The tips on this page have been drawn from the tb-enterprise mailing list.
For many more hints about preferences, see the page about preferences relevant to enterprises and organizations.
Using a private CA certificate
Question: The cert8.db file is created when Thunderbird creates a profile. I want the file to contain our private CA certificate.
Answer: Create a master file by manually importing the certificate into the cert8.db file from a new profile. After installing Thunderbird on client machines, copy that file to the program directory (for example, on Windows "C:\Program Files (x86)/Mozilla Thunderbird") into a "/defaults/profile" subdirectory.
Read the complete discussion on the mailing list.
Updating users to access LDAP
Question: How do I automatically update existing users so they can access Active Directory LDAP information from their address books?
Answer: It is relatively simple to create this access when creating new users (by adding user.js to the corporate install in the "core\defaults\profile" directory of the unpacked installer). However, it's a bit trickier to merge this information with an existing profile. The solution is to create the settings for the directory via lockPref and defaultPref and then use the Misssion Control Desktop / AutoConfig.
Under the '(Thunderbird install directory)\defaults\pref' directory, put a .js file (any valid filename with the JS extension should work) with the following content:
pref("general.config.obscure_value",0);
pref("general.config.filename","another-file.cfg.js");
Create a file named '(Thunderbird install directory)\another-file.cfg.js' and place the following code in it:
defaultPref('ldap_2.autoComplete.directoryServer','ldap_2.servers.AutoGEN-CompanyNameLDAP');
defaultPref('ldap_2.autoComplete.useDirectory',true);
defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.dn','[email protected],ou=orgunit,dc=CompanyName,dc=com'); //this will vary for each company and each user, so it is set as default, but not locked so that users can set their correct values
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.auth.saslmech',''); // SASL mechanism, if necessary
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.commentFormat',''); //Any additional LDAP attributes to display on the autocomplete window
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))'); //LDAP Attributes to Search for Autocomplete
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.autoComplete.nameFormat','[displayName]'); //LDAP Attribute for display name
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.description','CompanyName Autogenerated LDAP Directory'); //Human Readable description
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.filename','CompanyName-autogen-ldap.mab'); //Possibly where results are cached
defaultPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.maxHits',300);
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.nameFormat','[displayName]');
lockPref('ldap_2.servers.AutoGEN-CompanyNameLDAP.uri','ldaps://ldapserver.CompanyName.com/ou=orgunit,dc=CompanyName,dc=com??sub?(objectclass=person)'); //this will vary for each company
defaultPref('ldap_2.servers.default.attrmap.DisplayName','displayName,gecos');
defaultPref('ldap_2.servers.default.autoComplete.filterTemplate','(|(displayName=%v*)(sn=%v*)(cn=%v*)(uid=%v*))');
defaultPref('ldap_2.servers.default.autoComplete.nameFormat','displayName');
defaultPref('mail.addr_book.quicksearchquery.format','?(or(FirstName,c,@V)(sn,c,@V)(DisplayName,c,@V))');
If you are already using Mission Control Desktop, add the second snippet (modified to suit your environment) to your existing auto-configuration file and ignore the first snippet.
Read the complete discussion on the mailing list.