1<?php 2/*********************************************** 3* File : config.php 4* Project : Z-Push 5* Descr : Main configuration file 6* 7* Created : 01.10.2007 8* 9* Copyright 2007 - 2016 Zarafa Deutschland GmbH 10* 11* This program is free software: you can redistribute it and/or modify 12* it under the terms of the GNU Affero General Public License, version 3, 13* as published by the Free Software Foundation. 14* 15* This program is distributed in the hope that it will be useful, 16* but WITHOUT ANY WARRANTY; without even the implied warranty of 17* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18* GNU Affero General Public License for more details. 19* 20* You should have received a copy of the GNU Affero General Public License 21* along with this program. If not, see <http://www.gnu.org/licenses/>. 22* 23* Consult LICENSE file for details 24************************************************/ 25define("GO_NO_SESSION", true); 26//require Group-Office framework 27if(!class_exists('GO')) 28 require_once(dirname(dirname(__DIR__)) . "/GO.php"); 29 30/********************************************************************************** 31 * Default settings 32 */ 33 // Defines the default time zone, change e.g. to "Europe/London" if necessary 34 define('TIMEZONE', ''); 35 36 // Defines the base path on the server 37// define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/'); 38 define('BASE_PATH', \GO::config()->root_path. 'modules/z-push/vendor/z-push/'); 39 40 // Try to set unlimited timeout 41 define('SCRIPT_TIMEOUT', 0); 42 43 // Use a custom header to determinate the remote IP of a client. 44 // By default, the server provided REMOTE_ADDR is used. If the header here set 45 // is available, the provided value will be used, else REMOTE_ADDR is maintained. 46 // set to false to disable this behaviour. 47 // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored) 48 define('USE_CUSTOM_REMOTE_IP_HEADER', false); 49 50 // When using client certificates, we can check if the login sent matches the owner of the certificate. 51 // This setting specifies the owner parameter in the certificate to look at. 52 define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN"); 53 54 /* 55 * Whether to use the complete email address as a login name 56 * (e.g. user@company.com) or the username only (user). 57 * This is required for Z-Push to work properly after autodiscover. 58 * Possible values: 59 * false - use the username only. 60 * true - string the mobile sends as username, e.g. full email address (default). 61 */ 62 define('USE_FULLEMAIL_FOR_LOGIN', true); 63 64 /********************************************************************************** 65 * StateMachine setting 66 * 67 * These StateMachines can be used: 68 * FILE - FileStateMachine (default). Needs STATE_DIR set as well. 69 * SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored. 70 * State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa 71 */ 72 $folder = new \GO\Base\Fs\Folder(\GO::config()->file_storage_path.'zpush21state/'); 73 $folder->create(); 74 define('STATE_MACHINE', 'FILE'); 75 define('STATE_DIR', $folder->path().'/'); 76 77 /********************************************************************************** 78 * IPC - InterProcessCommunication 79 * 80 * Is either provided by using shared memory on a single host or 81 * using the memcache provider for multi-host environments. 82 * When another implementation should be used, the class can be set here explicitly. 83 * If empty Z-Push will try to use available providers. 84 85 * Possible values: 86 * IpcSharedMemoryProvider - default. Requires z-push-ipc-sharedmemory package. 87 * IpcMemcachedProvider - requires z-push-ipc-memcached package. It is necessary to set up 88 * memcached server before (it won't be installed by z-push-ipc-memcached). 89 * IpcWincacheProvider - for windows systems. 90 */ 91 define('IPC_PROVIDER', ''); 92 93/********************************************************************************** 94 * Logging settings 95 * 96 * The LOGBACKEND specifies where the logs are sent to. 97 * Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass. 98 * filelog and syslog have several options that can be set below. 99 * For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT 100 101 * Possible LOGLEVEL and LOGUSERLEVEL values are: 102 * LOGLEVEL_OFF - no logging 103 * LOGLEVEL_FATAL - log only critical errors 104 * LOGLEVEL_ERROR - logs events which might require corrective actions 105 * LOGLEVEL_WARN - might lead to an error or require corrective actions in the future 106 * LOGLEVEL_INFO - usually completed actions 107 * LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers 108 * LOGLEVEL_WBXML - also prints the WBXML sent to/from the device 109 * LOGLEVEL_DEVICEID - also prints the device id for every log entry 110 * LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack 111 * 112 * The verbosity increases from top to bottom. More verbose levels include less verbose 113 * ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR, 114 * LOGLEVEL_WARN and LOGLEVEL_INFO level entries. 115 * 116 * LOGAUTHFAIL is logged to the LOGBACKEND. 117 */ 118 //note: you can't use z-push constants in the GO config file! 119 //use 16 for debug or 32 for wbxml 120 if(!isset(\GO::config()->zpush2_loglevel)){ 121 \GO::config()->zpush2_loglevel = \GO::config()->debug ? LOGLEVEL_WBXML : LOGLEVEL_OFF; 122 } 123 124 define('LOGBACKEND', 'filelog'); 125 define('LOGLEVEL', \GO::config()->zpush2_loglevel); 126 define('LOGAUTHFAIL', false); 127 128 // To save e.g. WBXML data only for selected users, add the usernames to the array 129 // The data will be saved into a dedicated file per user in the LOGFILEDIR 130 // Users have to be encapusulated in quotes, several users are comma separated, like: 131 // $specialLogUsers = array('info@domain.com', 'myusername'); 132 define('LOGUSERLEVEL', LOGLEVEL_DEVICEID); 133 $GLOBALS['specialLogUsers'] = isset(\GO::config()->zpush2_special_log_users) ? \GO::config()->zpush2_special_log_users : array(); 134 135 $folder = new \GO\Base\Fs\Folder(\GO::config()->file_storage_path.'log/z-push/'); 136 $folder->create(); 137 138 define('LOGFILEDIR', $folder->path().'/'); 139 define('LOGFILE', LOGFILEDIR . 'z-push.log'); 140 define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log'); 141 142 // Syslog settings 143 // false will log to local syslog, otherwise put the remote syslog IP here 144 define('LOG_SYSLOG_HOST', false); 145 // Syslog port 146 define('LOG_SYSLOG_PORT', 514); 147 // Program showed in the syslog. Useful if you have more than one instance login to the same syslog 148 define('LOG_SYSLOG_PROGRAM', 'z-push'); 149 // Syslog facility - use LOG_USER when running on Windows 150 define('LOG_SYSLOG_FACILITY', LOG_LOCAL0); 151 152 // Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem' 153 // Uncomment and modify the following line if the validation of the certificates fails. 154 // define('CAINFO', '/etc/ssl/certs/EmailCA.pem'); 155 156/********************************************************************************** 157 * Mobile settings 158 */ 159 // Device Provisioning (for remote wipe possible) 160 define('PROVISIONING', isset(\GO::config()->zpush2_provisioning)?\GO::config()->zpush2_provisioning:false); 161 162 // This option allows the 'loose enforcement' of the provisioning policies for older 163 // devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution 164 // false (default) - Enforce provisioning for all devices 165 // true - allow older devices, but enforce policies on devices which support it 166 define('LOOSE_PROVISIONING', isset(\GO::config()->zpush2_loose_provisioning)?\GO::config()->zpush2_loose_provisioning:false); 167 168 // The file containing the policies' settings. 169 // Set a full path or relative to the z-push main directory 170 define('PROVISIONING_POLICYFILE', 'policies.ini'); 171 172 // Default conflict preference 173 // Some devices allow to set if the server or PIM (mobile) 174 // should win in case of a synchronization conflict 175 // SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins 176 // SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default) 177 define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM); 178 179 // Global limitation of items to be synchronized 180 // The mobile can define a sync back period for calendar and email items 181 // For large stores with many items the time period could be limited to a max value 182 // If the mobile transmits a wider time period, the defined max value is used 183 // Applicable values: 184 // SYNC_FILTERTYPE_ALL (default, no limitation) 185 // SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS, 186 // SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS 187 define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL); 188 189 // Interval in seconds before checking if there are changes on the server when in Ping. 190 // It means the highest time span before a change is pushed to a mobile. Set it to 191 // a higher value if you have a high load on the server. 192 define('PING_INTERVAL', GO::config()->debug ? 5 : 120); 193 194 // Set the fileas (save as) order for contacts in the webaccess/webapp/outlook. 195 // It will only affect new/modified contacts on the mobile which then are synced to the server. 196 // Possible values are: 197 // SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname" 198 // SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename" 199 // SYNC_FILEAS_COMPANYONLY - fileas will be "Company" 200 // SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)" 201 // SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)" 202 // SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)" 203 // SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)" 204 // The company-fileas will only be set if a contact has a company set. If one of 205 // company-fileas is selected and a contact doesn't have a company set, it will default 206 // to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first 207 // option is selected for company). 208 // If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set 209 // SYNC_FILEAS_LASTFIRST will be used 210 define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST); 211 212 // Maximum amount of items to be synchronized per request. 213 // Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100. 214 // Exporting too much items can cause mobile timeout on busy systems. 215 // Z-Push will use the lowest provided value, either set here or by the mobile. 216 // MS Outlook 2013+ request up to 512 items to accelerate the sync process. 217 // If you detect high load (also on subsystems) you could try a lower setting. 218 // max: 512 - value used if mobile does not limit amount of items 219 define('SYNC_MAX_ITEMS', 512); 220 221 // The devices usually send a list of supported properties for calendar and contact 222 // items. If a device does not includes such a supported property in Sync request, 223 // it means the property's value will be deleted on the server. 224 // However some devices do not send a list of supported properties. It is then impossible 225 // to tell if a property was deleted or it was not set at all if it does not appear in Sync. 226 // This parameter defines Z-Push behaviour during Sync if a device does not issue a list with 227 // supported properties. 228 // See also https://jira.z-hub.io/browse/ZP-302. 229 // Possible values: 230 // false - do not unset properties which are not sent during Sync (default) 231 // true - unset properties which are not sent during Sync 232 define('UNSET_UNDEFINED_PROPERTIES', false); 233 234 // ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked 235 // in the semantic sanity checks and contacts with larger photos are not synchronized. 236 // This limitation is not being followed by the ActiveSync clients which set much bigger 237 // contact photos. You can override the default value of the max photo size. 238 // default: 5242880 - 5 MB default max photo size in bytes 239 define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880); 240 241 // Over the WebserviceUsers command it is possible to retrieve a list of all 242 // known devices and users on this Z-Push system. The authenticated user needs to have 243 // admin rights and a public folder must exist. 244 // In multicompany environments this enable an admin user of any company to retrieve 245 // this full list, so this feature is disabled by default. Enable with care. 246 define('ALLOW_WEBSERVICE_USERS_ACCESS', false); 247 248 // Users with many folders can use the 'partial foldersync' feature, where the server 249 // actively stops processing the folder list if it takes too long. Other requests are 250 // then redirected to the FolderSync to synchronize the remaining items. 251 // Device compatibility for this procedure is not fully understood. 252 // NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING. 253 define('USE_PARTIAL_FOLDERSYNC', false); 254 255 // The minimum accepted time in second that a ping command should last. 256 // It is strongly advised to keep this config to false. Some device 257 // might not be able to send a higher value than the one specificied here and thus 258 // unable to start a push connection. 259 // If set to false, there will be no lower bound to the ping lifetime. 260 // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). 261 define('PING_LOWER_BOUND_LIFETIME', false); 262 263 // The maximum accepted time in second that a ping command should last. 264 // If set to false, there will be no higher bound to the ping lifetime. 265 // The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes). 266 define('PING_HIGHER_BOUND_LIFETIME', false); 267 268 // Maximum response time 269 // Mobiles implement different timeouts to their TCP/IP connections. Android devices for example 270 // have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe, 271 // the answer will not be recieved and the device will send a new one overloading the server. 272 // There are three categories 273 // - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types 274 // - Medium timeout - server has up to 90 seconds to respond 275 // - Long timeout - server has up to 4 minutes to respond 276 // If a timeout is almost reached the server will break and sent the results it has until this 277 // point. You can add DeviceType strings to the categories. 278 // In general longer timeouts are better, because more data can be streamed at once. 279 define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI"); 280 define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail"); 281 282 // Time in seconds the device should wait whenever the service is unavailable, 283 // e.g. when a backend service is unavailable. 284 // Z-Push sends a "Retry-After" header in the response with the here defined value. 285 // It is up to the device to respect or not this directive so even if this option is set, 286 // the device might not wait requested time frame. 287 // Number of seconds before retry, to disable set to: false 288 define('RETRY_AFTER_DELAY', 300); 289 290/********************************************************************************** 291 * Backend settings 292 */ 293 // The data providers that we are using (see configuration below) 294 define('BACKEND_PROVIDER', "BackendGO"); 295 296/********************************************************************************** 297 * Search provider settings 298 * 299 * Alternative backend to perform SEARCH requests (GAL search) 300 * By default the main Backend defines the preferred search functionality. 301 * If set, the Search Provider will always be preferred. 302 * Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php) 303 */ 304 define('SEARCH_PROVIDER', ''); 305 // Time in seconds for the server search. Setting it too high might result in timeout. 306 // Setting it too low might not return all results. Default is 10. 307 define('SEARCH_WAIT', 10); 308 // The maximum number of results to send to the client. Setting it too high 309 // might result in timeout. Default is 10. 310 define('SEARCH_MAXRESULTS', 10); 311 312/********************************************************************************** 313 * Kopano Outlook Extension - Settings 314 * 315 * The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with 316 * functionality not provided by ActiveSync or not implemented by Outlook. 317 * For more information, see: https://wiki.z-hub.io/x/z4Aa 318 */ 319 // Global Address Book functionality 320 define('KOE_CAPABILITY_GAB', true); 321 // Synchronize mail flags from the server to Outlook/KOE 322 define('KOE_CAPABILITY_RECEIVEFLAGS', true); 323 // Encode flags when sending from Outlook/KOE 324 define('KOE_CAPABILITY_SENDFLAGS', true); 325 // Out-of-office support 326 define('KOE_CAPABILITY_OOF', true); 327 // Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF) 328 define('KOE_CAPABILITY_OOFTIMES', true); 329 // Notes support 330 define('KOE_CAPABILITY_NOTES', true); 331 // Shared folder support 332 define('KOE_CAPABILITY_SHAREDFOLDER', true); 333 // Send-As support for Outlook/KOE and mobiles 334 define('KOE_CAPABILITY_SENDAS', true); 335 // Secondary Contact folders (own and shared) 336 define('KOE_CAPABILITY_SECONDARYCONTACTS', true); 337 // Copy WebApp signature into KOE 338 define('KOE_CAPABILITY_SIGNATURES', true); 339 // Delivery receipt requests 340 define('KOE_CAPABILITY_RECEIPTS', true); 341 // Impersonate other users 342 define('KOE_CAPABILITY_IMPERSONATE', true); 343 344 // To synchronize the GAB KOE, the GAB store and folderid need to be specified. 345 // Use the gab-sync script to generate this data. The name needs to 346 // match the config of the gab-sync script. 347 // More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script) 348 define('KOE_GAB_STORE', 'SYSTEM'); 349 define('KOE_GAB_FOLDERID', ''); 350 define('KOE_GAB_NAME', 'Z-Push-KOE-GAB'); 351 352/********************************************************************************** 353 * Synchronize additional folders to all mobiles 354 * 355 * With this feature, special folders can be synchronized to all mobiles. 356 * This is useful for e.g. global company contacts. 357 * 358 * This feature is supported only by certain devices, like iPhones. 359 * Check the compatibility list for supported devices: 360 * http://z-push.org/compatibility 361 * 362 * To synchronize a folder, add a section setting all parameters as below: 363 * store: the ressource where the folder is located. 364 * Kopano users use 'SYSTEM' for the 'Public Folder' 365 * folderid: folder id of the folder to be synchronized 366 * name: name to be displayed on the mobile device 367 * type: supported types are: 368 * SYNC_FOLDER_TYPE_USER_CONTACT 369 * SYNC_FOLDER_TYPE_USER_APPOINTMENT 370 * SYNC_FOLDER_TYPE_USER_TASK 371 * SYNC_FOLDER_TYPE_USER_MAIL 372 * SYNC_FOLDER_TYPE_USER_NOTE 373 * flags: sets additional options on the shared folder. Supported are: 374 * DeviceManager::FLD_FLAGS_NONE 375 * No flags configured, default flag to be set 376 * DeviceManager::FLD_FLAGS_SENDASOWNER 377 * When replying in this folder, automatically do Send-As 378 * DeviceManager::FLD_FLAGS_CALENDARREMINDERS 379 * If set, Outlook shows reminders for these shares with KOE 380 * DeviceManager::FLD_FLAGS_NOREADONLYNOTIFY 381 * If set, Z-Push won't send notification emails for changes 382 * if the folder is read-only 383 * 384 * Additional notes: 385 * - on Kopano systems use backend/kopano/listfolders.php script to get a list 386 * of available folders 387 * 388 * - all Z-Push users must have at least reading permissions so the configured 389 * folders can be synchronized to the mobile. Else they are ignored. 390 * 391 * - this feature is only partly suitable for multi-tenancy environments, 392 * as ALL users from ALL tenents need access to the configured store & folder. 393 * When configuring a public folder, this will cause problems, as each user has 394 * a different public folder in his tenant, so the folder are not available. 395 396 * - changing this configuration could cause HIGH LOAD on the system, as all 397 * connected devices will be updated and load the data contained in the 398 * added/modified folders. 399 */ 400 401 $additionalFolders = array( 402 // demo entry for the synchronization of contacts from the public folder. 403 // uncomment (remove '/*' '*/') and fill in the folderid 404/* 405 array( 406 'store' => "SYSTEM", 407 'folderid' => "", 408 'name' => "Public Contacts", 409 'type' => SYNC_FOLDER_TYPE_USER_CONTACT, 410 'flags' => DeviceManager::FLD_FLAGS_NONE, 411 ), 412*/ 413 ); 414