zarafa-admin(1) - Linux man page
Name
zarafa-admin - Manages Zarafa users and stores.
Synopsis
zarafa-admin ACTION [OPTION...]
Description
This tool can be used to create the public store and to add, update and remove users from Zarafa. The Zarafa server must be running for zarafa-admin to work.
If no action is given, a listing of the possible parameters is printed. When invalid actions or not enough options for an action are given, an error message is printed.
When using LDAP as the users source, create, modify and delete actions are done in the LDAP tree and not using the zarafa-admin tool. Please see the EXTERNAL USERS() section for more information.
Actions
zarafa-admin needs an action command with the appropriate options. Valid actions are:
-s
- Create a public store. No other options are needed. Only one public store can be created. Successive calls will fail.
- -c username
- Create a new user, -p, -f and -e options are required, -a and -n parameters are optional. To set a password using a password prompt, use the -P option in stead of -p.
- -d username
- Delete a user. No other options are needed. The deleted store of the user will be marked as orphan store and can be restored with --hook-store
- -u username
- Update user information. Valid parameters are: [-p|-P], -f, -e, -a, -n and -U to update user information. Use:
--qo, --qw, --qs or --qh to set quota levels. Use 0 with quota options to set as 'unlimited'.
--enable-feature and --disable-feature to enable or disable specific features for users.
- -g groupname
- Create a new group. Valid parameters are: -e
- --update-group groupname
- Update group information. Valid parameters are: -e
- -G groupname
- Delete a group. No other options are needed.
- -b username
- Add a user to a group. Use the -i to set the groupname.
- -B username
- Remove a user from a group. Use the -i to set the groupname.
- -l
- List all users available in Zarafa. When using an external user source, this action will implicitly synchronize all users in the external source, creating, updating and/or removing users and stores.
- -L
- List all groups available in Zarafa. When using an external user source, this action will implicitly synchronize all groups in the external source, creating updating and/or removing groups and memberships.
- --list-companies
- List all tenans available in Zarafa. When using an external user source, this action will implicitly synchronize all tenants in the external source,
creating updating and/or removing companies.
This option is only available in multi-tenancy Zarafa
- --details name
- Show all the details of a user, showing the fullname, e-mailaddress, active state, administator state, group memberships and quota settings. Optionally use
--type to indicate for what kind of object the details are being requested.
Note: This function does not synchronize with the external user plugin. Thus changes from e.g. LDAP will not be set during this function.
- --type type
- Additional argument for --details. The argument with this option indicates for what type of object the details are being requested. Allowed values are 'user', 'group' or 'company' When this option is not used, it defaults to 'user'
- --create-company companyname
- Create a new tenant space.
Use: --qo, --qw, --qs, --qh to set quota levels for the tenant.
Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the tenant.
This option is only available in multi-tenancy Zarafa.
- --update-company companyname
- Update an existing tenant space.
Use: --qo, --qw, --qs, --qh to set quota levels for the tenant.
Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the .
This option is only available in multi-tenancy Zarafa.
- --delete-company companyname
- Delete company space.
This option is only available in multi-tenancy Zarafa.
- --set-system-admin companyname
- Set system administrator for the tenant specified by -I.
Please be aware that this option does not provide the user with administrator privileges. The system administrator is considered the main contact person for a company, it will for example be used as default sender for quota warning emails.
This option is only available in multi-tenancy Zarafa.
- --add-to-viewlist companyname
- Add tenant 'companyname' to remote-view list of company specified by -I. After this command the 'companyname' is capable of viewing all
members of the company specified by -I.
This option is only available in multi-tenancy Zarafa.
- --del-from-viewlist companyname
- Delete company 'companyname' from remote-view list of tenant specified by -I. After this command the 'companyname' is no longer capable
of viewing all members of the tenant specified by -I.
This option is only available in multi-tenancy Zarafa.
- --list-view
- List all tenants in the remote-view list of the tenant specified by -I. The tenants in this list are able to view all members of the specified tenant
in their Address Book.
This option is only available in multi-tenancy Zarafa.
- --add-to-adminlist username
- Add user 'username' to remote-admin list of tenant specified by -I. This is the administrator list for remote administrators, as such it only
manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and
specifying the -a argument.
Users can only be administrator over a different company when they have also been granted view privileges, can be granted by using the --add-to-viewlist.
This option is only available in multi-tenancy Zarafa.
- --del-from-adminlist username
- Delete user 'username' from remote-admin list of company specified by -I. This is the administrator list for remote administrators, as such it
only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and
specifying the -a argument.
This option is only available in multi-tenancy Zarafa.
- --list-admin
- List all users in the remote-admin list of the tenant specified by -I. This is the administrator list for remote administrators, as such it only
manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and
specifying the -a argument.
Users can only be administrator over a different tenant when they have also been granted view privileges, can be granted by using the --add-to-viewlist.
This option is only available in multi-tenancy Zarafa.
- --add-userquota-recipient user
- Add 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.
- --del-userquota-recipient user
- Delete 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.
- --list-userquota-recipients
- List all additional recipients for a userquota warning email. Use -I to request the recipient list for a particular tenant space.
- --add-companyquota-recipient user
- Add 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.
- --del-companyquota-recipient user
- Delete 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on.
- --list-companyquota-recipients
- List all additional recipients for a tenant quota warning email. Use -I to request the recipient list for a particular tenant space
- --list-sendas user
- List all users who are able to directly send an email as user. This has been set in the LDAP server, or with the --add-sendas command for Unix and DB plugins. Optionally use --type to indicate for what kind of object the sendas details are being requested.
- --clear-cache
- Clears the server's caches. All data cached inside the zarafa-server is cleared. Although this can never cause any data loss, it can affect the performance of your server, since any data requested after the cache is cleared needs to be re-requested from the database or LDAP server. Normally this option is never needed; it is mostly used as a diagnostics tool.
- --purge-softdelete days
- Starts a softdelete purge on the server, removing all soft-deleted items which have been deleted days days ago, or earlier
- --purge-deferred
- The server has an optimization in which changes to the tproperties table are not writted directly, but delayed for a more efficient write at a later time. The server auto-purges these regularly. This command allows you to purge all changes pending. It may be useful to run this during low I/O load of your server (eg at night).
- --list-orphans
- When a user is removed, the store becomes orphaned. This option shows a list of stores that are not hooked to a user. You can use the --remove-store and --hook-store from this list.
- --hook-store store-guid
- You can hook an orphaned store to an existing user, so you may access the store again. Use the -u username to specify the user to hook the
store to.
You can copy an orphaned store to the public store, so you can read the store in the public folders. Use the --copyto-public to copy the store to the public folder 'Admin/deleted stores'.
To hook a public store, use the --type group/company option to influence the name type in the -u switch.
To hook an archive store, use --type archive.
- --remove-store store-guid
- Use this action to remove the store from the database. The store is actually just marked as deleted, so the softdelete system can remove the store from the database.
- --create-store username
- This action will create a store for a newly created user, and is normally called through the createuser script. If the --list-orphans action listed users without a store, you can create a new store for those users with this command.
- --unhook-store username
- You can unhook a store from a user, so you can remove the store and create a new one.
To unhook a public store, use the --type group/company option to influence the name type in the username argument. Use a companyname with type company or 'Everyone' with type group to unhook the public.
To unhook an archive store, use --type archive.
- --force-resync usernames
- You can force a resync of cached profiles when the data is out of sync. One or more usernames can be specified.
- --reset-folder-count username
- Reset the counters on all folder in username's store.
- --user-count
- Shows an overview of user counts per type of user, and how much are allowed by your current license.
- --config file
- Use a configuration file. See the CONFIG() section for more information.
Default: /etc/zarafa/admin.cfg
Options
The options used by actions are as follows:
-U 'new username'
- Use this parameter to rename a user. This option is only valid with the -u update action.
- -p password
- Set password for a user. This option is only valid with the -c create or -u update action.
- -P
- Set password for a user. The password can be entered on the password prompt. The password will not be shown. This option is only valid with the -c create or -u update action.
- -f 'full name'
- Specify full user name. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action.
- -e 'email address'
- Specify the email address. This address will be used to set the 'From' email address in outgoing email messages. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action.
- -a [yes|y|1|2 / no|n|0]
- Set the user as administrator by passing 'yes'. When passing 'no', administrator rights will be revoked from the user. This option is only valid with the
-c create or -u update action.
It is also possible to pass 2 as administrator level, this will make the user a system administrator who can create/modify/delete companies.
- -n [yes|y|1 / no|n|0]
- Specify a non-active user. This user cannot login, but email can be delivered, and the store can be opened by users with correct rights.
- --qo [yes|y|1 / no|n|0]
- Override the default server quota settings for this user. User specific quota levels will used. The default value of this option is 'no', always using server quota levels. This option is only valid with the -c create or -u update action.
- --qw value in Mb
- Set the warning quota level for a user. The user may receive a warning email when this level is reached. See zarafa-monitor(1) for warning emails. This option is only valid with the -c create or -u update action.
- --qs value in Mb
- Set the soft quota level for a user. The user will be unable to receive new emails, bouncing the email back to the sender. This option is only valid with the -c create or -u update action.
- --qh value in Mb
- Set the hard quota level for a user. The user will be unable to receive and create new emails. This option is only valid with the -c create or -u update action.
- --udqo [yes|y|1 / no|n|0]
- Override the default server quota settings for all user within the specified tenant. default value of this option is 'no', always using server quota levels.
- --udqw value in Mb
- Set the warning quota level for all users within the specified tenant. The user may receive a warning email when this level is reached. See zarafa-monitor(1) for warning emails.
- --udqs value in Mb
- Set the soft quota level for all users within the specified tenant. The user will be unable to receive new emails, bouncing the email back to the sender. See zarafa-monitor(1) for warning emails.
- --udqh value in Mb
- Set the hard quota level for all users within the specified tenant. The user will be unable to receive and create new emails. See zarafa-monitor(1) for warning emails.
- --host, -h path
- Connect to the Zarafa server through path, e.g. file:///path/to/socket. Default: file:///var/run/zarafa. This option can always be specified.
- -i groupname
- This sets the groupname for -b and -B actions.
- -I companyname
- This sets the companyname for all user, group and tenant commands. This option is only available for multi-tenancy Zarafa.
- --mr-accept [yes|y|1 / no|n|0]
- Specified that meeting requests should automatically be accepted for this user. This means that when a meeting request is sent to this user when specified as being a 'resource', the request will directly be honoured and written to the calendar. This is a client-side action and this setting therefore does not affect actual meeting requests being delivered via zarafa-dagent.
- --mr-decline-conflict [yes|y|1 / no|n|0]
- This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-conflict, meeting requests that conflict with an existing meeting will be declined.
- --mr-decline-recurring [yes|y|1 / no|n|0]
- This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-recurring, meeting requests that are recurring will be declined.
- --add-sendas sender
- Add user sender to the list of the senders you're updating as a 'send as' user. The sender can now send mails under the updated user's name, unless the updated user sets the sender as a delegate. When the sender is a delegate, the mail will be sent with 'On behalf of' markings in the email. This option is only valid with the -u and --update-group update action.
- --del-sendas sender
- Remove user sender from the list of the senders you're updating as a 'send as' user. This option is only valid with the -u and --update-group update action.
- --lang language
- Use language to create new stores; this means that folders in the new store will be in the language specified. Only useful in combination with --create-store. When this options in not specified, the system default will be selected according the LC_* and LANG environment variables, depending on your OS.
Config
Normally, no configuration file is used or required. If the file /etc/zarafa/admin.cfg exists, it is used as configuration file, but no error checking is performed. This way, you can use any config file from a zarafa program, eg. zarafa-spooler or zarafa-dagent, to load SSL settings.
The following options can be set in the configuation file:
server_socket
- Unix socket to find the connection to the Zarafa server.
Default: file:///var/run/zarafa
- sslkey_file
- Use this file as key to logon to the server. This is only used when server_socket is set to an HTTPS transport. See the zarafa-server(1) manual page
on how to setup SSL keys.
Default: value not set.
- sslkey_pass
- The password of the SSL key file that is set in sslkey_file.
Default: value not set.
Examples
For creating a user:
zarafa-admin -c loginname -p password -f 'Firstname Lastname' -e f.lastname@tenant.com
For creating a non-login store:
zarafa-admin -c loginname -p password -f 'Firstname Lastname' -e f.lastname@tenant.com -n 1
For modifying the password and e-mail address:
zarafa-admin -u loginname -p newpass -e fistname@tenant.com
For deleting a user:
zarafa-admin -d loginname
For adding a user to a group:
zarafa-admin -b loginname -i groupname
For setting a specific quota level for a user. Warning level to 80 Mb, soft level to 90 Mb and hard level to 100 Mb:
zarafa-admin -u loginname --qo yes --qw 80 --qs 90 --qh 100
External Users
When the users are located in an external database, and the Zarafa server is configured to use these users, a lot of commands from the zarafa-admin tool make no sense anymore. An example of an external database, and currently the only option, is an LDAP database.
The following actions can still be used, all other commands will be automatically triggered by changing the values in the LDAP server.
-s: create public store.
-l: list users known to Zarafa.
-L: list groups known to Zarafa.
--details username: show user details.
--sync: trigger full synchonise for users and groups from the external source.
When the users change in the external source, the Zarafa server instantly synchronizes to these changes. There are two exceptions that need some extra attention, and these are when users are created or deleted. When a user is created, the createuser_script from the zarafa-server.cfg(5) will be started to create a store for a user. Likewise, when deleting a user, the deleteuser_script from the zarafa-server.cfg(5) will be started to delete a store from a user. The same is valid for creating and deleting a group and tenant, starting the creategroup_script/createcompany_script and deletegroup_script/deletecompany_script scripts respectively.
Diagnostics
Could not create user/store/public store.
When you get this error, make sure the Zarafa server and database server are running.
Author
Written by Zarafa.
See Also
zarafa-server(1) zarafa-server.cfg(5)