Thunderbird Enterprise Tips

Miscellaneous tips for deploying and using Thunderbird in enterprise or organizational contexts.

Some of the tips on this page have been drawn from the tb-enterprise mailing list, which is an excellent resource for problem support and information.

Using a custom CA certificate

Scenario: The cert8.db file is created when Thunderbird creates a profile. I want the file to contain our custom CA certificate. Solution (needs testing):

  • Create a master file by manually importing the certificate into the cert8.db file from a new profile.

  • Copy that file into the defaults\profile subfolder of the Thunderbird

    program folder (e.g. C:\Program Files\Mozilla Thunderbird\defaults\profile on Windows).

  • If you then use that installation to create new profiles (thunderbird.exe -p), your customized cert8.db will be used for the new profiles.

  • Note: For existing profiles, you have to overwrite the cert8.db in each profile.

Read the complete discussion on the mailing list.

Setup users to access LDAP information from the address book

Scenario: How to automatically set up new or existing users of Thunderbird so they can access Active Directory LDAP information from their address books? Solution:

  • To create LDAP access when creating new users:

    • Unpack the installer, e.g. Thunderbird Setup XX.X.X.exe using an appropriate tool like 7-Zip.

    • Create a script called user.js with the required prefs for the LDAP server.

    • Place the user.js script into the core\defaults\profile folder of the unpacked corporate installer before starting to install.

  • To update existing users of Thunderbird with LDAP access:

    • Create the settings for the LDAP directory in a script with a filename of your choice via API functions like lockPref and defaultPref, e.g. LDAPupdate.cfg.

    • Then use the Mission Control Desktop / AutoConfig mechanism to apply them with a caller script in the defaults\pref subfolder of the user's Thunderbird program folder, e.g. autoconfig.js.

Example: Update existing users of Thunderbird with LDAP access

Create a JavaScript caller file named autoconfig.js in the following subfolder of the Thunderbird program folder:

  • For Windows, e.g.: C:\Program Files\Mozilla Thunderbird\defaults\pref

  • For Linux: /usr/lib/thunderbird/defaults/pref

Add the following content to autoconfig.js:


Create a JavaScript configuration file named LDAPupdate.cfg and place it into the Thunderbird program folder, with code like the following:

defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.dn','[email protected],ou=orgunit,dc=CompanyName,dc=com'); //this will vary for each company and each user, so it is set as default, but not locked so that users can set their correct values
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.saslmech',''); // SASL mechanism, if necessary
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.commentFormat',''); //Any additional LDAP attributes to display on the autocomplete window
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); //LDAP Attributes to Search for Autocomplete
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.nameFormat','[displayName]'); //LDAP Attribute for display name
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.description','CompanyName Autogenerated LDAP Directory'); //Human Readable description
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.filename','CompanyName-autogen-ldap.mab'); //Possibly where results are cached
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.uri','ldaps://,dc=CompanyName,dc=com??sub?(objectclass=person)'); //this will vary for each company

If you are already using Mission Control Desktop, add the second snippet (modified to suit your environment) to your existing auto-configuration file (e.g. thunderbird.cfg) and ignore the first snippet.

Read the complete discussion on the mailing list.