From the homepage or the "Directories" page, click "Create user" and complete the new user information in the dialog box that opens:
The display name is generated automatically when the First and Last names are entered and cannot be edited.
Only fields marked with an asterisk (Last Name, Login and Password) are mandatory.
Accounts can be created with or without an email address:
The "Create" button (<Enter> key) quickly creates a user with the information entered in the dialog box and the following default settings:
These settings can be changed later in the admin console.
The "Create and edit" button (<Ctrl+Enter>) creates a user with the information entered in the dialog box and the default settings, and automatically redirects you to the user settings editor.
From the homepage or the "Directories" page, go to "Directory Browser" and select the user from the list.
The user's information is shown in tabs:
The "General" tab shows the main user information -- account details, profile, group(s), password, time format settings...
It also allows you to set the user as the member or administrator of a root delegation.
The link "Edit group membership" opens a popup window showing the groups users belong to and can be edited.
To delete a group, click the corresponding "x". To add a group, simply type the group's name in the text box and validate it when suggested by autocomplete.
Administration rights have been expanded and you can now set which rights are granted to a user or a domain administrator. You can therefore specifically authorize them to manage:
Administrators are only able to delegate a right they have, except for access to applications -- e.g. even if they don't have a mail account or access to the Calendar application, they can enable "Mail and Contacts" or "Calendar and Tasks" for users they administrate.
Rights are organized into the following sections:
The rights granted can only be added to the rights inherited from a group: the rights assigned to a group the user belongs to cannot be unchecked in the user's page.
Applications can therefore be shown as unchecked but be available to a user regardless: the user belongs to a group for which the application is enabled. Make sure you check the groups the user may belong to (see above).
This is also what enables a newly-created user to have access to basic applications: when users are created, they belong to the "user" group which, by default, on a classic blank install, has access rights to the "Calendar and Tasks" and "Mail and Contacts" applications.
The "User Information" tab is used to complete user contact details.
User contact information belongs to the internal BlueMind directory and can be seen by all users. Only administrators are allowed to edit this information. Users themselves are unable to access this page or edit it.
The "Change own information" role now allows users to manage their own information details. Currently, changes can only be made by script with users' API keys. A management interface will be available soon in settings.
The "Mail settings" tab gives you access to mail-related settings:
Disk space quota: maximum storage space for a user's mailbox.
Quota usage is now visible with the progress bar shown in the screenshot above.
About space quotas
When disk space quota is enabled, the disk usage percentage is displayed permanently in Mail at the bottom of the left-hand pane and hovering with the mouse shows usage details:
Disk space quota usage is color-coded – orange = 75% used, dark red = 85% used, and red 100% used:
When a quota is reached, incoming emails are blocked. These messages can be kept on the server for a few days.
When a space quota has been reached, you can increase it manually and decrease it back to its original size at any time.
Main email address and alias: users can have as many email aliases as desired, on any or all domain users available.
The email address created when a user is created cannot be edited or deleted.
Identities allow users to write messages as an alias or a shared mailbox or to set up different signatures.
The sharing section is used to make a user's mailbox public (shared with all directory members) or customize its sharing options (share mailbox with specific users or groups only).
By default, when a user is created, sharing is disabled.
A mailbox's sharing rights can be set:
To find out more about sharing and privileges, go to the user's guide page: Mail preferences | §5 - Sharing
Since BlueMind 3.0.31, you can set up several addresses for email messages to be forwarded to.
Autocomplete looks for addresses in all user address books (directory, personal address books, etc.).
You can also add external addresses manually. These will not be added to collected addresses when messages are forwarded.
This section is used to enable or disable a user's vacation responder.
To find out more about configuration and sending rules, go to the user's guide page -- Mail preferences | §1 - General preferences
Filters lets you apply sorting rules and actions to be performed automatically on a user's incoming messages.
When archiving is enabled for the domain, it applies to all domain users. You can however customize archiving rules by group or by user, or enable individual archiving if no global domain policy has been set.
By default, domain settings are applied and can be seen in the user's section:
The Archive tab is used to:
enable individual archiving if no global domain archiving policy has been set.
The reverse is not possible -- archiving cannot be disabled for a user if it enabled for a domain or a group the user belongs to.
customize the disk space quota allocated to this user.
The quota cannot exceed the maximum domain quota: if you enter a number that exceeds it, it will be taken down to the maximum quota when you save.
The "Reset archive policy" box is used to reset the user's default values – either those of the group it belongs to, or the domain's if no specific settings have been set for the group:
The MiB (Mebibyte) is a multiple of a byte – not to be confused with the MB (megabyte) – it is equal to 1024 kebibytes, which itself is equal to 1024 bytes.
Therefore, 9 MiB equals 9.43718 MB.
This tab is used to manage user subscriptions to the address books available to them (personal address books or address books shared with them) as well as manage how their address books are shared with other users or groups.
Administrators are not, however, able to create address books for users.
The "Calendar settings" tab contains all user-specific parameters (working hours and days, items displayed, etc.) as well as sharing options and subscriptions (users or domains) for calendars shared with them:
Administrators cannot create additional calendars for users but they can manage how they are shared both for domain users and individuals outside BlueMind:
This tab is used to manage user to-do lists and users' subscriptions to lists shared with them:
This tab gives you access to maintenance features and user preferences:
The "Execute" button runs a "Validate and repair" operation on the user's account. This includes a series of operations that verify and correct – if needed – the user's integrity and their data in the BlueMind system – verification of the mailbox in Cyrus, calendar and address books containers, IMAP folders hierarchy, subscriptions, mail filters, etc.
This operation is the same as the following bm-cli command:
bm-cli maintenance repair email@example.com
The link in this section can be accessed by the admin0 superadministrator or any other administrator with the role "Sudo (elevated privileges)". This link is used to access the user's BlueMind, i.e. it logs into BlueMind in their place without them having to give their password.
You can change/reset the user's BlueMind login password without knowing their old password.
From version 3.5.14, BlueMind has a more detailed password management and expiry policy.
If the password has been changed, this section now shows the date and time when it was changed and who changed it (an administrator or a user).
This information isn't retroactive -- dates prior to the server update to 3.5.14 are not shown.
For users created after the 3.5.14 version update, the change date may be the user's creation date.
From BlueMind v.3.5.15, you have two options:
To enable either of these options, check the corresponding box and click "Save" at the bottom of the page.
The password expiry policy does not apply to users imported from an AD or LDAP directory.
This section gives you access to indexing operations for a user's mailbox:
This section is used to manage user mobile devices: authorizations, synced devices, reset, remote wipe.
Users can be suspended. This allows you to block access to a user without deleting the data associated with them. As a result, users can be reactivated later and their account returns to its previous state.
To suspend a user:
To delete one or several users completely and permanently, go to the page Directories > Directory Browser.
In the list of users, check the box at the beginning of the row for the user(s) you want to delete and click "Delete". You are then prompted to confirm deletion. Once you confirm, the user(s) and all their data will be deleted permanently.
BlueMind allows you to restore a user by retrieving an earlier backup. Please refer to the "restore a backup" feature, which enables you to restore all or part of a user's data. Changes made to data since the last backup cannot be recovered.
To make user passwords more secure, you can install the "Password SizeStrength" plugin which lets you set strict password rules.
aptitude install bm-plugin-core-password-sizestrength
To complete installation, you must restart BlueMind:
Once the plugin is installed, it can be configured via file
/etc/bm/password.ini, whose default installation values are:
length=10 capital=1 digit=1 lower=1 special=1
length: the minimum number of characters the password must contain
capital: the minimum number of capital letters the password must contain
digit: the minimum number of digits the password must contain
lower: the minimum number of lowercase letters the password must contain
special: the minimum number of special characters the password must contain. Special characters are:
These rules do not apply to administrators (global administrator admin0 or domain administrators) whose choice of password continues to be free.
If a user fails to comply with these rules when they attempt to modify their password, an alert will be displayed at the top of their page: