Thunderbird Enterprise Tips

Miscellaneous tips for deploying and using Thunderbird in enterprise or organizational contexts.
Some of the tips on this page have been drawn from the tb-enterprise mailing list, which is an excellent resource for problem support and information.

Using a custom CA certificate

Scenario: The cert8.db file is created when Thunderbird creates a profile. I want the file to contain our custom CA certificate. Solution (needs testing):
  • Create a master file by manually importing the certificate into the cert8.db file from a new profile.
  • Copy that file into the defaults\profile subfolder of the Thunderbird
    program folder (e.g. C:\Program Files\Mozilla Thunderbird\defaults\profile on Windows).
  • If you then use that installation to create new profiles (thunderbird.exe -p), your customized cert8.db will be used for the new profiles.
  • Note: For existing profiles, you have to overwrite the cert8.db in each profile.
​Read the complete discussion on the mailing list.

Setup users to access LDAP information from the address book

Scenario: How to automatically set up new or existing users of Thunderbird so they can access Active Directory LDAP information from their address books? Solution:
  • To create LDAP access when creating new users:
    • Unpack the installer, e.g. Thunderbird Setup XX.X.X.exe using an appropriate tool like 7-Zip.
    • Create a script called user.js with the required prefs for the LDAP server.
    • Place the user.js script into the core\defaults\profile folder of the unpacked corporate installer before starting to install.
  • To update existing users of Thunderbird with LDAP access:
    • Create the settings for the LDAP directory in a script with a filename of your choice via API functions like lockPref and defaultPref, e.g. LDAPupdate.cfg.
    • Then use the Mission Control Desktop / AutoConfig mechanism to apply them with a caller script in the defaults\pref subfolder of the user's Thunderbird program folder, e.g. autoconfig.js.
Example: Update existing users of Thunderbird with LDAP access
Create a JavaScript caller file named autoconfig.js in the following subfolder of the Thunderbird program folder:
  • For Windows, e.g.: C:\Program Files\Mozilla Thunderbird\defaults\pref
  • For Linux: /usr/lib/thunderbird/defaults/pref
Add the following content to autoconfig.js:
Create a JavaScript configuration file named LDAPupdate.cfg and place it into the Thunderbird program folder, with code like the following:
defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.dn','[email protected],ou=orgunit,dc=CompanyName,dc=com'); //this will vary for each company and each user, so it is set as default, but not locked so that users can set their correct values
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.saslmech',''); // SASL mechanism, if necessary
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.commentFormat',''); //Any additional LDAP attributes to display on the autocomplete window
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); //LDAP Attributes to Search for Autocomplete
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.nameFormat','[displayName]'); //LDAP Attribute for display name
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.description','CompanyName Autogenerated LDAP Directory'); //Human Readable description
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.filename','CompanyName-autogen-ldap.mab'); //Possibly where results are cached
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.uri','ldaps://,dc=CompanyName,dc=com??sub?(objectclass=person)'); //this will vary for each company
If you are already using Mission Control Desktop, add the second snippet (modified to suit your environment) to your existing auto-configuration file (e.g. thunderbird.cfg) and ignore the first snippet.
​Read the complete discussion on the mailing list.