# Thunderbird Enterprise Tips Some of the tips on this page have been drawn from the [tb-enterprise](http://groups.google.com/group/tb-enterprise/) mailing list, which is an excellent resource for problem support and information. ## Using a custom CA certificate **Scenario:** The cert8.db file is created when Thunderbird creates a profile. I want the file to contain our custom CA certificate.\ \ **Solution (needs testing):** * Create a master file by manually importing the certificate into the cert8.db file from a new profile. * Copy that file into the `defaults\profile` subfolder of the Thunderbird program folder (e.g. `C:\Program Files\Mozilla Thunderbird\defaults\profile` on Windows). * If you then use that installation to create new profiles (thunderbird.exe -p), your customized cert8.db will be used for the new profiles. * Note: For existing profiles, you have to overwrite the cert8.db in each profile. [Read the complete discussion](https://groups.google.com/group/tb-enterprise/browse_thread/thread/a07fae23673961a0) on the mailing list. ## Setup users to access LDAP information from the address book **Scenario:** How to **automatically** set up new or existing users of Thunderbird so they can access Active Directory LDAP information from their address books?\ \ **Solution:** * To create LDAP access when creating *new* users: * Unpack the installer, e.g. `Thunderbird Setup XX.X.X.exe` using an appropriate tool like [7-Zip](https://www.7-zip.org). * Create a script called user.js with the required prefs for the LDAP server. * Place the user.js script into the `core\defaults\profile` folder of the unpacked corporate installer before starting to install. * To update *existing* users of Thunderbird with LDAP access: * Create the settings for the LDAP directory in a script with a filename of your choice via API functions like `lockPref` and `defaultPref`, e.g. `LDAPupdate.cfg`. * Then use the [Mission Control Desktop / AutoConfig](https://enterprise.thunderbird.net/deploy/mcd-thunderbird-autoconfig) mechanism to apply them with a caller script in the `defaults\pref` subfolder of the user's Thunderbird program folder, e.g. `autoconfig.js`. **Example**: Update *existing* users of Thunderbird with LDAP access Create a JavaScript caller file named `autoconfig.js` in the following subfolder of the Thunderbird program folder: * For Windows, e.g.: `C:\Program Files\Mozilla Thunderbird\defaults\pref` * For Linux: `/usr/lib/thunderbird/defaults/pref` Add the following content to `autoconfig.js`: ``` pref("general.config.obscure_value",0); pref("general.config.filename","LDAPupdate.cfg"); ``` Create a JavaScript configuration file named `LDAPupdate.cfg` and place it into the `Thunderbird program folder`, with code like the following: ``` defaultPref('ldap_2.autoComplete.directoryServer','ldap_2.servers.AutoGEN-CompanyNameLDAP'); defaultPref('ldap_2.autoComplete.useDirectory',true); defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.dn','cn=your.email.here@companyname.com,ou=orgunit,dc=CompanyName,dc=com'); //this will vary for each company and each user, so it is set as default, but not locked so that users can set their correct values lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.saslmech',''); // SASL mechanism, if necessary lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.commentFormat',''); //Any additional LDAP attributes to display on the autocomplete window lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); //LDAP Attributes to Search for Autocomplete lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.nameFormat','[displayName]'); //LDAP Attribute for display name lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.description','CompanyName Autogenerated LDAP Directory'); //Human Readable description lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.filename','CompanyName-autogen-ldap.mab'); //Possibly where results are cached defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.maxHits',300); lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.nameFormat','[displayName]'); lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.uri','ldaps://ldapserver.CompanyName.com/ou=orgunit,dc=CompanyName,dc=com??sub?(objectclass=person)'); //this will vary for each company defaultPref('ldap_2.servers.default.attrmap.DisplayName','displayName,gecos'); defaultPref('ldap_2.servers.default.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); defaultPref('ldap_2.servers.default.autoComplete.nameFormat','displayName'); defaultPref('mail.addr_book.quicksearchquery.format','?(or(FirstName,c,@V)(sn,c,@V)(DisplayName,c,@V))'); ``` If you are already using Mission Control Desktop, add the second snippet (modified to suit your environment) to your existing auto-configuration file (e.g. thunderbird.cfg) and ignore the first snippet. [Read the complete discussion](https://groups.google.com/forum/?fromgroups#!topic/tb-enterprise/KY0xH6wCYJw) on the mailing list.