zarafa-admin (1) - Linux Man Pages

zarafa-admin: Manages Zarafa users and stores.

NAME

zarafa-admin - Manages Zarafa users and stores.

SYNOPSIS

zarafa-admin ACTION [OPTION...]

DESCRIPTION

This tool can be used to create the public store and to add, update and remove users from Zarafa. The Zarafa server must be running for zarafa-admin to work.

If no action is given, a listing of the possible parameters is printed. When invalid actions or not enough options for an action are given, an error message is printed.

When using LDAP as the users source, create, modify and delete actions are done in the LDAP tree and not using the zarafa-admin tool. Please see the EXTERNAL USERS() section for more information.

ACTIONS

zarafa-admin needs an action command with the appropriate options. Valid actions are:

-s

Create a public store. No other options are needed. Only one public store can be created. Successive calls will fail.

-c username

Create a new user, -p, -f and -e options are required, -a and -n parameters are optional. To set a password using a password prompt, use the -P option in stead of -p.

-d username

Delete a user. No other options are needed. The deleted store of the user will be marked as orphan store and can be restored with --hook-store

-u username

Update user information. Valid parameters are: [-p|-P], -f, -e, -a, -n and -U to update user information. Use: --qo, --qw, --qs or --qh to set quota levels. Use 0 with quota options to set as 'unlimited'.

--enable-feature and --disable-feature to enable or disable specific features for users.

This action is also required for all options to control the autoaccept of meeting requests. See the --mr-accept, --mr-decline-conflict and --mr-decline-recurring options.

-g groupname

Create a new group. Valid parameters are: -e

--update-group groupname

Update group information. Valid parameters are: -e

-G groupname

Delete a group. No other options are needed.

-b username

Add a user to a group. Use the -i to set the groupname.

-B username

Remove a user from a group. Use the -i to set the groupname.

-l

List all users available in Zarafa. When using an external user source, this action will implicitly synchronize all users in the external source, creating, updating and/or removing users and stores.

-L

List all groups available in Zarafa. When using an external user source, this action will implicitly synchronize all groups in the external source, creating updating and/or removing groups and memberships.

--list-companies

List all tenans available in Zarafa. When using an external user source, this action will implicitly synchronize all tenants in the external source, creating updating and/or removing companies.

This option is only available in multi-tenancy Zarafa

--details name

Show all the details of a user, showing the fullname, e-mailaddress, active state, administator state, group memberships and quota settings. Optionally use --type to indicate for what kind of object the details are being requested.

Note: This function does not synchronize with the external user plugin. Thus changes from e.g. LDAP will not be set during this function.

--type type

Additional argument for --details. The argument with this option indicates for what type of object the details are being requested. Allowed values are 'user', 'group' or 'company' When this option is not used, it defaults to 'user'

--create-company companyname

Create a new tenant space.

Use: --qo, --qw, --qs, --qh to set quota levels for the tenant.

Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the tenant.

This option is only available in multi-tenancy Zarafa.

--update-company companyname

Update an existing tenant space.

Use: --qo, --qw, --qs, --qh to set quota levels for the tenant.

Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the .

This option is only available in multi-tenancy Zarafa.

--delete-company companyname

Delete company space.

This option is only available in multi-tenancy Zarafa.

--set-system-admin companyname

Set system administrator for the tenant specified by -I.

Please be aware that this option does not provide the user with administrator privileges. The system administrator is considered the main contact person for a company, it will for example be used as default sender for quota warning emails.

This option is only available in multi-tenancy Zarafa.

--add-to-viewlist companyname

Add tenant 'companyname' to remote-view list of company specified by -I. After this command the 'companyname' is capable of viewing all members of the company specified by -I.

This option is only available in multi-tenancy Zarafa.

--del-from-viewlist companyname

Delete company 'companyname' from remote-view list of tenant specified by -I. After this command the 'companyname' is no longer capable of viewing all members of the tenant specified by -I.

This option is only available in multi-tenancy Zarafa.

--list-view

List all tenants in the remote-view list of the tenant specified by -I. The tenants in this list are able to view all members of the specified tenant in their Address Book.

This option is only available in multi-tenancy Zarafa.

--add-to-adminlist username

Add user 'username' to remote-admin list of tenant specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument.

Users can only be administrator over a different company when they have also been granted view privileges, can be granted by using the --add-to-viewlist.

This option is only available in multi-tenancy Zarafa.

--del-from-adminlist username

Delete user 'username' from remote-admin list of company specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument.

This option is only available in multi-tenancy Zarafa.

--list-admin

List all users in the remote-admin list of the tenant specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument.

Users can only be administrator over a different tenant when they have also been granted view privileges, can be granted by using the --add-to-viewlist.

This option is only available in multi-tenancy Zarafa.

--add-userquota-recipient user

Add 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.

--del-userquota-recipient user

Delete 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.

--list-userquota-recipients

List all additional recipients for a userquota warning email. Use -I to request the recipient list for a particular tenant space.

--add-companyquota-recipient user

Add 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.

--del-companyquota-recipient user

Delete 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.

--list-companyquota-recipients

List all additional recipients for a tenant quota warning email. Use -I to request the recipient list for a particular tenant space

--list-sendas user

List all users who are able to directly send an email as user. This has been set in the LDAP server, or with the --add-sendas command for Unix and DB plugins. Optionally use --type to indicate for what kind of object the sendas details are being requested.

--clear-cache

Clears the server's caches. All data cached inside the zarafa-server is cleared. Although this can never cause any data loss, it can affect the performance of your server, since any data requested after the cache is cleared needs to be re-requested from the database or LDAP server. Normally this option is never needed; it is mostly used as a diagnostics tool.

Optionally use --clear-cache= to specify a set of purge options. The following options can be used:

0x0000 Release no longer used memory back to the kernel
0x0001 Purge the quota cache
0x0002 Purge the quota default cache
0x0004 Purge the object cache
0x0008 Purge the store cache
0x0010 Purge the ACL cache
0x0020 Purge the cell cache
0x0040 Purge the index1 cache
0x0080 Purge the index2 cache
0x0100 Purge the indexproperty cache
0x0200 Purge the user object cache
0x0400 Purge the externid cache
0x0800 Purge the userdetails cache
0x1000 Purge the server cache

--purge-softdelete days

Starts a softdelete purge on the server, removing all soft-deleted items which have been deleted days days ago, or earlier

--purge-deferred

The server has an optimization in which changes to the tproperties table are not writted directly, but delayed for a more efficient write at a later time. The server auto-purges these regularly. This command allows you to purge all changes pending. It may be useful to run this during low I/O load of your server (eg at night).

--list-orphans

When a user is removed, the store becomes orphaned. This option shows a list of stores that are not hooked to a user. You can use the --remove-store and --hook-store from this list.

--hook-store store-guid

You can hook an orphaned store to an existing user, so you may access the store again. Use the -uusername to specify the user to hook the store to.

You can copy an orphaned store to the public store. Use the --copyto-public to copy the store to the public folder named 'Admin/deleted stores'. This folder is then only visible for users with Zarafa admin privileges.

To hook a public store, use --type group/company to influence the name type in the -u switch.

To hook an archive store, use --typearchive.

--remove-store store-guid

Use this action to remove the store from the database. The store is actually just marked as deleted, so the softdelete system can remove the store from the database.

--create-store username

This action will create a store for a newly created user, and is normally called through the createuser script. If the --list-orphans action listed users without a store, you can create a new store for those users with this command.

--unhook-store username

You can unhook a store from a user, so you can remove the store and create a new one.

To unhook a public store, use the --type group/company option to influence the name type in the username argument. Use a companyname with type company or 'Everyone' with type group to unhook the public.

To unhook an archive store, use --typearchive.

--force-resync usernames

You can force a resync of cached profiles when the data is out of sync. One or more usernames can be specified. If no usernames are given, all offline profiles can be resynced.

--reset-folder-count username

Reset the counters on all folders in username's store.

--user-count

Shows an overview of user counts per type of user, and how much are allowed by your current license.

OPTIONS

The options used by actions are as follows:

-U 'new username'

Use this parameter to rename a user. This option is only valid with the -u update action.

-p password

Set password for a user. This option is only valid with the -c create or -u update action.

-P

Set password for a user. The password can be entered on the password prompt. The password will not be shown. This option is only valid with the -c create or -u update action.

-f 'full name'

Specify full user name. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action.

-e 'email address'

Specify the email address. This address will be used to set the 'From' email address in outgoing email messages. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action.

-a [yes|y|1|2 / no|n|0]

Set the user as administrator by passing 'yes'. When passing 'no', administrator rights will be revoked from the user. This option is only valid with the -c create or -u update action.

It is also possible to pass 2 as administrator level, this will make the user a system administrator who can create/modify/delete companies.

-n [yes|y|1 / no|n|0]

Specify a non-active user. This user cannot login, but email can be delivered, and the store can be opened by users with correct rights.

--qo [yes|y|1 / no|n|0]

Override the default server quota settings for this user. User specific quota levels will used. The default value of this option is 'no', always using server quota levels. This option is only valid with the -c create or -u update action.

--qw value in Mb

Set the warning quota level for a user. The user may receive a warning email when this level is reached. See zarafa-monitor(1) for warning emails. This option is only valid with the -c create or -u update action.

--qs value in Mb

Set the soft quota level for a user. The user will be unable to receive new emails, bouncing the email back to the sender. This option is only valid with the -c create or -u update action.

--qh value in Mb

Set the hard quota level for a user. The user will be unable to receive and create new emails. This option is only valid with the -c create or -u update action.

--udqo [yes|y|1 / no|n|0]

Override the default server quota settings for all user within the specified tenant. default value of this option is 'no', always using server quota levels.

--udqw value in Mb

Set the warning quota level for all users within the specified tenant. The user may receive a warning email when this level is reached. See zarafa-monitor(1) for warning emails.

--udqs value in Mb

Set the soft quota level for all users within the specified tenant. The user will be unable to receive new emails, bouncing the email back to the sender. See zarafa-monitor(1) for warning emails.

--udqh value in Mb

Set the hard quota level for all users within the specified tenant. The user will be unable to receive and create new emails. See zarafa-monitor(1) for warning emails.

-i groupname

This sets the groupname for -b and -B actions.

-I companyname

This sets the companyname for all user, group and tenant commands. This option is only available for multi-tenancy Zarafa.

--mr-accept [yes|y|1 / no|n|0]

Specified that meeting requests should automatically be accepted for a user. This means that when a meeting request is sent to this user when specified as being a 'resource', the request will directly be honoured and written to the calendar. This is a client-side action and this setting therefore does not affect actual meeting requests being delivered via zarafa-dagent. The user on which to operate is select using the -u switch.

--mr-decline-conflict [yes|y|1 / no|n|0]

This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-conflict, meeting requests that conflict with an existing meeting will be declined. The user on which to operate is select using the -u switch.

--mr-decline-recurring [yes|y|1 / no|n|0]

This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-recurring, meeting requests that are recurring will be declined. The user on which to operate is select using the -u switch.

--add-sendas sender

Add user sender to the list of the senders you're updating as a 'send as' user. The sender can now send mails under the updated user's name, unless the updated user sets the sender as a delegate. When the sender is a delegate, the mail will be sent with 'On behalf of' markings in the email. This option is only valid with the -u and --update-group update action.

--del-sendas sender

Remove user sender from the list of the senders you're updating as a 'send as' user. This option is only valid with the -u and --update-group update action.

--lang language

Use language to create new stores; this means that folders in the new store will be in the language specified. Only valid in combination with --create-store. When this options in not specified, the system default will be selected according the LC_* and LANG environment variables, depending on your OS.

Other options to control the connection to the zarafa-server are:

--host, -h path

Connect to the Zarafa server through path, e.g. file:///path/to/socket. Default: file:///var/run/zarafa. This option can always be specified.

--node name

Execute the command on cluster node namereplaceable>

--config file

Use a configuration file. See the CONFIG() section for more information.

Default: /etc/zarafa/admin.cfg

CONFIG

Normally, no configuration file is used or required. If the file /etc/zarafa/admin.cfg exists, it is used as configuration file, but no error checking is performed. This way, you can use any config file from a zarafa program, eg. zarafa-spooler or zarafa-dagent, to load SSL settings.

The following options can be set in the configuation file:

server_socket

Unix socket to find the connection to the Zarafa server.

Default: file:///var/run/zarafa

sslkey_file

Use this file as key to logon to the server. This is only used when server_socket is set to an HTTPS transport. See the zarafa-server(1) manual page on how to setup SSL keys.

Default: value not set.

sslkey_pass

The password of the SSL key file that is set in sslkey_file.

Default: value not set.

EXAMPLES

For creating a user:

zarafa-admin-cloginname-ppassword-f'Firstname Lastname'-ef.lastname [at] tenant.com

For creating a non-login store:

zarafa-admin-cloginname-ppassword-f'Firstname Lastname'-ef.lastname [at] tenant.com-n 1

For modifying the password and e-mail address:

zarafa-admin-uloginname-pnewpass-efistname [at] tenant.com

For deleting a user:

zarafa-admin-dloginname

For adding a user to a group:

zarafa-admin-bloginname-igroupname

For setting a specific quota level for a user. Warning level to 80 Mb, soft level to 90 Mb and hard level to 100 Mb:

zarafa-admin-uloginname--qoyes--qw80--qs90--qh100

For automatically accepting meeting requests for a user or resource:

zarafa-admin-uloginname--mr-accepty--mr-decline-conflicty--mr-decline-recurringn

EXTERNAL USERS

When the users are located in an external database, and the Zarafa server is configured to use these users, a lot of commands from the zarafa-admin tool make no sense anymore. An example of an external database, and currently the only option, is an LDAP database.

The following actions can still be used, all other commands will be automatically triggered by changing the values in the LDAP server.

-s: create public store.

-l: list users known to Zarafa.

-L: list groups known to Zarafa.

--detailsusername: show user details.

--sync: trigger full synchonise for users and groups from the external source.

When the users change in the external source, the Zarafa server instantly synchronizes to these changes. There are two exceptions that need some extra attention, and these are when users are created or deleted. When a user is created, the createuser_script from the zarafa-server.cfg(5) will be started to create a store for a user. Likewise, when deleting a user, the deleteuser_script from the zarafa-server.cfg(5) will be started to delete a store from a user. The same is valid for creating and deleting a group and tenant, starting the creategroup_script/createcompany_script and deletegroup_script/deletecompany_script scripts respectively.

DIAGNOSTICS

Could not create user/store/public store.

When you get this error, make sure the Zarafa server and database server are running.

AUTHOR

Written by Zarafa.