I recently wrote about customizing Thunderbird for the initial four hundred users of our new mail server cluster, but I want to elaborate a bit on that since it may be useful to a number of people.

After a silent install of Thunderbird, a small program named jprofiler is executed on the client workstation. This program extracts an existing dummy Thunderbird profile from an archive into Thunderbird’s profile directory (on Windows that would be %APPDATA%\\Thunderbird\\Profiles) and then prompts the user for a username and a password. The user’s credentials are validated by invoking a simple web service over secure HTTP against an appropriately configured web server (in our case that is an Apache server with a .htaccess file which does basic authentication against an OpenLDAP LDAP server).

If the credentials are validated, the same GET request invokes a PHP script which retrieves the client’s username from the environment ($REMOTE_USER), binds to the LDAP directory and searches for the user’s details (e.g. e-mail address and common name or displayName attributes). The PHP script then produces a valid user.js file which is read by the client program and stored in the user’s Thunderbird profile directory. Voilá: simple but very effective. The jprofiler program can be invoked at any time to completely restore the user’s profile and settings from scratch, or simply to rebuild the preferences in her user.js file. I’ve also added a bit of logic which allows multiple profiles per Windows log-on, thereby allowing Thunderbird to be used by people who share a Windows user (of course, there is no protection against these users seeing or manipulating eachother’s messages).

I’d have liked to wrap all that around the mission control functionality of the Mozilla product, but that isn’t possible (at this point in time) because the currently packaged builds don’t include the feature set. Anyway, even if a user messes with her settings, the next time Thunderbird is restarted, the preferences from the user.js will take effect (unless of course, that is messed with…)

Mail and Apache :: 02 Feb 2006 :: e-mail