Penguin

I've recently been experimenting with getting all users on a machine to automatically pick up AD Directory services.

The first thing is how to connect to AD from Thunderbird:

Add an LDAP server with:

  Server name: AD.example.com
  Base DN: ou=users, dc=example, dc=com
  Bind DN: user@example.com

The Base DN varies from Installation to Installation, but is usually "ou=<something>" followed by the name of the "domain" split with "dc" (domain components). The interesting thing about Active Directory is that you can authenticate with your user@domain as the BindDN, which means you don't need to be able to find the proper DN to bind as -- which you normally can't do because Active Directory doesn't allow anonymous binds.

To get Thunderbird to set this up by default for all users on a box you have a lovely Rube Goldberg style setup.

First you need to edit grepref/all.js (normally /usr/share/thunderbird/greprefs/all.js) and add to the end:

* Perry 2010-03-04 -- Add auto configuration */
pref("general.config.obscure_value", 0); // disable rot13 .cfg obfuscation
pref("general.config.filename", "example.cfg");

example.cfg can't be a full path, otherwise you get a NS_INSECURE_PATH style error message. It needs to be in the toplevel thunderbird directory which appaers to be /usr/lib/thunderbird/example.cfg.

This file MUST start with a // otherwise mozilla won't recognise it. (sigh).

// vim: set filetype=javascript
//
// (C) Copyright 2010, Perry Lorier
//
// 2010-03-04 Perry Lorier
//  * Setup test url for autoconfiguring thunderbird
//

try {

pref("autoadmin.global_config_url", "http://example.com/thunderbird-prefs.js");
pref("autoadmin.append_mailaddr", false);

} catch(e) {
displayError("Error setting autoconfig file", e);
}

This then fetches the actual config you care about using any of the protocols that mozilla can understand. The contents of this file is something like:

* Default configuration for LDAP Directory services using an AD server.
* (C) Copyright 2010, Perry Lorier.
*
* See https://developer.mozilla.org/en/MCD for more information.
*
* 2010-03-04 Perry Lorier
*  * Created initial system for doing directory lookups out of LDAP.
*/

if (getenv("USER") != "") {
       // Unix
       var env_user = getenv("USER");
} else {
       // Windows
       var env_user = getenv("USERNAME");
}

/* Misc settings */
defaultPref("ldap_2.prefs_migrated",true);

/* Configure the Users Directory */
defaultPref("ldap_2.servers.ExampleDirectory.auth.dn", env_user + "@example.com");
defaultPref("ldap_2.servers.ExampleDirectory.auth.savePassword", true);
defaultPref("ldap_2.servers.ExampleDirectory.description","Example Directory");
defaultPref("ldap_2.servers.ExampleDirectory.uri", "ldap://ad.example.com:389/ou=users,dc=example,dc=com??sub");

/* Set the default ldap auto completion to the Example Directory */
defaultPref("ldap_2.autoComplete.directoryServer", "ldap_2.servers.ExampleDirectory");
defaultPref("ldap_2.autoComplete.useDirectory", true);

/* Other possible things here?  We could autoconfigure IMAPS/SMTP for instance? */
/* Enable image loading from *.example.com in message bodies? */
/* You can look up attributes in ldap to configure email etc from that */

To debug this set:

export NSPR_LOG_MODULES=MCD:5
export NSPR_LOG_FILE=/tmp/thunderbird-log.txt

See also

Part of CategoryMailNotes