/
conf.xml
2366 lines (2291 loc) · 107 KB
/
conf.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0"?>
<!-- $Id$ -->
<configuration>
<configtab name="general" desc="General">
<configheader>General Horde Settings</configheader>
<configboolean name="vhosts" desc="Enable virtual host configuration? If you
want to use a single Horde installation for different virtual hosts, you can
create separate configuration files for each virtual host,
e.g. <code>conf-www.example.com.php</code> or
<code>prefs-mail.example.com.php</code>. The global configuration
files are always loaded first, and virtual host specific files are not
required. If running command line scripts, you can specify the host name with
the environment variable SERVER_NAME.">false</configboolean>
<configheader>PHP Settings</configheader>
<configphp name="debug_level" desc="The value to set
error_reporting() to.
See http://www.php.net/manual/function.error-reporting.php for more
information and possible values.">E_ALL & ~E_NOTICE</configphp>
<configinteger name="max_exec_time" desc="If we need to perform a long
operation, what should we set max_execution_time to (in seconds)? 0 means no
limit; however, a value of 0 will cause a warning if you are running in safe
mode. See http://www.php.net/manual/function.set-time-limit.php for more
information.">0</configinteger>
<configboolean name="compress_pages" desc="If this option is set to true, and
you have the php zlib extension installed, pages over a certain size will be
compressed and sent to the browser as gzip-encoded data in order to save
bandwidth. There is little reason not to enable this.">true</configboolean>
<configsecret name="secret_key" desc="Secret key for generating signed
messages from this server. This is a random string unique to this Horde
installation."></configsecret>
<configinteger name="umask" octal="true" desc="What umask should we run
with? This will affect the permissions on any temporary files that are
created. This value is an integer.">077</configinteger>
<configboolean name="testdisable" desc="Disable the test script
(horde/test.php)? For security reasons, this is disabled by
default">true</configboolean>
<configstring name="tmpdir" required="false" desc="If you want to use a
temporary directory other than the system default or the one specified in
php's upload_tmp_dir value, enter it here."/>
<configheader>URL Settings</configheader>
<configenum name="use_ssl" quote="false" desc="Determines how we generate
full URLs (for location headers and such).">2
<values>
<value desc="Assume that we are not using SSL and never generate https
URLs.">0</value>
<value desc="Assume that we are using SSL and always generate https
URLs.">1</value>
<value desc="Attempt to auto-detect, and generate URLs
appropriately">2</value>
<value desc="Assume that we are not using SSL and generate https URLs only
for login.">3</value>
</values>
</configenum>
<configsection name="server">
<configphp name="name" desc="What server name should we use? You'll probably
know if you need to change this default; only in situations where you need
to override what Apache thinks the server name is.">
$_SERVER['SERVER_NAME']</configphp>
<configphp name="port" required="false" desc="What port number is the
webserver running on? Again, you shouldn't need to change the default, and
you probably know it if you do. The exception is if you have chosen to
always generate https URLs, as described above."/>
</configsection>
<configsection name="urls">
<configinteger name="token_lifetime" desc="This is the length of time in
minutes that links protected with request tokens (to prevent cross-site
request forgery) will be valid. Higher values may make your users more
vulnerable to these attacks.">30</configinteger>
<configinteger name="hmac_lifetime" desc="This is the length of time in
minutes that links signed with HMACs (to prevent forged URL parametes)
will be valid. Higher values may make your users more vulnerable to
forgery or phishing.">30</configinteger>
<configenum name="pretty" required="false" desc="Use pretty URLs?">false
<values>
<value desc="No (GET-based URLs)">false</value>
<value desc="URL rewriting (mod_rewrite, lighttpd rules, etc.)">rewrite</value>
</values>
</configenum>
</configsection>
<configlist name="safe_ips" required="false" desc="A list of IP subnets
that are considered safe, e.g. to transfer encryption passphrases without
requiring an HTTPS connection. (Example: 192.168.0.0, 10.0.0.0) To consider
all connections to be safe (e.g. when SSL is handled by an SSL crypto card
and not by the webserver) this value should be '*'."/>
<configheader>Session Settings</configheader>
<configsection name="session">
<configstring name="name" desc="What name should we use for the session
that Horde applications share? If you want to share sessions with other
applications on your webserver, you will need to make sure that they are
using the same session name. This value can also be used to invalidate
previous sessions when upgrading your local version of Horde (Note: Session
names must consist of only alphanumeric characters.)">Horde</configstring>
<configboolean name="use_only_cookies" desc="Should we only allow session
information to be stored in a session cookie and not be passed by URL (GET)
parameters? This is on by default because passing session information in
the URL is a security risk. <b>Consider carefully before turning it
off</b>. Cookies must be working and enabled in the browser though, or
you won't be able to login to Horde. If false, session information will be
passed via both the URL and cookies.">true</configboolean>
<configinteger name="timeout" desc="The cookie lifetime (in seconds). If 0,
(DEFAULT; RECOMMENDED) cookies will expire when the browser closes.
Otherwise, this is the length after which a cookie will expire (this
lifetime is updated after every browser request). Setting a non-zero value
is NOT RECOMMENDED as there is no guarantee a session will ever expire;
additionally, the session expiration value is based on the SERVER, not the
CLIENT, so this will most certainly not work the way you want/think it
should (see
http://www.php.net/manual/en/function.session-set-cookie-params.php) for
further information.">0</configinteger>
<configstring name="cache_limiter" desc="What caching level should we use
for the session? DO NOT CHANGE THIS UNLESS YOU <strong>REALLY
</strong> KNOW WHAT YOU ARE DOING. Setting this to anything other
than 'nocache' will almost certainly result in severely broken script
behavior.">nocache</configstring>
<configinteger name="max_time" desc="The maximum length of time (in
seconds) a session can be active after user authentication before it will
be destroyed. (Sessions may otherwise never timeout if a user never closes
their browser.) 0 means there is no maximum session time (NOT
RECOMMENDED).">604800</configinteger>
</configsection>
<configsection name="cookie">
<configphp name="domain" desc="What domain should we set cookies from? If
you have a cluster that needs to share cookies, this might be '.example.com'
- the leading '.' is important. If you only use session cookies (see
above), but you are running Horde on an intranet server without a domain
part, i.e. http//horde/, you need to set this value to ''. Most likely,
though, you won't have to change the
default.">$_SERVER['SERVER_NAME']</configphp>
<configstring name="path" desc="What path should we set cookies to? For
maximum security this should match the URL where Horde is on your webserver.
If Horde is at /horde, then this should be '/horde'. If Horde is installed
as the document root, then this needs to be '/' - NOT ''. If IE will be
used to access Horde modules, you should read this first
(discussing issues with IE's Content Advisor):
http://lists.horde.org/archives/imp/Week-of-Mon-20030113/029149.html">
/</configstring>
</configsection>
</configtab>
<configtab name="db" desc="Database">
<configdescription><strong>NOTE:</strong> These are only the
<em>default</em> values for any database driven backends. You
still need to configure the different systems like "Preferences" to actually
<em>use</em> a database backend.</configdescription>
<configsection name="sql">
<configheader>SQL Database Settings</configheader>
<configdescription>These are the database settings for the traditional
relational databases backends (e.g. databases that use SQL to manage its
data).</configdescription>
<configsql switchname="phptype" baseconfig="true" />
</configsection>
<configsection name="nosql">
<configheader>NoSQL Database Settings</configheader>
<configdescription>These are the database settings for the NoSQL database
backends. These are databases generally optimized for
scalability/availability, but do not use a standardized query language to
interact with the data.</configdescription>
<confignosql switchname="phptype" baseconfig="true" default="false"/>
</configsection>
</configtab>
<configtab name="ldap" desc="LDAP">
<configsection name="ldap">
<configheader>LDAP Settings</configheader>
<configdescription><strong>NOTE:</strong> These are only the
<em>default</em> values for any LDAP driven backends. You
still need to configure the different systems like "Preferences" to actually
<em>use</em> a LDAP backend.</configdescription>
<configldap switchname="useldap" baseconfig="true" />
</configsection>
</configtab>
<configtab name="auth" desc="Authentication">
<configsection name="auth">
<configheader>Authentication Settings</configheader>
<configlist name="admins" desc="Which users should be treated as
administrators (root, super-user) by Horde?" required="false"/>
<configboolean name="checkip" desc="Should we always store and validate
the IP address of the client (as seen by the web server) in the session?
Doing so will help increase security by making it harder for an attacker
from another host to hijack the session.">true</configboolean>
<configboolean name="checkbrowser" desc="Should we always store and
validate the browser string of the client (as seen by the web server) in
the session? Doing so will help increase security by making it harder for
an attacker to hijack the session.">true</configboolean>
<configswitch name="resetpassword" desc="Allow users to reset passwords and
provide a link on the login screen?">true
<case name="true" desc="Yes">
<configstring name="resetpassword_from" required="false" desc="The e-mail
address to send password reset e-mails from. If empty, is sent from the
user's e-mail address."/>
</case>
<case name="false" desc="No"/>
</configswitch>
<configstring name="alternate_login" desc="If this is not false, it is
assumed to be the URL of an alternate login screen which will be used in
place of horde's default login screen. The URL will have an "app"
parameter appended that contains the application that redirected to the
login screen, and a "url" parameter with the originally requested
URL. The alternate login screen should redirect to that URL after
authentication. Alternatively you can include a "%u" place holder
in the alternate URL that will be replaced by that original
URL. Optionally appended URL parameters are "logout_reason" that
contains a number with the logout reason (see the Horde_Auth::REASON_*
constants for possible values), and "logout_msg" that contains an
error message describing the logout reason.">false</configstring>
<configstring name="redirect_on_logout" desc="If this is not false, it is
assumed to be the URL of an alternate logout page which users will be sent
to when they log out.">false</configstring>
<configenum name="list_users" desc="If the authentication backend is
capable of listing all users, should we show this list to the users,
e.g. in the permissions screen?">list
<values>
<value desc="Show a drop down list">list</value>
<value desc="Show an input field">input</value>
<value desc="Show both, a list and an input field">both</value>
</values>
</configenum>
<configswitch name="driver" desc="What backend should we use for
authenticating users to Horde?">
<case name="application" desc="Let a Horde application handle
authentication">
<configsection name="params">
<configenum name="app" desc="The application which is providing
authentication">imp
<values>
<configspecial application="horde" name="apps" />
</values>
</configenum>
</configsection>
</case>
<case name="auto" desc="Automatic authentication as a certain user">
<configsection name="params">
<configstring name="username" desc="The username to authenticate
everyone as">horde_user</configstring>
<configstring name="password" desc="The password to use for the user's
credentials" required="false"/>
<configboolean name="requestuser" desc="Allow username to be passed by
GET, POST or cookie?">false</configboolean>
</configsection>
</case>
<case name="composite" desc="Composite authentication">
<configdescription>
This authentication driver needs manual configuration not possible
through this interface. Add the appropriate configuration lines at the
end of the generated configuration file. See
http://wiki.horde.org/AuthCompositeHowTo for details.
</configdescription>
</case>
<case name="ftp" desc="FTP authentication">
<configsection name="params">
<configstring name="hostspec" desc="The hostname or IP address of the
FTP server">localhost</configstring>
<configinteger name="port" desc="The server port to connect to">
21</configinteger>
</configsection>
</case>
<case name="http" desc="HTTP (Basic Authentication/.htpasswd)
authentication">
<configsection name="params">
<configboolean name="show_encryption" required="false" desc="Prepend the
password algorithm to the password value?">true</configboolean>
<configstring name="htpasswd_file" required="false" desc="The location of
the htpasswd file containing the user names and passwords"/>
<configenum name="encryption" desc="The password hashing algorithm used in the htpasswd file">crypt-des
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
</configsection>
</case>
<case name="httpRemote" desc="Remote HTTP Authentication">
<configsection name="params">
<configstring name="url" desc="The remote HTTP endpoint to authenticate against" />
</configsection>
</case>
<case name="imap" desc="IMAP authentication">
<configsection name="params">
<configstring name="hostspec" desc="The hostname or IP address of the
server">localhost</configstring>
<configinteger name="port" desc="The server port to which we will
connect. IMAP is generally 143, while IMAP-SSL is generally
993.">143</configinteger>
<configenum name="secure" desc="The encryption to use to connect to
the IMAP server.">tls
<values>
<value>none</value>
<value>tls</value>
<value>ssl</value>
</values>
</configenum>
</configsection>
</case>
<case name="imsp" desc="IMSP server authentication" />
<case name="ipbasic" desc="IP based authentication">
<configsection name="params">
<configlist name="blocks" desc="A list of CIDR masks which are allowed
access"/>
</configsection>
</case>
<case name="kolab" desc="Kolab authentication">
<configsection name="params">
</configsection>
</case>
<case name="ldap" desc="LDAP authentication">
<configsection name="params">
<configldap switchname="driverconfig" excludebind="user">
<configstring name="sizelimit" required="false" desc="Size limit for
listing users on large directories"/>
<configboolean name="ad" desc="Is this an AD server?">
false</configboolean>
<configstring name="uid" desc="The username search key (set to
samaccountname for AD)"/>
<configenum name="encryption" desc="The password hashing algorithm to
use">ssha
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>msad</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
<configlist name="newuser_objectclass" desc="What objectclasses should a
new user account be member of? These objectclasses should cover the
cn,sn,userPassword attributes as well as the username search key">
shadowAccount,inetOrgPerson</configlist>
<configstring name="filter" desc="The LDAP RFC formatted filter used
to search for users.">(objectclass=shadowAccount)
</configstring>
<configswitch name="password_expiration" desc="Enable the creating of
accounts with expiring passwords? (Note: New users should have the
shadowAccount objectclass)">no
<case name="no" desc="no" />
<case name="yes" desc="yes">
<configstring name="minage" desc="After how many days may a password
be changed again?">5</configstring>
<configstring name="maxage" desc="How many days will a password
remain valid?">30</configstring>
<configstring name="warnage" desc="How many days before expiration
should a user be warned?">5</configstring>
</case>
</configswitch>
</configldap>
</configsection>
</case>
<case name="login" desc="Login (su) authentication">
<configsection name="params">
<configstring name="location" desc="Location of the su binary">
/bin/su</configstring>
</configsection>
</case>
<case name="pam" desc="PAM (Pluggable Authentication Modules)
authentication">
<configsection name="params">
<configstring name="service" desc="The name of the PAM service to use
when authenticating">php</configstring>
</configsection>
</case>
<case name="passwd" desc="password file authentication">
<configsection name="params">
<configstring name="filename" desc="The password file to use">
/etc/passwd</configstring>
<configenum name="encryption" required="false" desc="The password
hashing algorithm used in the password file">crypt
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
<configboolean name="show_encryption" required="false" desc="Prepend the
password algorithm to the password value?">false</configboolean>
<configstring name="group_filename" required="false" desc="An accompanying group file" />
<configlist name="required_groups" required="false" desc="A comma-separated list of groups allowed to log in. If blank, or if there is no group file, any valid user will be allowed to log in." />
<configboolean name="lock" desc="Should we lock the password file? This incurs a concurrent performance penalty, but is required if you want the ability to add, update, or delete users.">
false</configboolean>
</configsection>
</case>
<case name="radius" desc="Radius authentication">
<configsection name="params">
<configstring name="host" desc="The RADIUS host to use (IP address or
fully qualified hostname)">localhost</configstring>
<configinteger name="port" required="false" desc="The port to use on the
RADIUS server"/>
<configenum name="method" desc="The RADIUS method to use for validating
the request">PAP
<values>
<value desc="PAP">PAP</value>
<value desc="CHAP_MD5 (not supported at the moment)">CHAP_MD5</value>
<value desc="MSCHAPv1 (not supported at the moment)">MSCHAPv1</value>
<value desc="MSCHAPv2 (not supported at the moment)">MSCHAPv2</value>
</values>
</configenum>
<configstring name="nas" required="false" desc="The RADIUS NAS
identifier to use." />
<configstring name="secret" desc="The RADIUS shared secret string for the
host. The RADIUS protocol ignores all but the leading 128 bytes of the
shared secret."/>
<configinteger name="retries" required="false" desc="The maximum number
of repeated requests to make before giving up [3]"/>
<configstring name="suffix" required="false" desc="The domain name to add
to unqualified user names"/>
<configinteger name="timeout" required="false" desc="The timeout for
receiving replies from the server (in seconds) [3]"/>
</configsection>
</case>
<case name="peclsasl" desc="SASL authentication">
<configsection name="params">
<configstring name="app" desc="The name of the authenticating
application">horde</configstring>
<configstring name="service" desc="The name of the SASL service to use
when authenticating">php</configstring>
</configsection>
</case>
<case name="shibboleth" desc="Shibboleth Authentication">
<configsection name="params">
<configstring name="username_header" desc="The HTTP header holding the
username">REMOTE_USER</configstring>
<configswitch name="password_holder" desc="Where should we get the
password for hordeauth from?">
<case name="none" desc="No passwords"/>
<case name="header" desc="HTTP Header">
<configstring name="password_header" desc="The HTTP header holding the
password" required="false"></configstring>
</case>
<case name="preferences" desc="Horde Preferences">
<configstring name="password_preference" desc="The Horde preference
that contains the password" required="false"></configstring>
</case>
</configswitch>
</configsection>
</case>
<case name="smb" desc="SMB (smbauth extension) authentication">
<configsection name="params">
<configstring name="hostspec" desc="IP, DNS Name, or NetBios Name of the
SMB server to authenticate with">localhost</configstring>
<configstring name="domain" desc="The domain name to authenticate with"/>
<configstring name="group" required="false" desc="Optional group name
that the user must be a member of"/>
</configsection>
</case>
<case name="smbclient" desc="SMB (smbclient) authentication">
<configsection name="params">
<configstring name="hostspec" desc="IP, DNS Name, or NetBios Name of the
SMB server to authenticate with">localhost</configstring>
<configstring name="domain" desc="The domain name to authenticate with"/>
<configstring name="smbclient_path" desc="The location of the smbclient program">/usr/bin/smbclient</configstring>
</configsection>
</case>
<case name="sql" desc="SQL authentication">
<configsection name="params">
<configsql switchname="driverconfig" />
<configstring name="table" required="false" desc="The name of the auth
table in the database [horde_users]"/>
<configstring name="username_field" required="false" desc="The name of
the username field in the auth table [user_uid]"/>
<configstring name="password_field" required="false" desc="The name of
the password field in the auth table [user_pass]"/>
<configstring name="soft_expiration_field" required="false" desc="The
name of a field containing a UNIX timestamp. When a user logs in after
the specified time, if 'passwd' is installed, that user will be asked to
change his or her password. This feature is disabled by default."/>
<configstring name="hard_expiration_field" required="false" desc="The
name of a field containing a UNIX timestamp. A user will not be able to
log in after the specified time. This feature is disabled by default."/>
<configinteger name="soft_expiration_window" required="false"
desc="This is how often, in days, the user must change his or her
password. When the user's password is updated, the "soft"
expiration is set this many days in the future. If not provided,
the user's password will not expire by default."/>
<configinteger name="hard_expiration_window" required="false" desc="The
number of days in the grace period the user has to change his or her
password after it has expired. If not provided, the grace period will
not expire."/>
<configenum name="encryption" required="false" desc="The password hashing algorithm to use">ssha
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>joomla-md5</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>mysql</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
<configboolean name="show_encryption" required="false" desc="Prepend the password algorithm to the password value?">false</configboolean>
</configsection>
</case>
<case name="customsql" desc="SQL authentication w/custom-made queries">
<configsection name="params">
<configenum name="phptype" desc="The name of the database">mysql
<values>
<value desc="MySQL">mysql</value>
<value desc="MySQL (mysqli)">mysqli</value>
<value desc="ODBC">odbc</value>
<value desc="PostgreSQL">pgsql</value>
</values>
</configenum>
<configswitch name="protocol" desc="What protocol will we use to connect
to the database?">unix
<case name="unix" desc="UNIX Sockets">
<configstring name="socket" required="false" desc="Location of UNIX
socket"></configstring>
</case>
<case name="tcp" desc="TCP/IP">
<configstring name="hostspec" desc="What hostname is the database server
running on, or what is the name of the system DSN to use?">
localhost</configstring>
<configinteger name="port" required="false" desc="Port the DB is
running on, if non-standard"/>
</case>
</configswitch>
<configstring name="username" desc="What username do we authenticate to
the database server as?">horde</configstring>
<configstring name="password" required="false" desc="What password do we
authenticate to the database server with?"/>
<configstring name="database" desc="What database name/tablespace are we
using?">horde</configstring>
<configdescription>
Some special tokens can be used in the sql query. They are replaced at
the query stage:<ul>
<li>"\L" will be replaced by the user's login</li>
<li>"\P" will be replaced by the user's password</li>
<li>"\O" will be replaced by the old user's login (required for
update)</li></ul>
Eg: "SELECT * FROM users WHERE uid = \L AND passwd = \P AND billing =
'paid'"
</configdescription>
<configstring name="query_auth" required="false" desc="Authenticate the user"/>
<configstring name="query_add" required="false" desc="Add user"/>
<configstring name="query_getpw" required="false" desc="Get a user's password"/>
<configstring name="query_update" required="false" desc="Update user"/>
<configstring name="query_resetpassword" required="false" desc="Reset a user's password"/>
<configstring name="query_remove" required="false" desc="Remove user"/>
<configstring name="query_list" required="false" desc="List users"/>
<configstring name="query_exists" required="false" desc="Check if an account exists"/>
<configenum name="encryption" desc="The password hashing algorithm to use">ssha
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>joomla-md5</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>mysql</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
<configboolean name="show_encryption" desc="Prepend the password algorithm to the password value?">false</configboolean>
</configsection>
</case>
<case name="cyrsql" desc="SQL implementation for the Cyrus IMAP server">
<configsection name="params">
<configstring name="cyradmin" desc="The username of the cyrus
administrator"/>
<configstring name="cyrpass" desc="The password for the cyrus
administrator"/>
<configstring name="cyrhost" desc="The hostname or IP address of the
server">localhost</configstring>
<configinteger name="cyrport" desc="The server port to which we will
connect. IMAP is generally 143, while IMAP-SSL is generally
993.">143</configinteger>
<configenum name="secure" desc="The encryption to use to connect to
the IMAP server.">none
<values>
<value>none</value>
<value>tls</value>
<value>ssl</value>
</values>
</configenum>
<configenum name="phptype" desc="The name of the database">mysql
<values>
<value desc="MySQL">mysql</value>
<value desc="ODBC">odbc</value>
<value desc="PostgreSQL">pgsql</value>
</values>
</configenum>
<configswitch name="protocol" desc="What protocol will we use to connect
to the database?">unix
<case name="unix" desc="UNIX Sockets">
<configstring name="socket" required="false" desc="Location of UNIX
socket"></configstring>
</case>
<case name="tcp" desc="TCP/IP">
<configinteger name="port" required="false" desc="Port the DB is
running on, if non-standard">5432</configinteger>
</case>
</configswitch>
<configstring name="hostspec" desc="What hostname is the database server
running on, or what is the name of the system DSN to use?">
localhost</configstring>
<configstring name="username" desc="What username do we authenticate to
the database server as?">horde</configstring>
<configstring name="password" required="false" desc="What password do we
authenticate to the database server with?"/>
<configstring name="database" desc="What database name/tablespace are we
using?">horde</configstring>
<configstring name="table" desc="The name of the auth table in the
database">horde_users</configstring>
<configstring name="username_field" desc="The name of the username field
in the auth table">user_uid</configstring>
<configstring name="password_field" desc="The name of the password field
in the auth table">user_pass</configstring>
<configstring name="domain_field" desc="If set to anything other than
'none' this is used as field name where domain is
stored">none</configstring>
<configenum name="encryption" desc="The password hashing algorithm to use">ssha
<values>
<value>aprmd5</value>
<value>crypt</value>
<value>crypt-blowfish</value>
<value>crypt-des</value>
<value>crypt-md5</value>
<value>crypt-sha256</value>
<value>crypt-sha512</value>
<value>md5-base64</value>
<value>md5-hex</value>
<value>plain</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</values>
</configenum>
<configlist name="folders" required="false" desc="A list of folders to
create under username"/>
<configinteger name="quota" required="false" desc="The quota (in
kilobytes) to grant on the mailbox"/>
<configstring name="userhierarchy" required="false" desc="The user
hierarchy prefix."/>
<configlist name="hidden_accounts" required="false" desc="A list of accounts to
hide from the user interface">cyrus</configlist>
</configsection>
</case>
<case name="x509" desc="X509 Client Certificates">
<configsection name="params">
<configstring name="username_field" desc="The X509 field containing the username">
SSL_CLIENT_S_DN_CN</configstring>
<configswitch name="password_source" desc="Where should Horde attempt to
find user passwords?">
<case name="none" desc="Either no passwords are needed, or the
postauthenticate hook will provide them."/>
<case name="unified" desc="A single password will be used for all
users. ONLY USE THIS IF YOU KNOW WHAT YOU ARE DOING! YOUR SYSTEM MUST
BE PROPERLY SECURED!">
<configstring name="unified_password" desc="The password to use.">
</configstring>
</case>
</configswitch>
</configsection>
</case>
</configswitch>
<configsection name="params">
<configboolean name="count_bad_logins" required="false" desc="Should Horde
count the number of bad logins?">false</configboolean>
<configboolean name="login_block" required="false" desc="Allow to block
logins for certain users?">false</configboolean>
<configinteger name="login_block_count" required="false" desc="After how
many failed logins the login should be blocked? Setting 0 disables the
feature">5</configinteger>
<configinteger name="login_block_time" required="false" desc="How many
minutes should the login be blocked? Setting 0 means permanent
blocking">5</configinteger>
</configsection>
</configsection>
<configsection name="tos">
<configheader>Terms of Service Agreement</configheader>
<configstring name="file" required="false" desc="If you want to require
users to accept certain terms before they can use the system, enter the
path of the agreement file to display here."/>
</configsection>
</configtab>
<configtab name="signup" desc="Signing Up">
<configsection name="signup">
<configheader>Sign Up Settings</configheader>
<configswitch name="allow" desc="Allow non-registered users to register and
provide a link on the login screen?">false
<case name="true" desc="Yes">
<configswitch name="driver" desc="What signup driver should we
use?">
<case name="Sql" desc="SQL Database">
<configsection name="params">
<configsql switchname="driverconfig">
<configstring name="table" required="false" desc="The name of the
signup table in the database [horde_signups]"/>
</configsql>
</configsection>
</case>
</configswitch>
<configstring name="email" desc="Specify an email address, if a message
should be send to notify about new signups, including links for approving
and denying." required="false"/>
<configboolean name="approve" desc="Admin has to approve any user
submitted registration requests? (WARNING: Setting to false would mean
that every user who signs up would have automatic access to your horde
system.)" required="false">true</configboolean>
</case>
<case name="false" desc="No" />
</configswitch>
</configsection>
</configtab>
<configtab name="log" desc="Logging">
<configsection name="log">
<configheader>Logging Settings</configheader>
<configswitch name="enabled" quote="false" desc="Should Horde log errors and
other useful information?">true
<case name="true" desc="Yes">
<configenum name="priority" desc="What level of messages should we log?
Each level logs itself and all those that come before it: ALERT would
only log alerts and emergencies, but DEBUG would log everything.">NOTICE
<values>
<value desc="EMERG">EMERG</value>
<value desc="ALERT">ALERT</value>
<value desc="CRIT">CRIT</value>
<value desc="ERR">ERR</value>
<value desc="WARN">WARNING</value>
<value desc="NOTICE">NOTICE</value>
<value desc="INFO">INFO</value>
<value desc="DEBUG">DEBUG</value>
</values>
</configenum>
<configstring name="ident" required="false" desc="What identifier should
we use in the logs?">HORDE</configstring>
<configstring name="time_format" required="false" desc="What time format
should we use in the logs? (Acceptable formats are the inputs to PHP's
date() function). Leave blank to use the default."></configstring>
<configswitch name="type" desc="What log driver should we use?">file
<case name="file" desc="File">
<configstring name="name" desc="Path to the log
file">/tmp/horde.log</configstring>
<configsection name="params">
<configboolean name="append" desc="Should new log entries be appended
to an existing log file? If this is false, new log files will
overwrite existing ones.">true</configboolean>
<configswitch name="format" required="false" desc="What format should
the log entries be in?">default
<case name="custom" desc="Custom Template">
<configstring name="template" desc="The custom logging template
to use."></configstring>
</case>
<case name="default" desc="Default" />
<case name="xml" desc="XML" />
</configswitch>
</configsection>
</case>
<case name="stream" desc="PHP Stream">
<configstring name="name" desc="A valid-PHP stream interface to use
for logging."></configstring>
<configsection name="params">
<configswitch name="format" required="false" desc="What format should
the log entries be in?">default
<case name="custom" desc="Custom Template">
<configstring name="template" desc="The custom logging template
to use."></configstring>
</case>
<case name="default" desc="Default" />
<case name="xml" desc="XML" />
</configswitch>
</configsection>
</case>
<case name="syslog" desc="Syslog">
<configphp name="name" quote="false" desc="Syslog facility to use"/>
</case>
</configswitch>
</case>
<case name="false" desc="No"/>
</configswitch>
</configsection>
<configboolean name="log_accesskeys" desc="Should Horde log statistics about
used access keys? This is only useful for translators of the
UI. You also need to set the log level to at least
INFO.">false</configboolean>
</configtab>
<configtab name="prefs" desc="Preferences">
<configsection name="prefs">
<configheader>Preferences Settings</configheader>
<configinteger name="maxsize" desc="The maximum size of a preferences entry
(in bytes).">65535</configinteger>
<configswitch name="driver" desc="What preferences driver should we
use?">Sql
<case name="Nosql" desc="NoSQL Database">
<configsection name="params">
<confignosql switchname="driverconfig" />
</configsection>
</case>
<case name="Sql" desc="SQL Database">
<configsection name="params">
<configsql switchname="driverconfig">
<configstring name="table" required="false" desc="The name of the
preference table in the database [horde_prefs]"/>
</configsql>
</configsection>
</case>
<case name="File" desc="Files">
<configsection name="params">
<configstring name="directory" required="true" desc="Directory to store the preferences in."/>
</configsection>
</case>
<case name="Ldap" desc="LDAP">
<configsection name="params">
<configldap switchname="driverconfig">
<configstring name="uid" desc="The username search key for finding
preferences">uid</configstring>
</configldap>
</configsection>
</case>
<case name="Session" desc="PHP Sessions"/>
<case name="KolabImap" desc="IMAP/Kolab Server" />
<case name="Imsp" desc="IMSP Server" />
</configswitch>
</configsection>
</configtab>
<configtab name="alarms" desc="Alarms">
<configsection name="alarms">
<configheader>Alarms Settings</configheader>
<configswitch name="driver" desc="What alarm storage driver should we
use?">Sql
<case name="false" desc="None"/>
<case name="Sql" desc="SQL Database">
<configsection name="params">
<configsql switchname="driverconfig">
<configstring name="table" required="false" desc="The name of the
alarm table in the database [horde_alarms]"/>
</configsql>
<configinteger name="ttl" desc="How often should the applications be
queried for new alarms, in seconds?">300</configinteger>
</configsection>
</case>
</configswitch>
</configsection>
</configtab>
<configtab name="group" desc="Groups">
<configsection name="group">
<configheader>Groups Settings</configheader>
<configswitch name="driver" desc="What backend should we use for Horde
Groups?">Sql
<case name="Kolab" desc="Kolab">
<configsection name="params">
<configldap switchname="driverconfig">
<configstring name="gid" desc="The group search key">cn</configstring>
<configstring name="memberuid" desc="Group membership field">
memberUid</configstring>
<configboolean name="attrisdn" required="false"
desc="If checked, the user member attributes returned from LDAP are
expected to be fully qualified DNs"/>
<configlist name="newgroup_objectclass" desc="What objectclasses should
a new group be member of? These objectclasses should cover the mail and
gidnumber attributes as well as the group search key">
posixGroup,hordeGroup</configlist>
<configstring name="writedn" desc="DN used to bind for creating and
editing LDAP groups." required="false"/>
<configstring name="writepw" desc="Password for bind DN."
required="false"/>
<configsection name="search">
<configswitch name="filter_type" desc="How to specify a filter for the
group lists">objectclass
<case name="objectclass" desc="One or more objectclass filters">
<configlist name="objectclass" desc="The objectclass filter used to
search for groups. Can be a single objectclass or a list.">
posixGroup</configlist>
</case>
<case name="filter" desc="A complete LDAP filter expression">
<configstring name="filter" desc="The LDAP RFC formatted filter used
to search for groups."/>
</case>
</configswitch>
</configsection>
</configldap>
</configsection>
</case>
<case name="Ldap" desc="LDAP">
<configsection name="params">
<configldap switchname="driverconfig">
<configstring name="gid" desc="The group search key">cn</configstring>
<configstring name="memberuid" desc="Group membership field">
memberUid</configstring>
<configswitch name="attrisdn" required="false" desc="Are the user member
attributes returned from LDAP expected to be fully qualified DNs?">false
<case name="false" desc="No"/>
<case name="true" desc="Yes">
<configldapuser/>
</case>
</configswitch>
<configlist name="newgroup_objectclass" desc="What objectclasses should
a new group be member of? These objectclasses should cover the mail and
gidnumber attributes as well as the group search key">
posixGroup,hordeGroup</configlist>
<configstring name="writedn" desc="DN used to bind for creating and
editing LDAP groups." required="false"/>
<configstring name="writepw" desc="Password for bind DN."
required="false"/>
<configsection name="search">
<configswitch name="filter_type" desc="How to specify a filter for the
group lists">objectclass
<case name="objectclass" desc="One or more objectclass filters">
<configlist name="objectclass" desc="The objectclass filter used to
search for groups. Can be a single objectclass or a list.">
posixGroup</configlist>
</case>
<case name="filter" desc="A complete LDAP filter expression">
<configstring name="filter" desc="The LDAP RFC formatted filter used
to search for groups."/>
</case>
</configswitch>
</configsection>
</configldap>
</configsection>
</case>
<case name="Mock" desc="No Groups"/>
<case name="Sql" desc="SQL">
<configsection name="params">
<configsql switchname="driverconfig" />
</configsection>
</case>
</configswitch>
</configsection>