🏢
Thunderbird@Work
  • Thunderbird@Work
  • Explore
    • Thunderbird release cycle
    • Best practices for installing and updating Thunderbird
  • Deploy
    • Deploy Thunderbird with MSI installers
    • Mission Control Desktop (MCD) - Thunderbird AutoConfig
  • Manage updates, policies & customization
    • Managing Thunderbird Updates
    • Managing Thunderbird policies
      • Customizing Thunderbird using policies.json
    • Group Policy Templates
    • Thunderbird Preferences Relevant to Enterprises
      • Customize Thunderbird's date and time formats
    • Thunderbird Enterprise Tips
Powered by GitBook
On this page
  • Using a custom CA certificate
  • Setup users to access LDAP information from the address book

Was this helpful?

  1. Manage updates, policies & customization

Thunderbird Enterprise Tips

Miscellaneous tips for deploying and using Thunderbird in enterprise or organizational contexts.

PreviousCustomize Thunderbird's date and time formats

Last updated 4 years ago

Was this helpful?

Some of the tips on this page have been drawn from the mailing list, which is an excellent resource for problem support and information.

Using a custom CA certificate

Scenario: The cert8.db file is created when Thunderbird creates a profile. I want the file to contain our custom CA certificate. Solution (needs testing):

  • Create a master file by manually importing the certificate into the cert8.db file from a new profile.

  • Copy that file into the defaults\profile subfolder of the Thunderbird

    program folder (e.g. C:\Program Files\Mozilla Thunderbird\defaults\profile on Windows).

  • If you then use that installation to create new profiles (thunderbird.exe -p), your customized cert8.db will be used for the new profiles.

  • Note: For existing profiles, you have to overwrite the cert8.db in each profile.

on the mailing list.

Setup users to access LDAP information from the address book

Scenario: How to automatically set up new or existing users of Thunderbird so they can access Active Directory LDAP information from their address books? Solution:

  • To create LDAP access when creating new users:

    • Unpack the installer, e.g. Thunderbird Setup XX.X.X.exe using an appropriate tool like .

    • Create a script called user.js with the required prefs for the LDAP server.

    • Place the user.js script into the core\defaults\profile folder of the unpacked corporate installer before starting to install.

  • To update existing users of Thunderbird with LDAP access:

    • Create the settings for the LDAP directory in a script with a filename of your choice via API functions like lockPref and defaultPref, e.g. LDAPupdate.cfg.

    • Then use the mechanism to apply them with a caller script in the defaults\pref subfolder of the user's Thunderbird program folder, e.g. autoconfig.js.

Example: Update existing users of Thunderbird with LDAP access

Create a JavaScript caller file named autoconfig.js in the following subfolder of the Thunderbird program folder:

  • For Windows, e.g.: C:\Program Files\Mozilla Thunderbird\defaults\pref

  • For Linux: /usr/lib/thunderbird/defaults/pref

Add the following content to autoconfig.js:

pref("general.config.obscure_value",0);
pref("general.config.filename","LDAPupdate.cfg");

Create a JavaScript configuration file named LDAPupdate.cfg and place it into the Thunderbird program folder, with code like the following:

defaultPref('ldap_2.autoComplete.directoryServer','ldap_2.servers.AutoGEN-CompanyNameLDAP');
defaultPref('ldap_2.autoComplete.useDirectory',true);
defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.dn','cn=your.email.here@companyname.com,ou=orgunit,dc=CompanyName,dc=com'); //this will vary for each company and each user, so it is set as default, but not locked so that users can set their correct values
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.saslmech',''); // SASL mechanism, if necessary
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.commentFormat',''); //Any additional LDAP attributes to display on the autocomplete window
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); //LDAP Attributes to Search for Autocomplete
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.nameFormat','[displayName]'); //LDAP Attribute for display name
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.description','CompanyName Autogenerated LDAP Directory'); //Human Readable description
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.filename','CompanyName-autogen-ldap.mab'); //Possibly where results are cached
defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.maxHits',300);
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.nameFormat','[displayName]');
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.uri','ldaps://ldapserver.CompanyName.com/ou=orgunit,dc=CompanyName,dc=com??sub?(objectclass=person)'); //this will vary for each company
defaultPref('ldap_2.servers.default.attrmap.DisplayName','displayName,gecos');
defaultPref('ldap_2.servers.default.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))');
defaultPref('ldap_2.servers.default.autoComplete.nameFormat','displayName');
defaultPref('mail.addr_book.quicksearchquery.format','?(or(FirstName,c,@V)(sn,c,@V)(DisplayName,c,@V))');

If you are already using Mission Control Desktop, add the second snippet (modified to suit your environment) to your existing auto-configuration file (e.g. thunderbird.cfg) and ignore the first snippet.

on the mailing list.

tb-enterprise
Read the complete discussion
7-Zip
Mission Control Desktop / AutoConfig
Read the complete discussion