Provided by: kopano-utils_8.7.0-7ubuntu1.1_amd64
NAME
kopano-admin - Manages Kopano users and stores.
SYNOPSIS
kopano-admin ACTION [OPTION...]
DESCRIPTION
This tool can be used to create the public store and to add, update and remove users from Kopano. The storage server must be running for kopano-admin to work. If no action is given, a listing of the possible parameters is printed. When invalid actions or not enough options for an action are given, an error message is printed. When using LDAP as the users source, create, modify and delete actions are done in the LDAP tree and not using the kopano-admin tool. Please see the EXTERNAL USERS() section for more information.
ACTIONS
kopano-admin needs an action command with the appropriate options. Valid actions are: -s Create a public store. No other options are needed. Only one public store can be created. Successive calls will fail. -c username Create a new user, -p, -f and -e options are required, -a and -n parameters are optional. To set a password using a password prompt, use the -P option in stead of -p. -d username Delete a user. No other options are needed. The deleted store of the user will be marked as orphan store and can be restored with --hook-store -u username Update user information. Valid parameters are: [-p|-P], -f, -e, -a, -n and -U to update user information. Use: --qo, --qw, --qs or --qh to set quota levels. Use 0 with quota options to set as 'unlimited'. --enable-feature and --disable-feature to enable or disable specific features for users. This action is also required for all options to control the autoaccept of meeting requests. See the --mr-accept, --mr-decline-conflict and --mr-decline-recurring options. -g groupname Create a new group. Valid parameters are: -e --update-group groupname Update group information. Valid parameters are: -e -G groupname Delete a group. No other options are needed. -b username Add a user to a group. Use the -i to set the groupname. -B username Remove a user from a group. Use the -i to set the groupname. -l, --list-users List all users available in Kopano. When using an external user source, this action will implicitly synchronize all users in the external source, creating, updating and/or removing users and stores. -L, --list-groups List all groups available in Kopano. When using an external user source, this action will implicitly synchronize all groups in the external source, creating updating and/or removing groups and memberships. --list-companies List all tenans available in Kopano. When using an external user source, this action will implicitly synchronize all tenants in the external source, creating updating and/or removing companies. This option is only available in multi-tenancy Kopano --details name Show all the details of a user, showing the fullname, e-mailaddress, active state, administator state, group memberships and quota settings. Optionally use --type to indicate for what kind of object the details are being requested. Note: This function does not synchronize with the external user plugin. Thus changes from e.g. LDAP will not be set during this function. --type type Additional argument for --details. The argument with this option indicates for what type of object the details are being requested. Allowed values are 'user', 'group' or 'company' When this option is not used, it defaults to 'user' --create-company companyname Create a new tenant space. Use: --qo, --qw, --qs, --qh to set quota levels for the tenant. Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the tenant. This option is only available in multi-tenancy Kopano. --update-company companyname Update an existing tenant space. Use: --qo, --qw, --qs, --qh to set quota levels for the tenant. Use: --udqo, --udqw, --udqs, --udqh to set the default quota levels for the users inside the . This option is only available in multi-tenancy Kopano. --delete-company companyname Delete company space. This option is only available in multi-tenancy Kopano. --set-system-admin companyname Set system administrator for the tenant specified by -I. Please be aware that this option does not provide the user with administrator privileges. The system administrator is considered the main contact person for a company, it will for example be used as default sender for quota warning emails. This option is only available in multi-tenancy Kopano. --add-to-viewlist companyname Add tenant 'companyname' to remote-view list of company specified by -I. After this command the 'companyname' is capable of viewing all members of the company specified by -I. This option is only available in multi-tenancy Kopano. --del-from-viewlist companyname Delete company 'companyname' from remote-view list of tenant specified by -I. After this command the 'companyname' is no longer capable of viewing all members of the tenant specified by -I. This option is only available in multi-tenancy Kopano. --list-view List all tenants in the remote-view list of the tenant specified by -I. The tenants in this list are able to view all members of the specified tenant in their Address Book. This option is only available in multi-tenancy Kopano. --add-to-adminlist username Add user 'username' to remote-admin list of tenant specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument. Users can only be administrator over a different company when they have also been granted view privileges, can be granted by using the --add-to-viewlist. This option is only available in multi-tenancy Kopano. --del-from-adminlist username Delete user 'username' from remote-admin list of company specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument. This option is only available in multi-tenancy Kopano. --list-admin List all users in the remote-admin list of the tenant specified by -I. This is the administrator list for remote administrators, as such it only manages administrators from a different tenant. Users who should be administrator over their own tenant are managed by updating (-u) the user and specifying the -a argument. Users can only be administrator over a different tenant when they have also been granted view privileges, can be granted by using the --add-to-viewlist. This option is only available in multi-tenancy Kopano. --add-userquota-recipient user Add 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on. --del-userquota-recipient user Delete 'user' as recipient to userquota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on. --list-userquota-recipients List all additional recipients for a userquota warning email. Use -I to request the recipient list for a particular tenant space. --add-companyquota-recipient user Add 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on. --del-companyquota-recipient user Delete 'user' as recipient to tenant quota warning emails. You can optionally use -I to set the tenant space to apply the recipient action on. --list-companyquota-recipients List all additional recipients for a tenant quota warning email. Use -I to request the recipient list for a particular tenant space --list-sendas user List all users who are able to directly send an email as user. This has been set in the LDAP server, or with the --add-sendas command for Unix and DB plugins. Optionally use --type to indicate for what kind of object the sendas details are being requested. --clear-cache Clears the server's caches. All data cached inside the kopano-server is cleared. Although this can never cause any data loss, it can affect the performance of your server, since any data requested after the cache is cleared needs to be re-requested from the database or LDAP server. Normally this option is never needed; it is mostly used as a diagnostics tool. Optionally use --clear-cache= to specify a set of purge options. The following options can be used: 0x0000 Release no longer used memory back to the kernel 0x0001 Purge the quota cache 0x0002 Purge the quota default cache 0x0004 Purge the object cache 0x0008 Purge the store cache 0x0010 Purge the ACL cache 0x0020 Purge the cell cache 0x0040 Purge the index1 cache 0x0080 Purge the index2 cache 0x0100 Purge the indexproperty cache 0x0200 Purge the user object cache 0x0400 Purge the externid cache 0x0800 Purge the userdetails cache 0x1000 Purge the server cache --purge-softdelete days Starts a softdelete purge on the server, removing all soft-deleted items which have been deleted days days ago, or earlier --purge-deferred The server has an optimization in which changes to the tproperties table are not writted directly, but delayed for a more efficient write at a later time. The server auto-purges these regularly. This command allows you to purge all changes pending. It may be useful to run this during low I/O load of your server (eg at night). --list-orphans When a user is removed, the store becomes orphaned. This option shows a list of stores that are not hooked to a user. You can use the --remove-store and --hook-store from this list. --hook-store store-guid You can hook an orphaned store to an existing user, so you may access the store again. Use the -u username to specify the user to hook the store to. You can copy an orphaned store to the public store. Use the --copyto-public to copy the store to the public folder named 'Admin/deleted stores'. This folder is then only visible for users with Kopano admin privileges. To hook a public store, use --type group/company to influence the name type in the -u switch. To hook an archive store, use --type archive. --remove-store store-guid Use this action to remove the store from the database. The store is actually just marked as deleted, so the softdelete system can remove the store from the database. --create-store username This action will create a store for a newly created user, and is normally called through the createuser script. If the --list-orphans action listed users without a store, you can create a new store for those users with this command. --unhook-store username You can unhook a store from a user, so you can remove the store and create a new one. To unhook a public store, use the --type group/company option to influence the name type in the username argument. Use a company name with type company or 'Everyone' with type group to unhook the public. To unhook an archive store, use --type archive. --force-resync usernames You can force a resync of cached profiles when the data is out of sync. One or more usernames can be specified. If no usernames are given, all offline profiles can be resynced. --reset-folder-count username Reset the counters on all folders in username's store. --user-count Shows an overview of user counts per type of user
OPTIONS
The options used by actions are as follows: --verbose level Set the verbosity level (0=critical, ..., 6=debug). -v Increases the verbosity level by one, up to the maximum of 6. -U 'new username' Use this parameter to rename a user. This option is only valid with the -u update action. -p, --password password Set password for a user. This option is only valid with the -c create or -u update action. -P, --password-prompt Set password for a user. The password can be entered on the password prompt. The password will not be shown. This option is only valid with the -c create or -u update action. -f, --fullname 'full name' Specify full user name. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action. -e, --email 'email address' Specify the email address. This address will be used to set the 'From' email address in outgoing email messages. Use single quotes around the name to pass it as a single parameter. This option is only valid with the -c create or -u update action. -a [yes|y|1|2 / no|n|0] Set the user as administrator by passing 'yes'. When passing 'no', administrator rights will be revoked from the user. This option is only valid with the -c create or -u update action. It is also possible to pass 2 as administrator level, this will make the user a system administrator who can create/modify/delete companies. -n [yes|y|1 / no|n|0] Specify a non-active user. This user cannot login, but email can be delivered, and the store can be opened by users with correct rights. --qo [yes|y|1 / no|n|0] Override the default server quota settings for this user. User specific quota levels will used. The default value of this option is 'no', always using server quota levels. This option is only valid with the -c create or -u update action. --qw value in Mb Set the warning quota level for a user. The user may receive a warning email when this level is reached. See kopano-monitor(8) for warning emails. This option is only valid with the -c create or -u update action. --qs value in Mb Set the soft quota level for a user. The user will be unable to receive new emails, bouncing the email back to the sender. This option is only valid with the -c create or -u update action. --qh value in Mb Set the hard quota level for a user. The user will be unable to receive and create new emails. This option is only valid with the -c create or -u update action. --udqo [yes|y|1 / no|n|0] Override the default server quota settings for all user within the specified tenant. default value of this option is 'no', always using server quota levels. --udqw value in Mb Set the warning quota level for all users within the specified tenant. The user may receive a warning email when this level is reached. See kopano-monitor(8) for warning emails. --udqs value in Mb Set the soft quota level for all users within the specified tenant. The user will be unable to receive new emails, bouncing the email back to the sender. See kopano- monitor(8) for warning emails. --udqh value in Mb Set the hard quota level for all users within the specified tenant. The user will be unable to receive and create new emails. See kopano-monitor(8) for warning emails. -i groupname This sets the groupname for -b and -B actions. -I companyname This sets the companyname for all user, group and tenant commands. This option is only available for multi-tenancy Kopano. --mr-accept [yes|y|1 / no|n|0] Specified that meeting requests should automatically be accepted for a user. This means that when a meeting request is sent to this user when specified as being a 'resource', the request will directly be honoured and written to the calendar. This is a client-side action and this setting therefore does not affect actual meeting requests being delivered via kopano-dagent. The user on which to operate is select using the -u switch. --mr-decline-conflict [yes|y|1 / no|n|0] This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-conflict, meeting requests that conflict with an existing meeting will be declined. The user on which to operate is select using the -u switch. --mr-decline-recurring [yes|y|1 / no|n|0] This option only has effect when --mr-accept=yes is in effect. When specifying --mr-decline-recurring, meeting requests that are recurring will be declined. The user on which to operate is select using the -u switch. --add-sendas sender Add user sender to the list of the senders you're updating as a 'send as' user. The sender can now send mails under the updated user's name, unless the updated user sets the sender as a delegate. When the sender is a delegate, the mail will be sent with 'On behalf of' markings in the email. This option is only valid with the -u and --update-group update action. --del-sendas sender Remove user sender from the list of the senders you're updating as a 'send as' user. This option is only valid with the -u and --update-group update action. --lang language Use language to create new stores; this means that folders in the new store will be in the language specified. Only valid in combination with --create-store. When this options in not specified, the system default will be selected according the LC_* and LANG environment variables, depending on your OS. --utf8 Force the current locale to UTF-8 Other options to control the connection to the kopano-server are: --host, -h path Connect to the storage server through path, e.g. file:///path/to/socket. Default: file:///var/run/kopano/server.sock. This option can always be specified. --node name Execute the command on cluster node namereplaceable> --config file Use a configuration file. See the CONFIG() section for more information. Default: /etc/kopano/admin.cfg
CONFIG
Normally, no configuration file is used or required. If the file /etc/kopano/admin.cfg exists, it is used as configuration file, but no error checking is performed. This way, you can use any config file from a kopano program, e.g. kopano-spooler or kopano-dagent, to load SSL settings. The following options can be set in the configuration file: server_socket Unix socket to find the connection to the Kopano server. Default: file:///var/run/kopano/server.sock sslkey_file Use this file as key to logon to the server. This is only used when server_socket is set to an HTTPS transport. See the kopano-server(8) manual page on how to setup SSL keys. Default: value not set. sslkey_pass The password of the SSL key file that is set in sslkey_file. Default: value not set.
EXAMPLES
For creating a user: kopano-admin -c loginname -p password -f 'Firstname Lastname' -e f.lastname@tenant.com For creating a non-login store: kopano-admin -c loginname -p password -f 'Firstname Lastname' -e f.lastname@tenant.com -n 1 For modifying the password and e-mail address: kopano-admin -u loginname -p newpass -e fistname@tenant.com For deleting a user: kopano-admin -d loginname For adding a user to a group: kopano-admin -b loginname -i groupname For setting a specific quota level for a user. Warning level to 80 Mb, soft level to 90 Mb and hard level to 100 Mb: kopano-admin -u loginname --qo yes --qw 80 --qs 90 --qh 100 For automatically accepting meeting requests for a user or resource: kopano-admin -u loginname --mr-accept y --mr-decline-conflict y --mr-decline-recurring n
EXTERNAL USERS
When the users are located in an external database, and the storage server is configured to use these users, a lot of commands from the kopano-admin tool make no sense anymore. An example of an external database, and currently the only option, is an LDAP database. The following actions can still be used, all other commands will be automatically triggered by changing the values in the LDAP server. -s: create public store. -l: list users known to Kopano. -L: list groups known to Kopano. --details username: show user details. --sync: trigger full synchronization for users and groups from the external source. When the users change in the external source, the Kopano server instantly synchronizes to these changes. There are two exceptions that need some extra attention, and these are when users are created or deleted. When a user is created, the createuser_script from the kopano-server.cfg(5) will be started to create a store for a user. Likewise, when deleting a user, the deleteuser_script from the kopano-server.cfg(5) will be started to delete a store from a user. The same is valid for creating and deleting a group and tenant, starting the creategroup_script/createcompany_script and deletegroup_script/deletecompany_script scripts respectively.
DIAGNOSTICS
Could not create user/store/public store. When you get this error, make sure the storage server and database server are running.
AUTHOR
Written by Kopano.
SEE ALSO
kopano-server(8), kopano-server.cfg(5)