABLE IT IF YOU’RE REALLY SURE WHAT YOU’RE DOING!

enable_spellcheck

Make use of the built-in spell checker. It is based on GoogieSpell.

force_7bit

Use MIME encoding (quoted-printable) for 8bit characters in message body.

force_https

Enforce connections over https. With this option enabled, all non-secure connections will be redirected. Set the port for the ssl connection as value of this option if it differs from the default 443.

forward_attachment

Sets default mode of Forward feature to “forward as attachment”

htmleditor

Compose html formatted messages by default 0 - never, 1 - always, 2 - on reply to HTML message, 3 - on forward or reply to HTML message 4 - always, except when replying to plain text message

http_received_header_encrypt

Whether or not to encrypt the IP address and the host name. These could, in some circles, be considered as sensitive information; however, for the administrator, these could be invaluable help when tracking down issues.

http_received_header

Add a received header to outgoing mails containing the creators IP and hostname.

identities_level

Set identities access level:

0 - many identities with possibility to edit all params 1 - many identities with possibility to edit all params but not email address 2 - one identity with possibility to edit all params 3 - one identity with possibility to edit all params but not email address 4 - one identity with possibility to edit only signature

image_thumbnail_size

Size of thumbnails from image attachments displayed below the message content. Note: whether images are displayed at all depends on the ‘inline_images’ option. Set to 0 to display images in full size.

im_convert_path

Path to imagemagick convert binary (if not set we’ll use Imagick or GD extensions).

im_identify_path

Path to imagemagick identify binary (if not set we’ll use Imagick or GD extensions)

include_host_config

Try to load host-specific configuration. See http://trac.roundcube.net/wiki/Howto_Config for more details.

inline_images

Display attached images below the message body.

language

Sadly, this setting has not yet been documented.

line_length

Sadly, this setting has not yet been documented.

list_cols

These cols are shown in the message list. Available cols are: subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, ‘priority’

mail_header_delimiter

This string is used as a delimiter for message headers when sending a message via mail() function. Leave empty for auto-detection.

mail_pagesize

The mail_pagesize setting is a user preference default, meaning users can normally edit this preference in their settings.

The user’s preferred mail_pagesize causes the mail view to list as many individual messages (list view) or as many threads (thread view) to be displayed in message lists.

To lock down the mail_pagesize to a value and not allow users to indicate and configure their own preference, use dont_override:

$config['dont_override'] = Array('mail_pagesize');

To establish a maximum page size users may select, see max_pagesize.

max_group_members

Maximum allowed number of members of an address group. Default: 0 (no limit). If ‘max_recipients’ is set this value should be less or equal.

max_pagesize

Don’t let users set pagesize to more than this value if set.

max_recipients

Maximum number of recipients per message. Default: 0 (no limit).

mdn_default

Return receipt checkbox default state

mdn_requests

Behavior if a received message requests a message delivery notification (read receipt):

0 = ask the user 1 = send automatically 2 = ignore (never send or ask) 3 = send automatically if sender is in addressbook, otherwise ask the user 4 = send automatically if sender is in addressbook, otherwise ignore

mdn_use_from

According to RFC2298, return receipt envelope sender address must be empty. If this option is true, Roundcube will use user’s identity as envelope sender for MDN responses.

message_extwin

Open messages in a new window.

message_show_email

Enables display of email address with name instead of a name (and address in title).

message_sort_col

Default messages sort column. Use empty value for default server’s sorting, or ‘arrival’, ‘date’, ‘subject’, ‘from’, ‘to’, ‘fromto’, ‘size’, ‘cc’

message_sort_order

Default messages sort order.

mime_magic

Path to a local mime magic database file for PHPs finfo extension. Set to null if the default path should be used.

mime_param_folding

Encoding of long/non-ascii attachment names:

0 - Full RFC 2231 compatible 1 - RFC 2047 for ‘name’ and RFC 2231 for ‘filename’ parameter (Thunderbird’s default) 2 - Full 2047 compatible

mime_types

Absolute path to a local mime.types mapping table file. This is used to derive mime-types from the filename extension or vice versa. Such a file is usually part of the apache webserver. If you don’t find a file named mime.types on your system, download it from http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

password_charset

Password character set. If your authentication backend supports it, use “UTF-8”. Otherwise, use the appropriate character set. Defaults to ISO-8859-1 for backward compatibility

plugins

List of active plugins (in plugins/ directory).

prefer_html

Prefer displaying HTML messages.

prettydate

Show pretty dates as standard.

preview_pane_mark_read

Mark as read when viewed in preview pane (delay in seconds). Set to -1 if messages in preview pane should not be marked as read.

preview_pane

Mark as read when viewed in preview pane (delay in seconds). Set to -1 if messages in preview pane should not be marked as read.

product_name

Name your service. This is displayed on the login screen and in the window title.

read_when_deleted

Set true to Mark deleted messages as read as well as deleted. False means that a message’s read status is not affected by marking it as deleted.

recipients_separator

Use this char/string to separate recipients when composing a new message.

reply_all_mode

Default behavior of Reply-All button: 0 - Reply-All always 1 - Reply-List if mailing list is detected

reply_mode

When replying: -1 - don’t cite the original message 0 - place cursor below the original message 1 - place cursor above original message (top posting)

reply_same_folder

Place replies in the folder of the message being replied to.

See also

search_mods

Defaults of the search field configuration. The array can contain a per-folder list of header fields which should be considered when searching. The entry with key ‘*’ stands for all folders which do not have a specific list set. Please note that folder names should to be in sync with $config[‘*_mbox’] options.

send_format_flowed

Send plaintext messages as format=flowed.

sendmail_delay

How many seconds must pass between emails sent by a user.

show_images

Display remote inline images:

0 - Never, always ask 1 - Ask if sender is not in address book 2 - Always show inline images

show_real_foldernames

Disable localization of the default folder names listed above.

show_sig

Show signature:

0 - Never 1 - Always 2 - New messages only 3 - Forwards and Replies only

skin_include_php

Includes should be interpreted as PHP files

skin

Skin name: Name of the folder relative to skins/

smtp_auth_cid

Optional SMTP authentication identifier to be used as authorization proxy.

smtp_auth_pw

Sadly, this setting has not yet been documented.

smtp_auth_type

SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use best server supported)

smtp_conn_options

SMTP socket context options. See http://php.net/manual/en/context.ssl.php. The example below enables server certificate validation, and requires ‘smtp_timeout’ to be non zero.

$config[‘smtp_conn_options’] = array(
‘ssl’ => array(

‘verify_peer’ => true, ‘verify_depth’ => 3, ‘cafile’ => ‘/etc/openssl/certs/ca.crt’,

),

);

smtp_helo_host

SMTP HELO host. Hostname to give to the remote server for SMTP ‘HELO’ or ‘EHLO’ messages. Leave this blank and you will get the server variable ‘server_name’ or localhost if that isn’t defined.

smtp_log

Log sent messages to <log_dir>/sendmail or to syslog

smtp_pass

SMTP password (if required). If you use %p as the password Roundcube will use the current user’s password for login.

smtp_port

SMTP port (default is 25; use 587 for STARTTLS or 465 for the deprecated SSL over SMTP (aka SMTPS))

smtp_server

SMTP server host (for sending mails). To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://

Supported replacement variables:

%h - user’s IMAP hostname %n - hostname ($_SERVER[‘SERVER_NAME’]) %t - hostname without the first part %d - domain (http hostname $_SERVER[‘HTTP_HOST’] without the first part) %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld

smtp_timeout

SMTP connection timeout, in seconds. Default: 0 (use default_socket_timeout). Note: There’s a known issue where using ssl connection with timeout > 0 causes connection errors (https://bugs.php.net/bug.php?id=54511)

smtp_user

SMTP username (if required). If you use %u as the username Roundcube will use the current username for login.

spellcheck_before_send

Enables spell checking before sending a message.

spellcheck_dictionary

Enables spellchecker exceptions dictionary. Setting it to ‘shared’ will make the dictionary shared by all users.

spellcheck_engine

Set the spell checking engine. Possible values:

  • ‘googie’ - the default (also used for connecting to Nox Spell Server, see ‘spellcheck_uri’ setting)
  • ‘pspell’ - requires the PHP Pspell module and aspell installed
  • ‘enchant’ - requires the PHP Enchant module
  • ‘atd’ - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API

Since Google shut down their public spell checking service, the default settings connect to http://spell.roundcube.net which is a hosted service provided by Roundcube. You can connect to any other googie-compliant service by setting ‘spellcheck_uri’ accordingly.

spellcheck_ignore_caps

Makes that words with all letters capitalized will be ignored (e.g. GOOGLE).

spellcheck_ignore_nums

Makes that words with numbers will be ignored (e.g. g00gle).

spellcheck_ignore_syms

Makes that words with symbols will be ignored (e.g. g@@gle).

spellcheck_languages

These languages can be selected for spell checking. Configure as a PHP style hash array: array(‘en’=>’English’, ‘de’=>’Deutsch’); Leave empty for default set of available language.

spellcheck_uri

For locally installed Nox Spell Server or After the Deadline services, please specify the URI to call it. Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 or the After the Deadline package from http://www.afterthedeadline.com. Leave empty to use the public API of service.afterthedeadline.com.

standard_windows

Enables using standard browser windows (that can be handled as tabs) instead of popup windows

strip_existing_sig

When replying strip original signature from message.

support_url

provide an URL where a user can get support for this Roundcube installation. PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!

temp_dir_ttl

Expire files in temp_dir after the set time (default: 48 hours). Possible units: s, m, h, d, w

temp_dir

Use this folder to store temp files. Must be writeable for the user who runs PHP process (Apache user if mod_php is being used).

time_formats

Give this choice of time formats to the user to select from.

time_format

Use this format for time display (date or strftime format).

timezone

Use this timezone to display date/time. Valid timezone identifers are listed here: php.net/manual/en/timezones.php ‘auto’ will use the browser’s timezone settings.

undo_timeout

Specifies for how many seconds the Undo button will be available after object delete action. Currently used with supporting address book sources. Setting it to 0, disables the feature.

upload_progress

Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. By default refresh time is set to 1 second. You can set this value to true or any integer value indicating number of seconds.

use_https

Tell PHP that it should work as under secure connection even if it doesn’t recognize it as secure ($_SERVER[‘HTTPS’] is not set). e.g. when you’re running Roundcube behind a https proxy. This option is mutually exclusive to ‘force_https’ and only either one of them should be set to true.

useragent

Add this user-agent to message headers when sending.

x_frame_options

X-Frame-Options HTTP header value sent to prevent from Clickjacking. Possible values: sameorigin|deny. Set to false in order to disable sending them.

Plugin Settings

The acl Plugin

The archive Plugin

The calendar Plugin

calendar_driver

Calendar backend type.

Possible values: ‘kolab’ or ‘database’

calendar_caldav_url

Base URL to build fully qualified URIs to access calendars via CALDAV. Primarily used in a Kolab environment where CalDAV access is provided by the iRony service.

The following replacement variables are supported:

%h

Current HTTP host

%u

Current webmail user name

%n

Calendar name

%i

Calendar UUID

Example:

$config['calendar_caldav_url'] = 'http://%h/iRony/calendars/%u/%i';

calendar_contact_birthdays

Boolean. Enables a read-only birthdays calendar from the user’s address book(s).

calendar_allow_invite_shared

Boolean. Allows users to invite/edit attendees for events in shared folders which were created/organized by others.

calendar_allow_itip_uninvited

Boolean. Allow users to accecpt iTip invitations who are no explicitly listed as an attendee in the invitation message. This can be the case if invitations are sent to mailing lists or alias email addresses.

calendar_default_view

Default view shown when entering the calendar screen.

Possible values: ‘agendaDay’, ‘agendaWeek’, ‘month’, ‘table’.

calendar_default_alarm_type

Undocumented.

calendar_default_alarm_offset

Undocumented.

calendar_date_format_sets

Undocumented.

calendar_event_coloring

Undocumented.

calendar_agenda_range

Undocumented.

calendar_first_day

Undocumented.

calendar_first_hour

Undocumented.

calendar_timeslots

Undocumented.

calendar_time_indicator

Undocumented.

calendar_work_start

Undocumented.

calendar_work_end

Undocumented.

calendar_itip_after_action

Undocumented.

calendar_itip_smtp_server

SMTP host to used for send iTip replies from the unauthenticated web view where external users can accept or decline invitations.

Set to ‘’ in order to use PHP’s mail() function for email delivery. To override the SMTP port or connection method, provide a full URL like tls://somehost:587

calendar_itip_smtp_user

SMTP username used to send unauthenticated itip replies.

Explicity set to ‘’ for overriding the default configuration from smtp_user.

calendar_itip_smtp_pass

SMTP password used to send unauthenticated itip replies.

Explicity set to ‘’ for overriding the default configuration from smtp_pass.

kolab_invitation_calendars

Boolean. Show virtual calendars with pending or declined event invitations.

This option only has an effect with the Kolab backend.

calendar_resources_driver

Driver to provide a directory for resource booking. Leave empty or commented out to disable resources support.

‘ldap’ is the only implementation and possible value yet.

calendar_resources_directory

LDAP directory configuration to find available resources for events.

Specify a full LDAP directory as described for ldap_public.

Some special considerations apply for the LDAP filter and other properties:

$config['calendar_resources_directory'] = array(
    (...snip...)
    'base_dn'        => 'ou=Resources,dc=example,dc=org',
    'filter'         => '(\|(objectclass=kolabgroupofuniquenames)(objectclass=kolabsharedfolder))',
    (...snip...)
    'search_fields'  => array('cn'),
    'sort'           => array('cn'),
    (...snip...)
    'fieldmap'       => array(
        // Internal    => LDAP
        'name'         => 'cn',
        'email'        => 'mail',
        'owner'        => 'owner',
        'description'  => 'description',
        'attributes'   => 'kolabdescattribute',  // "{ <name>:<VALUE> }"
        'members'      => 'uniquemember',
        // these mappings are required for owner display
        'phone'        => 'telephoneNumber',
        'mobile'       => 'mobile',
    ),
    'class_type_map' => array(      // Mapping of object class to _type attribute
        'kolabsharedfolder'  => 'resource',
        'groupofuniquenames' => 'collection',
    ),
    'groups'  => array(
      'name_attr' => 'cn',  // resource collections are detected as groups
    ),
);

The kolab_activesync Plugin

activesync_setup_url

An URL of the page with Activesync clients configuration manual. Default: http://docs.kolab.org/client-configuration/;

The kolab_auth Plugin

kolab_auth_addressbook

The ID of the LDAP address book (which refers to a entry in ldap_public) or a complete addressbook definition hash array.

See also

kolab_auth_filter

This will overwrite filter property defined in the kolab_auth_addressbook. Use the same placeholders as in the search_filter property.

kolab_auth_login

Use this field (from the kolab_auth_addressbook fieldmap configuration) to get authentication ID for the logged in user.

kolab_auth_name

Undocumented.

kolab_auth_email

Undocumented.

kolab_auth_organization

Undocumented.

kolab_auth_admin_login

Undocumented.

kolab_auth_admin_password

Undocumented.

kolab_auth_auditlog

Undocumented.

kolab_auth_role

Undocumented.

kolab_auth_admin_password

Undocumented.

kolab_auth_role_value

Undocumented.

kolab_auth_group

Undocumented.

kolab_auth_role_plugins

Undocumented.

kolab_auth_role_settings

Undocumented.

kolab_auth_ldap_addressbooks

Undocumented.

The kolab_addressbook Plugin

kolab_addressbook_prio

This option allows to set addressbooks priority or to disable some of them. Disabled addressbooks will be not shown in the UI. Default: 0. Possible values: 0 - “Global address book(s) first”. Use all address books, starting with the global (LDAP) 1 - “Personal address book(s) first”. Use all address books, starting with the personal (Kolab) 2 - “Global address book(s) only”. Use the global (LDAP) addressbook. Disable the personal. 3 - “Personal address book(s) only”. Use the personal (Kolab) addressbook(s). Disable the global.

kolab_addressbook_carddav_url

Base URL to build fully qualified URIs to access address books via CardDAV. By default not set. The following replacement variables are supported: %h - Current HTTP host %u - Current webmail user name %n - Folder name %i - Folder UUID Example: $config['kolab_addressbook_carddav_url'] = 'http://%h/iRony/addressbooks/%u/%i';.

kolab_addressbook_carddav_ldap

Name of LDAP addressbook (a key in ldap_public configuration array) for which the CardDAV URI will be displayed if kolab_addressbook_carddav_url is set. Use it when iRony’s kolabdav_ldap_directory is enabled. Note that kolab_addressbook_carddav_url must use %i and not %n.

Warning

There are limitations with volume and performance: - CardDAV does a full sync of the entire contact resource. For LDAP this means that all entries matching the base_dn/filter are synced to every client.

It’s thus only recommended for small setups with a couple hundred LDAP entries.
  • Other than that, the ldap-directory exposed in iRony is strictly read-only.

    Although correctly stated in the CardDAV properties, some clients (e.g. the Thunderbird SoGO connector) ignore these properties and allow modifications which then result in sync errors because the server denies such updates.

The kolab_config Plugin

kolab_config has no configuration options.

The kolab_delegation Plugin

kolab_delegation_filter

Delegation plugin uses LDAP addressbook defined in kolab_auth plugin. This option will overwrite defined LDAP filter. Default: (|(objectClass=kolabInetOrgPerson)(&(objectclass=kolabsharedfolder)(kolabFolderType=mail))).

kolab_delegation_delegate_field

Delegates field (from fieldmap configuration) to get delegates list. Note: This is a field name, not LDAP attribute name. Default: kolabDelegate.

kolab_delegation_purge_identities

Delegation plugin creates automatically identities for delegator’s addresses. After the delegation is removed identities should be removed too. This option removes all user identities which do not match the user’s primary or alias addresses and delegator’s addresses. Default: false.

The kolab_files Plugin

kolab_files_url

An URL of kolab-chwala installation. Example: $config['kolab_files_url'] = 'https://localhost/kolab-chwala/public_html';.

kolab_files_list_cols

Default list of columns on files list. Available are: name, size, mtime, type. Example: $config['kolab_files_list_cols'] = array('name', 'mtime', 'size');

kolab_files_sort_col

Name of the column to sort files list by. Default: name`.

kolab_files_sort_order

Order of the files list sort. Default: asc.

kolab_files_search_threads

Number of concurent requests for searching and collections listing. Default: 1. Increasing this number may improve performance of multi-folder searches, but also increase server load.

The kolab_folders Plugin

kolab_folders_configuration_default kolab_folders_event_default kolab_folders_contact_default kolab_folders_task_default kolab_folders_note_default kolab_folders_journal_default kolab_folders_file_default kolab_folders_freebusy_default kolab_folders_mail_inbox kolab_folders_mail_drafts kolab_folders_mail_sentitems kolab_folders_mail_wastebasket kolab_folders_mail_outbox kolab_folders_mail_junkemail ================================

Default kolab-specific folders. Set values to non-empty strings to create default folders of apropriate type. If there is no such folder with specified type in user mailbox, it will be created. Note that mail folders will be also subscribed.

The libkolab Plugin

kolab_cache

This setting controls whether Kolab Groupware data and metadata is being cached.

Caching helps, especially since the data is stored in a relation database. The structure of how information is cached accelerates views such as “this week”, or “this month” in the Calendar, and sorting and pagination for address books.

kolab_messages_cache_bypass

New in version roundcubemail-plugins-kolab-3.1.9.

This option is only relevant when kolab_cache is enabled.

Three valid settings are available for kolab_messages_cache_bypass:

  1. Setting kolab_messages_cache_bypass to 0 does not bypass the messages cache at all.
  2. Setting kolab_messages_cache_bypass to 1 bypasses only the message content (i.e. payload) of the core messages cache, but uses the index cache.
  3. Setting kolab_messages_cache_bypass to 2 bypasses the core messages cache completely.

Note

With kolab_cache enabled, a set of Kolab specific database tables already cache payload. For larger environments, it is certainly recommended to consider setting kolab_messages_cache_bypass to at least 1.

kolab_use_subscriptions

New in version roundcubemail-plugins-kolab-3.0.1.

When listing folders with groupware content available for display, should all folders to which the user has access be listed, or should only those folders to which the user is subscribed be included?

The value false means all folders to which the user has access will be included.

The default for a Kolab Groupware deployment is true.

kolab_format_version

Specify format version to write Kolab objects. Defaults to ‘3.0’ but can be set to ‘2.0’ for using the old Kolab v2 format for storing groupware objects.

kolab_freebusy_server

Optional override of the base URL to read Free/Busy information of Kolab users from.

Defaults to https://<imap-server->/freebusy.

kolab_use_subscriptions

Lists only subscribed groupware folders in the web client (e.g. calendar view or address books).

kolab_skip_namespace

A list with any of ‘personal’,’shared’,’other’ namespaces to be excluded from groupware folder listing. With the new folder searching features in Kolab 3.3, this setting can be used to exclude shared folders from e.g. the ‘other’ namespace in regular folder listings and searches.

Example:

$config['kolab_skip_namespace'] =  array('other');

kolab_http_request

Configuration options of HTTP requests sent from the server to external systems (e.g. for Free/Busy) data fetching. See HTTP_Request2 Docs or list of supported configuration options. Provide the options as hash array with key-value pairs.

kolab_users_directory

LDAP directory to find avilable users for folder sharing. This is used when searching for groupware folders shared by other users. The web client will perform an LDAP search with the given search term and resolve the matches to shared folders in the ‘other’ namespace.

Either contains an array with a full LDAP addressbook configuration or a string value which refers to an entry in ldap_public.

If not specified, the configuration from kolab_auth_addressbook will be used.

kolab_users_filter

Filter to be used for resolving user folders in LDAP.

Defaults to the kolab_auth_filter configuration option from the kolab_auth plugin.

kolab_users_id_attrib

Which property of the LDAP user record to use for user folder mapping in IMAP.

Defaults to the kolab_auth_login configuration option from the kolab_auth plugin.

kolab_users_search_attrib

List of LDAP attributes to be used when searching users in folder search queries.

Defaults to array('cn','mail','alias')

The libcalendaring Plugin

This plugin contains code shared by other plugins and itself does not have any configuration.

The managesieve Plugin

managesieve_port

Managesieve server port. When empty the port will be determined automatically using getservbyname() function, with 4190 as a fallback.

managesieve_host

Managesieve server address, default is localhost. Replacement variables supported in host name: %h - user’s IMAP hostname %n - http hostname ($_SERVER[‘SERVER_NAME’]) %d - domain (http hostname without the first part) For example %n = mail.domain.tld, %d = domain.tld

managesieve_auth_type

Authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL or none. Optional, defaults to best method supported by the server.

managesieve_auth_cid

Optional managesieve authentication identifier to be used as authorization proxy. Authenticate as a different user but act on behalf of the logged in user. Works with PLAIN and DIGEST-MD5 authentication.

managesieve_auth_pw

Optional managesieve authentication password to be used for managesieve_auth_cid.

managesieve_usetls

Use or not TLS for managesieve server connection. Note that tls:// prefix in managesieve_host is also supported

managesieve_conn_options

Connection socket context options. See http://php.net/manual/en/context.ssl.php The example below enables server certificate validation:

$config['managesieve_conn_options'] = array(
    'ssl'         => array(
        'verify_peer'  => true,
        'verify_depth' => 3,
        'cafile'       => '/etc/openssl/certs/ca.crt',
    ),
);

managesieve_default

Path to a file with default contents of filters script (e.g. default spam filter)

managesieve_script_name

The name of the script which will be used when there’s no user script. Default: managesieve.

managesieve_mbox_encoding

Sieve RFC says that we should use UTF-8 endcoding for mailbox names, but some implementations does not covert UTF-8 to modified UTF-7. Defaults to UTF-8.

managesieve_disabled_extensions

An array containing a list of disabled protocol extensions. This way you can limit managesieve features awailable to the user.

managesieve_debug

Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve

managesieve_kolab_master

Enables features described in http://wiki.kolab.org/KEP:14. Disabled by default.

managesieve_filename_extension

Script name extension used for scripts including. Dovecot uses ‘.sieve’, Cyrus uses ‘.siv’. Doesn’t matter if you have managesieve_kolab_master disabled. Default is .sieve.

managesieve_filename_exceptions

List of reserved script names (without extension). Scripts listed here will be not presented to the user.

managesieve_domains

List of domains limiting destination emails in redirect action. If not empty, user will need to select domain from a list.

managesieve_vacation

Enables separate management interface for vacation responses (out-of-office). Possible values: 0 - no separate section (default), 1 - add Vacation section, 2 - add Vacation section, but hide Filters section.

managesieve_vacation_interval

Default vacation interval (in days). Note: If server supports vacation-seconds extension it is possible to define interval in seconds here (as a string), e.g. 3600s.

managesieve_vacation_addresses_init

Some servers require vacation :addresses to be filled with all user addresses (aliases). This option enables automatic filling of these on initial vacation form creation.

managesieve_notify_methods

List of supported methods of notify extension. Default: mailto.

The password Plugin

password_driver

A driver to use for password change. Default: sql.

password_confirm_current

Determine whether current password is required to change password. Default: true.

password_minimum_length

Require the new password to be a certain length. Set to blank to allow passwords of any length.

password_require_nonalpha

Require the new password to contain a letter and punctuation character. Change to false to remove this check.

password_log

Enables logging of password changes into logs/password file.

password_login_exceptions

Comma-separated list of login exceptions for which password change will be not available (no Password tab in Settings).

password_hosts

An array of hosts that support password changing. Default is NULL. Listed hosts will feature a Password option in Settings, others will not.

password_force_save

Enables saving the new password even if it matches the old password. Useful for upgrading the stored passwords after the encryption scheme has changed.

password_force_new_user

Enables forcing new users to change their password at their first login.

The redundant_attachments Plugin

redundant_attachments_cache_ttl

By default this plugin stores attachments in filesystem and copies them into sql database. In environments with replicated database it is possible to use memcache as a fallback when write-master is unavailable. This option enables this memcache use as a fallback store.

redundant_attachments_cache_ttl

Attachment data expires after specified TTL time in seconds (max. 2592000). Default is 12 hours.

The tasklist Plugin

tasklist_driver

Backend type (database, kolab). Default is kolab.

tasklist_sort_col

Default sorting order of tasks listing (auto, datetime, startdatetime, flagged, complete, changed).

tasklist_sort_order

Default sorting order for tasks listing (asc or desc). Default is asc.