Tag Archives: mozilla

LDAP Queries in Mission Control Desktop

Previously, we saw that Mozilla MCD can inspect a user’s environment using getEnv().  It can also retrieve information from an LDAP directory.  I use this feature to inform Firefox and Thunderbird of the user in detail.  The corporate directory knows the user’s full name, mail server and authentication credentials.  autoconfig takes this and, among other useful things, constructs an email account for Thunderbird without user intervention.

The javascript API to deal with LDAP is a bit hackish, however it is all we have.  The first task is to define a function called processLDAPValues() which accepts a queryResults string as its only argument.  Inside processLDAPValues you extract return data from queryResults.

Instead of invoking processLDAPValues() directly, you call getLDAPAttributes() which in turn gets you to your function.  To illustrate, here is the code I use to query the corporate directory server and save the values for later use.

var userInfo = new Object();  // This will hold LDAP results
 
userInfo.envUser = getenv("LOGNAME");   // Unix UID
userInfo.envHome = getenv("HOME");      // User home directory
 
var ldapHost = "ldap.example.com";
var ldapBase = "dc=example,dc=com";
 
if( userInfo.envUser )
{  var ldapFilter = "uid=" + userInfo.envUser;  }
else
{  throw("Couldn't get UID from the environment");  }
 
// LDAP attributes to retrieve from the server
var ldapAttrs = new Array( "cn", "email", "employeenumber", "givenname", "mailhost", "sn", "uid" );
 
// Define how to process LDAP results before we make the call
function processLDAPValues(queryResults)
{  if( queryResults )
   {  // Build the userInfo object for later use
      for( var attr in ldapAttrs )
      {  userInfo[ ldapAttrs[attr] ] = getLDAPValue( queryResults, ldapAttrs[attr] );  }
   } else
   {  throw( "No LDAP results" );  }
}
 
// Call upon LDAP for the values in ldapAttrs array
// Uses the previous processLDAPValues()
getLDAPAttributes( ldapHost, ldapBase, ldapFilter, ldapAttrs.join(",") );

The first thing I do is create a userInfo object that will hold LDAP results for use later in the autoconfig.  To that object I add attributes for the user’s login name and home directory.

The next bit sets variables to contain the directory server’s hostname, base DN and the LDAP filter to use in the search. It’s a good idea to throw an error if there is no $LOGNAME.  (In a later post I will show how to enhance autoconfig error reporting.)

The ldapAttrs array names the attributes I want to return from LDAP.  Change this array to suit your environment.  The last line of code joins the array together with commas and feeds it to getLDAPAttributes along with the hostname, base DN and filter.  getLDAPAttributes is defined in MOZILLA_HOME/defaults/autoconfig/prefcalls.js and does the work to perform the query, then call your predefined processLDAPValues() function.

The example autoconfig script at developer.mozilla.org set preferences inside processLDAPValues, however this is a bad convention.  There are many preferences that require user information and separating pref() calls away from the main block of preference setting can be confusing.  As you can see here I simply run through the array of attributes I’m interested in and get the result from the LDAP query for that attribute, assigning it to the userInfo object.

Later on in the script I ask the userInfo object for those stored LDAP attributes. To set the hostname of the user’s mail server, for example, I call

// IMAP server name from corporate LDAP directory
defaultPref("mail.server.server1.hostname", userInfo.mailhost );

LDAP directories are a great resource. What attributes could you store in your corporate server?

Setting User Preferences with Mission Control Desktop

A challenge with software

Managing software for thousands of users presents a formidable challenge to the system administrator. Publishing corporate policy, using standard environments and providing clear end-user documentation helps. However, it doesn’t beat automatically doing it right.  This is the power of MCD autoconfig.

In an earlier post, I introduced MCD as a way to configure Mozilla products (Firefox, Thunderbird, Prism, etc) and provided background on building them with autoconfig support.  This post covers how to get started with the standard javascript API.  In forthcoming posts I’ll detail the useful enhancements I built using this API.

The environment

First, a quick rehash of my world.  I work in a Solaris shop with over 33,000 users.  Supported users log into a shared Sun Ray server or their personal workstation which mounts a shared NFS directory.  That directory houses the software I support along with about 700 other programs.

While this post is unix-centric, other operating environments that launch managed software can make use of MCD. See the introductory post for  a little more detail.

Mozilla Preference System

Firefox and Thunderbird use a simple preference tree to store all configuration options. Leaves of the tree are strings that store the option’s value.  For example, the preference browser.startup.homepage is a string containing the URL(s) of Firefox’s homepage.  mail.forward_message_mode contains an integer indicating how Thunderbird should forward email messages (inline or as an attachment).  You can find every available setting and their values in the config editor for Thunderbird and about:config in Firefox.

When a user changes his or her preferences the changed values are stored in a file called prefs.js in their home directory. On my MacOS laptop, this is $HOME/Library/Application Support/Firefox/Profiles/kzssiknu.default.

The Application Programming Interface

The autoconfig acts on preferences through a javascript API defined in the file MOZILLA_LIB_DIR/defaults/autoconfig/prefcalls.js.  I will talk about the most useful in this post and cover the LDAP parts of the API later.

// Used most often
function defaultPref(prefName, value);
function lockPref(prefName, value);
// Sometimes used
function displayError(funcname, message);
function getenv(name);

defaultPref() and lockPref()

These two functions perform the bulk of work in an autoconfig script.  A default preference setting may be overridden by the user, but a locked preference may not.

getenv() and displayError()

getenv() acts as you would expect from its name. This function returns the value of an environment variable.  I use it to get $USER and $HOME. displayError() pops up an error message.  It is useful for debugging, but a user should rarely see it.

Putting it all together

We now have some basic building blocks to configure thousands of users. Here is a look at a simple autoconfig.js file for Firefox.  These settings will apply to every user.

// Catch errors
try
{
   // Set  downloads directory to a folder on the user's desktop
   var download_dir = getenv("HOME") + "/Desktop/Downloads";
   defaultPref("browser.download.defaultFolder", download_dir);
   defaultPref("browser.download.dir", download_dir);
   defaultPref("browser.download.downloadDir", download_dir);
   defaultPref("browser.download.folderList", 2);kk
 
   // Length of Time to Remember Visited Pages For (Days) - 30
   defaultPref("browser.history_expire_days", 30);
 
   // Automatically Add 'www.' and '.com' to the Location if a Web Page is Not Found - Enabled
   defaultPref("browser.fixup.alternate.enabled", true);
 
   // Lock the cache size to 60MB for shared performance
   lockPref("browser.cache.memory.capacity", 60000);
   lockPref("browser.cache.disk.capacity", 60000);
 
   // fix memory usage with lots of tabs
   lockPref("browser.sessionhistory.max_total_viewers", 2);
 
   // Set animated images to loop once
   defaultPref("image.animation_mode", "once");
 
} catch(e)
{
   displayError("autoconfig.js failed", e);
}

Learning preference strings

Finding the right preference setting or combination of preferences that change the program’s behavior sometimes presents a challenge.  I use the About:config entries page on the Mozilla Zine knowledge base.  That page also has a pointer to three more resources.

Another technique is to watch your own prefs.js file for changes when you twiddle settings.  Save a copy of prefs.js before flipping a preference.  Immediately quit the application after the change and diff the two files.

[Edit: I wrote up an entire post on this subject.]

Using LDAP and more fun things to do

In following posts I will cover retrieving information from LDAP, better error reporting, reading local files like $HOME/.printers, and simplifying Thunderbird email account management. Stay tuned.

An Introduction To Mission Control Desktop

What is MCD?

MCD (aka AutoConfig) is a script used to programmatically configure Mozilla products such as Firefox and Thunderbird in the enterprise for multiple users.  Part of my job is to ensure 33,385 people have the right settings to check their email and browse the web.  Centralizing their set up with autoconfig removes the burden from the user.

Why write about it?

Documentation on MCD is old, but not exactly out of date.  The basics of autoconfig have not changed since the age of the Netscape browser.  From trolling newsgroups, IRC and Google, I know many people use MCD, but share little about the subject. (Some do.)  Over the course of my work I wrote object prototypes, extended error reporting and generally tried to make using this bit of javascript easier. I want to reach out to the community and give a little back.

A quick run-through

Most people think of javascript as a browser technology. But, MCD has access to XPCOM, a bridge between C++ libraries and javascript, which gives the developer power to poke at Mozilla internals.  When Thunderbird (Firefox, Seamonkey, etc) launches, it executes a javascript script that makes use of a configuration API.

The autoconfig sets preferences exactly as a user would using about:config. It can also render preferences immutable, locking them down according to corporate policy.  When I inherited the script it was  simply a long string of preference directives with a little LDAP voodoo.

defaultPref("news.server_change_xaction", 0 );
defaultPref("mail.migration.copyMailFiles", false);
defaultPref("network.cookie.disableCookieForMailNews", false);
   lockPref("mail.remember_password", false);
defaultPref("javascript.allow.mailnews", false);
defaultPref("mail.addr_book.lastnamefirst", 1);
defaultPref("mail.toolbars.showbutton.file", false);
defaultPref("mail.toolbars.showbutton.junk", true);
defaultPref("mail.forward_message_mode", 2);
defaultPref("mailnews.wraplength", 72);
defaultPref("mail.wrap_long_lines", true);
defaultPref("mail.collect_email_address_outgoing", true);
defaultPref("mail.collect_email_address_incoming", true);

Not the easiest thing to grok.

After Thunderbird executes the autoconfig it starts up normally, applying saved user preferences. defaultPref settings are overridden by user preferences, but lockPref are not.

If you want to turn on a proxy server and force SSL in Firefox for every user it becomes easy to do:

// Set http proxy to your.server.domain
lockPref("network.proxy.http", "your.server.domain");
// Require and lock SSL
lockPref("network.proxy.ssl", true);

Details, implementation details

There are a number of things required to get MCD working.

Build *zilla (Firefox, Thunderbird, etc) with support

Your Mozilla product needs to be built with pref extension support. Add this to your .mozconfig file:

ac_add_options --enable-extensions=pref

To utilize LDAP (you do want to use LDAP, don’t you?) check the configure script for:

MOZ_LDAP_XPCOM=1

You can check about:buildconfig in Firefox to see if your build is good to go. While MCD documentation is sparse, the Mozilla Developer’s Center has plenty of build instructions.

Software distribution

I work in a Solaris world. Servers and desktops mount a shared NFS directory from a network of servers housing some 735 programs, including Firefox & Thunderbird.  The directory is mounted read-only so average users are not tempted to twiddle with the software.  Although I wrote this paper from a unix perspective the implementation will work in a Linux, Windows, or MacOS environment.  Mounting a shared software repository makes the system robust, however MCD works in a network of stand-alone desktops.

Breaking .cfg “encryption”

*zilla products first read a javascript configuration file in the lib directory called, for example, firefox.cfg.  In the beginning-time, Mozilla developers chose to ROT-7 encode the file, obscuring its contents from users.  When Netscape 7 came out, they did away with ROT-7 in favor of ROT-13. Many Firefox and Thunderbird .cfg files are still encoded this way using moz_byteshift.pl.

The rotary encoding is controlled by a setting in $MOZ_LIB_DIR/greprefs/all.js. At packaging time I patch this file, setting encoding to 0.

// ROT-encoding is bad, mmmkay?
pref("general.config.obscure_value", 0);  // for MCD .cfg files

This tells *zilla not to ROT-decode the .cfg file.

This shadowy file mojo likely came from the day of stand-alone workstations where users had root access and the software maintainers wanted to have just a little control over Netscape preferences.  Hiding the configuration file’s location gives you the illusion of control.

Now, the .cfg file is on a read-only mounted partition and nobody on the system has super-user level access. There is little danger of a user skirting corporate policy by turning off autoconfig.

Pointing *zilla at the autoconfig

When Firefox starts up it checks for and executes javascript a .cfg file giving it the autoconfig script’s path.

// $MOZ_LIB_DIR/firefox.cfg
// the output from the obscuration is still more readable than MORK!
lockPref("autoadmin.global_config_url","file:///path/to/firefox,v3.0.17/share/autoconfig.js");
lockPref("autoadmin.offline_failover", true);
lockPref("autoadmin.refresh_interval", 60);

I left the MORK comment line in there to remind me how far we’ve come already.

These directives:

  • Set the autoconfig url
  • Tell *zilla to automatically fail over to offline mode if online browsing fails
  • Re-fetch the autoconfig file every 60 minutes

Any URL *zilla understands is a valid value for autoadmin.global_config_url meaning you could house the autoconfig script on a web server.

Away you go

Now your Mozilla product will read and execute the javascript autoconfig script you indicated.  There you can set or lock application preferences using a specialized XPCOM API.  I will cover the API in a following post.