Support for TLS connections (this release tested with FreeIPA 4).

README.md

@@ -1,4 +1,4 @@
 # thunderbird-mcd
 
 ###### Thunderbird Mission Critical Desktop
-Provides automated configuration for Thunderbird via PHP + OpenLDAP.
+Provides automated configuration for Thunderbird via PHP + LDAP server.

ldap.cfg.example

@@ -1,20 +1,24 @@
 <?php
 //LDAP
 // Connection
-$ldap_host = 'ldap.example.com';
+$ldap_scheme = "ldap";
+$ldap_start_tls = true;
+$ldap_host = 'freeipa.example.com';
 $ldap_port = '389';
-$ldap_user = 'cn=reader,ou=people,dc=example,dc=com';
+$ldap_user = 'uid=reader,cn=users,cn=accounts,dc=example,dc=com';
 $ldap_password = 'reader';
 // The root of catalog
 $ldap_root = 'dc=example,dc=com';
 // Base for search uid
-$ldap_base = "ou=people,$ldap_root";
-// Base for search memberUid
+$ldap_base = "cn=users,cn=accounts,$ldap_root";
+// Base for search group membership
 $ldap_base_manager = "cn=TopManagers,ou=groups,$ldap_root";
 // VARS
 $ldap_uid = $_GET['user'];
 $ldap_filter = "(uid=$ldap_uid)";
 $ldap_filter_manager = "(memberUid=$ldap_uid)";
+$ldap_map_entryuuid = 'ipaUniqueID';
+$ldap_map_city = 'l';
 $ldap_target_gid = '1100';
 // Organisation
 $exten_prefix = ' доб. 1-';
@@ -30,9 +34,10 @@ $mail_server_port = '143';
 $mail_smtp_desc = 'SMTP server of our company';
 $mail_smtp_port = '25';
 $mail_identity_org = 'Example, Inc.';
-$ldap_nonascii_desc = 'Domain';
-$ldap_nonascii_uri = "ldap://$ldap_host/$ldap_base??sub?(objectClass=posixAccount)";
-$quicktext_default_import = '/home/exchange/quicktext.xml';
+$mail_ldap_description = 'FreeIPA';
+$mail_ldap_uri = "$ldap_scheme://$ldap_host:$ldap_port/$ldap_base??sub?(objectClass=person)";
+$mail_ldap_dn = "uid=$ldap_uid,$ldap_base";
+$mail_ldap_max_hits = 100;
 $messenger_save_dir = '/tmp';
 //Caldav
 $caldav_enable = true;

ldap.defaults.php

@@ -5,17 +5,18 @@ $ldap_givenname = '';
 $ldap_sn = '';
 $ldap_title = '';
 $ldap_mail = '';
+$ldap_entryuuid = '';
 $ldap_attributes = array(
-    "gidnumber",
-    "givenname",
-    "sn",
-    "title",
-    "mail",
-    "telephonenumber",
-    "telexnumber",
-    "pager",
-    "homephone",
-    "homepostaladdress",
-    "entryuuid"
+  $ldap_map_entryuuid,
+  $ldap_map_city,
+  "gidnumber",
+  "givenname",
+  "sn",
+  "title",
+  "mail",
+  "telephonenumber",
+  "telexnumber",
+  "pager",
+  "homephone"
 );
 ?>

ldap.settings.php

@@ -46,12 +46,13 @@ try {
   lockPref("mail.identity.id1.fcc_folder_picker_mode", 0);
   lockPref("mail.identity.id1.stationery_folder", "imap://$ldap_mail_replaced@$mail_domain/Templates");
   lockPref("mail.identity.id1.reply_on_top", 1);
-  lockPref("ldap_2.servers._nonascii.auth.dn", "");
-  lockPref("ldap_2.servers._nonascii.auth.saslmech", "");
-  lockPref("ldap_2.servers._nonascii.description", "$ldap_nonascii_desc");
-  lockPref("ldap_2.servers._nonascii.filename", "ldap.mab");
-  lockPref("ldap_2.servers._nonascii.maxHits", 50);
-  lockPref("ldap_2.servers._nonascii.uri", "$ldap_nonascii_uri");
+  lockPref("ldap_2.servers.$mail_ldap_description.auth.dn", "$mail_ldap_dn");
+  lockPref("ldap_2.servers.$mail_ldap_description.auth.saslmech", "");
+  lockPref("ldap_2.servers.$mail_ldap_description.description", "$mail_ldap_description");
+  lockPref("ldap_2.servers.$mail_ldap_description.filename", "ldap.mab");
+  lockPref("ldap_2.servers.$mail_ldap_description.maxHits", $mail_ldap_max_hits);
+  lockPref("ldap_2.servers.$mail_ldap_description.uri", "$mail_ldap_uri");
+  lockPref("ldap_2.autoComplete.directoryServer", "ldap_2.servers.$mail_ldap_description");
   lockPref("ldap_2.autoComplete.directoryServer", "ldap_2.servers._nonascii");
   lockPref("ldap_2.autoComplete.useDirectory", true);
   lockPref("toolkit.telemetry.enabled", true);
@@ -74,11 +75,6 @@ try {
   pref("extensions.sieve.account.$ldap_mail_replaced@$mail_domain.port.type", 0);
   pref("extensions.sieve.account.$ldap_mail_replaced@$mail_domain.proxy.type", 1);
   pref("extensions.sieve.account.$ldap_mail_replaced@$mail_domain.sasl.forced", false);
-  defaultPref("extensions.shrunked.default.maxHeight", 1024);
-  defaultPref("extensions.shrunked.default.maxWidth", 1280);
-  defaultPref("extensions.shrunked.default.quality", 85);
-  defaultPref("quicktext.defaultImport", "$quicktext_default_import");
-  defaultPref("quicktext.firstTime", false);
   defaultPref("messenger.save.dir", "$messenger_save_dir");
   $caldav_settings
   lockPref("mail.identity.id1.htmlSigFormat", true);

ldap.vars.php

@@ -7,5 +7,5 @@ $ldap_mail = ($info[0]["mail"][0]);
 $ldap_givenname_exploded = explode(" ",$ldap_givenname);
 $ldap_givenname_exploded = $ldap_givenname_exploded[0];
 $ldap_mail_replaced = preg_replace('+@+','%40', $ldap_mail);
-$ldap_entryuuid = $info[0]["entryuuid"][0];
+$ldap_entryuuid = ($info[0][$ldap_map_entryuuid][0]);
 ?>

thunderbird.php

@@ -11,10 +11,15 @@ if(empty($_GET['user'])) {
   exit('Error: user not present');
 }
 
-$link = ldap_connect($ldap_host, $ldap_port);
+=$ldap_uri = "$ldap_scheme://$ldap_host:$ldap_port";
+$link = ldap_connect($ldap_uri) or die("Can't parse LDAP uri");
 ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3);
-$ldap_bind = ldap_bind($link, $ldap_user, $ldap_password);
 
+if($ldap_start_tls == true) {
+  $tls_link = ldap_start_tls($link) or die("LDAP START TLS failed");
+}
+
+$ldap_bind = ldap_bind($link, $ldap_user, $ldap_password);
 if(!$ldap_bind) {
   $ldap_errno = ldap_errno($link);
   $ldap_error = ldap_err2str($ldap_errno);
@@ -47,8 +52,8 @@ if($im_enabled == true) {
   }
 }
 
-if (isset($info[0]["homepostaladdress"])) {
-  $ldap_support_key = array_search($info[0]["homepostaladdress"][0], $siga_support_address_array);
+if (isset($info[0][$ldap_map_city])) {
+  $ldap_support_key = array_search($info[0][$ldap_map_city][0], $siga_support_address_array);
   if (isset($ldap_support_key)) {
     $ldap_support_mail = "$siga_support_address_prefix$ldap_support_key$siga_support_address_postfix" . "@" . "$siga_support_address_domain";
     $ldap_support_mail = "<br><a href=\\\"mailto:" . $ldap_support_mail . "\\\">" . $ldap_support_mail . "</a>";