Difference between revisions of "PA Provider Deployment Guide"
Line 1: Line 1:
 
== Open-Xchange HE + Parallels Operations Automation - Integration Instructions==
 
== Open-Xchange HE + Parallels Operations Automation - Integration Instructions==
  
This document covers the installation and configuration instructions to integrate an already 
+
This document covers the basic installation and configuration instructions to integrate an Open­Xchange HE Server into a POA environment. It does not cover any OX setup tuning instructions. It should be used by POA or/and OX specialists since this configuration instructions require a very deep knowledge of both products.  
installed and configured Open­Xchange HE Server into a POA environment. It does not 
 
cover any normal OX setup instructions. It should be used by POA or/and OX specialists 
 
since this configuration instructions require a very deep knowledge of both products.  
 
  
For a list of default packages which should be installed on OX instance, please see end of this document.
 
  
 
Details about the APS package are listed on the [http://www.apsstandard.org/app/#search=Open-Xchange APS website]
 
Details about the APS package are listed on the [http://www.apsstandard.org/app/#search=Open-Xchange APS website]
 +
 +
Details about the APS package deployment/configuration within the POA environment can be found in the current "Application Hosting Deployment Guide" on the parallels.com website.
 +
 +
== Basic Installation of OX ==
 +
 +
Simply follow the guides to install Open-Xchange Hosting Edition on your favorite Linux distribution, but make sure you install the packages below instead of the default OX meta/packages provided in the manual, because POA integration needs a different set of software:
 +
 +
<pre>
 +
mysql-server open-xchange-meta-parallels
 +
</pre>
 +
 +
Important: Stop before step "Creating contexts and users " - this is not necessary since all administration of contexts and users will be handled via POA.
 +
 +
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_Debian_5.0<br>
 +
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_SLES10<br>
 +
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_SLES11<br>
 +
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_RHEL5
 +
 +
== Installation and Configuration of SOAP interface ==
 +
 +
To allow POA to provision contexts and users to Open-Xchange it is necessary to install the SOAP package on the OX server and configure it:
 +
 +
1. Login to your Open-Xchange server and install the packages "open-xchange-admin-soap" and  "open-xchange-axis2" via your package tool:
 +
 +
Example for Debian:<br>
 +
$ apt-get install open-xchange-admin-soap open-xchange-axis2
 +
 +
2. Restart the Open-Xchange services:<br>
 +
$ /etc/init.d/open-xchange-admin restart
 +
$ /etc/init.d/open-xchange-groupware restart
  
 
== 1. Installation of POA specific OX plugins ==
 
== 1. Installation of POA specific OX plugins ==
  
Please install following packages on the OX instance. These are mandatory for the POA   
+
Please install following packages on the OX server if not already done by the meta package specified above. These are mandatory for the POA   
 
integration:  
 
integration:  
  
Line 25: Line 51:
  
 
IMPORTANT:  
 
IMPORTANT:  
Make sure that you dont have any other „spamhandler“ package installed like „open-xchange-spamhandler-default“. Also make sure, that you dont have any other OX authentication package installed like „open-xchange-authentication-database“ and that you do not have package „open-xchange-mailfilter“ installed since POA mailserver does not have server side mailfilter rules(„sieve“) which can be used by OX. Additionally, don`t install following packages, since they are not needed for POA installation:
+
Make sure that you dont have any other „spamhandler“ package installed like „open-xchange-spamhandler-default“. Also make sure, that you dont have any other OX authentication package installed like „open-xchange-authentication-database“. Additionally, don`t install following packages, since they are not needed for POA installation:
 
<pre>
 
<pre>
 
open-xchange-admin-plugin-contextrestore, open-xchange-log4j, open-xchange-passwordchange-database, open-xchange-passwordchange-servlet
 
open-xchange-admin-plugin-contextrestore, open-xchange-log4j, open-xchange-passwordchange-database, open-xchange-passwordchange-servlet
Line 31: Line 57:
 
If already installed, please uninstall first!
 
If already installed, please uninstall first!
  
These packages contain POA specific plugins for authentication, branding and advanced antispam cababilities. After you installed these packages via your favorite package manager like apt or yum, please restart „open-xchange-groupware“ via approciate init script. To verify that the plugins are correctly loaded, please execute the command „listbundles“ which is located in /opt/open-xchange/sbin“ . It should return a list with all „ACTIVE“ bundles.  
+
These packages contain POA specific plugins for authentication, branding and advanced antispam cababilities. After you installed these packages via your favorite package manager like apt or yum, please restart „open-xchange-groupware“ via approciate init script. To verify that the plugins are correctly loaded, please execute the command „listbundles“ which is located in /opt/open-xchange/sbin“. It should return a list with all „ACTIVE“ bundles.  
  
 
If the bundle „com.openexchange.custom.parallels“ is not set to „ACTIVE“, please have a look at all OX logfiles located under „/var/log/open-xchange“ and watch out for error messages.
 
If the bundle „com.openexchange.custom.parallels“ is not set to „ACTIVE“, please have a look at all OX logfiles located under „/var/log/open-xchange“ and watch out for error messages.
Line 37: Line 63:
 
== 2. Configuration of POA specific OX plugins ==
 
== 2. Configuration of POA specific OX plugins ==
  
You have to switch some properties of OX, else the just installed plugins will not work correctly.  
+
You have to switch some properties of OX, else, the just installed plugins will not work correctly.  
  
 
a) To enable the OX-POA antispam functionality you must first edit file „/opt/open-xchange/etc/groupware/imap.properties“ and set property „com.openexchange.imap.spamHandler“ to value „SpamAssassin“.  
 
a) To enable the OX-POA antispam functionality you must first edit file „/opt/open-xchange/etc/groupware/imap.properties“ and set property „com.openexchange.imap.spamHandler“ to value „SpamAssassin“.  
Line 67: Line 93:
 
Make sure that the OX HOST IPs are added to "/etc/mail/spamassassin/allowed_ips" on the POA antispam/mail server. Else OX can not connect to POA spamassasin to learn new mails and you will get "connection reset" errors in open-xchange logfile.
 
Make sure that the OX HOST IPs are added to "/etc/mail/spamassassin/allowed_ips" on the POA antispam/mail server. Else OX can not connect to POA spamassasin to learn new mails and you will get "connection reset" errors in open-xchange logfile.
  
2a) ONLY applies to Version >=6.17: To configure POA antispam lists management via OX UI through POA-OpenAPI, you have to modify "/opt/open-xchange/etc/groupware/parallels.properties" and should adjust following parameters:  
+
2a) To configure POA antispam lists management via OX UI through POA-OpenAPI, you have to modify "/opt/open-xchange/etc/groupware/parallels.properties" and should adjust following parameters:  
  
 
<pre>
 
<pre>
Line 138: Line 164:
  
  
g) <b>IMPORTANT INFO</b>: If you are using a version prior to OX-HE 6.18, you must replace the content of the file "/opt/open-xchange/etc/admindaemon/ModuleAccessDefinitions.properties" with the lines below:
+
After you have edited all these properties, please restart „open-xchange-groupware", „open-xchange-admin“ and apache service via init scripts. Now you need to write down the „oxadminmaster“ username and its password which you set up during installation of the normal OX system. Then you should give these credentials and the OX IP/Hostname to the POA specialist. He will enter this infos in the POA environment.
 
 
<pre>
 
# File contains all access combinations which can be used by the server
 
# when creating/changing contexts/users.
 
#
 
# Currently available modules/interfaces/rights listed below.
 
#
 
# Modules:
 
# webmail
 
# calendar
 
# contacts
 
# infostore
 
# tasks
 
#
 
# Interfaces:
 
# webdav (WebDAV interface to the InfoStore)
 
# webdavxml (interface for OXtender for Microsoft Outlook, used by KDE for synchronization)
 
# ical (WebDAV iCal readonly interface to the calendar)
 
# vcard (WebDAV vCard readonly interface to the contacts)
 
# syncml (enables 3rd party implementations of the SyncML interface)
 
# usm (Universal Sync Module, necessary for ActiveSync and OXtender 2 for Microsoft Outlook)
 
# activesync (enables the Exchange Active Sync protocol to sync with business mobile devices)
 
#
 
# Permissions:
 
# readcreatesharedfolders (permission to share private folder and to view shared folder of other users)
 
# delegatetask (permission to create tasks that contain other users as participants)
 
# editpublicfolders (permission to modify public folders or data in them)
 
# editgroup (permission to administrate groups)
 
# editresource (permission to administrate resources)
 
# editpassword (permission to change its own password)
 
# globaladdressbookdisabled (Possibility to disabled the global address book for the user)
 
# publicfoldereditable (user gets folder administrator permissions on public folders)
 
#
 
# Features:
 
# collectemailaddresses (Collecting email addresses from received and send emails)
 
# multiplemailaccounts (Permission to add additional EMail accounts)
 
# subscription (Permission to subscribe to publications or to use the Social OX PlugIn)
 
# publication (Permission to publish content of folders)
 
 
 
# this are the deprecated definitions of module access combinations. please use the newly defined sets.
 
webmail_plus=contacts,webmail
 
pim_plus=contacts,webmail,calendar,tasks
 
groupware_plus=contacts,webmail,calendar,delegatetask,tasks,editpublicfolders,infostore,publicfoldereditable,readcreatesharedfolders
 
premium=contacts,webmail,calendar,delegatetask,tasks,editpublicfolders,infostore,publicfoldereditable,readcreatesharedfolders,ical,vcard,webdav,webdavxml
 
 
 
# PLEASE Update accordingly when UPDATING "all" level!
 
# Includes all modules except mobility,
 
groupware=calendar,contacts,delegatetask,editpublicfolders,forum,ical,infostore,publicfoldereditable,pinboardwrite,projects,readcreatesharedfolders,rssbookmarks,rssportal,tasks,vcard,webdav,webdavxml,webmail,editresource,editgroup,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication
 
 
 
#
 
webmail=webmail,contacts,globaladdressbookdisabled,collectemailaddresses
 
pim=webmail,calendar,contacts,tasks,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
 
pim_infostore=webmail,calendar,contacts,tasks,infostore,webdav,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
 
pim_mobility=webmail,calendar,contacts,tasks,syncml,usm,activesync,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
 
# Groupware Standard always gets new features except mobility and OXtender.
 
groupware_standard=webmail,calendar,contacts,infostore,tasks,webdav,ical,vcard,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication
 
groupware_premium=webmail,calendar,contacts,infostore,tasks,webdav,webdavxml,ical,vcard,syncml,usm,activesync,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication
 
all=webmail,calendar,contacts,infostore,tasks,webdav,webdavxml,ical,vcard,syncml,usm,activesync,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,publicfoldereditable,collectemailaddresses,multiplemailaccounts,subscription,publication
 
</pre>
 
 
 
 
 
After you have edited all these properties, please restart „open-xchange-groupware", „open-xchange-admin“ and apache via init scripts. Now you need to write down the „oxadminmaster“ username and its password which you set up during installation of the normal OX system. Then you should give these credentials and the OX IP/Hostname to the POA specialist. He will enter this infos in the POA environment.
 
 
 
== Package List for Open-Xchange 6.10 in POA Environment ==
 
 
 
<pre>
 
open-xchange
 
open-xchange-sql
 
open-xchange-server
 
open-xchange-jcharset
 
open-xchange-common
 
open-xchange-configread
 
open-xchange-cache
 
open-xchange-conversion
 
open-xchange-conversion-engine
 
open-xchange-conversion-servlet
 
open-xchange-dataretention-csv
 
open-xchange-dataretention
 
open-xchange-data-conversion-ical4j
 
open-xchange-sessiond
 
open-xchange-charset
 
open-xchange-crypto
 
open-xchange-contactcollector
 
open-xchange-pop3
 
open-xchange-smtp
 
open-xchange-imap
 
open-xchange-admin
 
open-xchange-admin-plugin-hosting
 
open-xchange-admin-plugin-hosting-lib
 
open-xchange-admin-lib
 
open-xchange-admin-doc
 
open-xchange-admin-client
 
open-xchange-admin-plugin-hosting-doc
 
open-xchange-admin-soap

 
open-xchange-admin-plugin-hosting-client
 

open-xchange-axis2
 
open-xchange-control
 
open-xchange-settings-extensions
 
open-xchange-activation
 
open-xchange-global
 
open-xchange-management
 
open-xchange-monitoring
 
open-xchange-timer
 
open-xchange-i18n
 
open-xchange-xml
 
open-xchange-calendar
 
open-xchange-push-udp
 
open-xchange-spamhandler-spamassassin
 
open-xchange-contacts-ldap
 
open-xchange-group-managerequest
 
open-xchange-resource-managerequest
 
open-xchange-genconf
 
open-xchange-genconf-mysql
 
open-xchange-gui-ie6-compat
 
open-xchange-publish
 
open-xchange-publish-basic
 
open-xchange-publish-infostore-online
 
open-xchange-publish-json
 
open-xchange-publish-microformats
 
open-xchange-subscribe
 

open-xchange-subscribe-crawler

 
open-xchange-subscribe-linkedin
 
open-xchange-subscribe-json
 
open-xchange-subscribe-microformats
 
open-xchange-subscribe-xing
 
open-xchange-templating
 
open-xchange-unifiedinbox
 
open-xchange-easylogin
 
open-xchange-custom-parallels
 
open-xchange-custom-parallels-gui
 
open-xchange-xerces-sun
open-xchange-gui
 

open-xchange-online-help-de

 
open-xchange-online-help-en

 
open-xchange-online-help-fr
 
</pre>
 

Revision as of 08:24, 12 July 2011

Open-Xchange HE + Parallels Operations Automation - Integration Instructions

This document covers the basic installation and configuration instructions to integrate an Open­Xchange HE Server into a POA environment. It does not cover any OX setup tuning instructions. It should be used by POA or/and OX specialists since this configuration instructions require a very deep knowledge of both products.


Details about the APS package are listed on the APS website

Details about the APS package deployment/configuration within the POA environment can be found in the current "Application Hosting Deployment Guide" on the parallels.com website.

Basic Installation of OX

Simply follow the guides to install Open-Xchange Hosting Edition on your favorite Linux distribution, but make sure you install the packages below instead of the default OX meta/packages provided in the manual, because POA integration needs a different set of software: 

mysql-server open-xchange-meta-parallels

Important: Stop before step "Creating contexts and users " - this is not necessary since all administration of contexts and users will be handled via POA.

http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_Debian_5.0
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_SLES10
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_SLES11
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Installation_Guide_for_RHEL5

Installation and Configuration of SOAP interface

To allow POA to provision contexts and users to Open-Xchange it is necessary to install the SOAP package on the OX server and configure it:

1. Login to your Open-Xchange server and install the packages "open-xchange-admin-soap" and "open-xchange-axis2" via your package tool:

Example for Debian:

$ apt-get install open-xchange-admin-soap open-xchange-axis2

2. Restart the Open-Xchange services:

$ /etc/init.d/open-xchange-admin restart
$ /etc/init.d/open-xchange-groupware restart

1. Installation of POA specific OX plugins

Please install following packages on the OX server if not already done by the meta package specified above. These are mandatory for the POA  integration: 

open­xchange­-custom­-parallels 
open­xchange­-custom­-parallels­-gui 
open­xchange­-spamhandler­-spamassassin 
open­xchange­-admin­-soap 
open­xchange­-easylogin


IMPORTANT: Make sure that you dont have any other „spamhandler“ package installed like „open-xchange-spamhandler-default“. Also make sure, that you dont have any other OX authentication package installed like „open-xchange-authentication-database“. Additionally, don`t install following packages, since they are not needed for POA installation: 

open-xchange-admin-plugin-contextrestore, open-xchange-log4j, open-xchange-passwordchange-database, open-xchange-passwordchange-servlet

If already installed, please uninstall first!

These packages contain POA specific plugins for authentication, branding and advanced antispam cababilities. After you installed these packages via your favorite package manager like apt or yum, please restart „open-xchange-groupware“ via approciate init script. To verify that the plugins are correctly loaded, please execute the command „listbundles“ which is located in /opt/open-xchange/sbin“. It should return a list with all „ACTIVE“ bundles.

If the bundle „com.openexchange.custom.parallels“ is not set to „ACTIVE“, please have a look at all OX logfiles located under „/var/log/open-xchange“ and watch out for error messages.

2. Configuration of POA specific OX plugins

You have to switch some properties of OX, else, the just installed plugins will not work correctly.

a) To enable the OX-POA antispam functionality you must first edit file „/opt/open-xchange/etc/groupware/imap.properties“ and set property „com.openexchange.imap.spamHandler“ to value „SpamAssassin“. 

# Define the registration name of the appropriate spam handler to use
com.openexchange.imap.spamHandler=SpamAssassin

Next you have to edit file „/opt/open-xchange/etc/groupware/spamassassin.properties“ and set property „com.openexchange.spamhandler.spamassassin.spamd“ to value „true“. 

# Choose if a mail should be send to spamd afterwards
com.openexchange.spamhandler.spamassassin.spamd=true


INFO:


If POA XML-RPC Service runs on a different port than „3100“.

Please edit file:

"/opt/open-xchange/etc/groupware/parallels.properties"

and set property

"com.openexchange.custom.parallels.antispam.xmlrpc.port" to your custom port.

Make sure that the OX HOST IPs are added to "/etc/mail/spamassassin/allowed_ips" on the POA antispam/mail server. Else OX can not connect to POA spamassasin to learn new mails and you will get "connection reset" errors in open-xchange logfile.

2a) To configure POA antispam lists management via OX UI through POA-OpenAPI, you have to modify "/opt/open-xchange/etc/groupware/parallels.properties" and should adjust following parameters: 

#
## OpenAPI properties for managing Black&White Lists via OX GUI
#
# This property defines the URL to the HTTP OpenAPI interface of POA
com.openexchange.custom.parallels.openapi.interface_url=http://<coreserver>:<port>/

#
# This property defines if OpenAPI calls should be made with http basic auth
com.openexchange.custom.parallels.openapi.auth_enabled=false

#
# This property defines OpenAPI http basic auth credentials auth id
com.openexchange.custom.parallels.openapi.auth_id=openapi_user_id

#
# This property defines OpenAPI http basic auth credentials auth password
com.openexchange.custom.parallels.openapi.auth_password=openapi_password

#
# The property defines the mount point of the OX OpenAPI servlet implementation.
# Typically, no need to change it.
com.openexchange.custom.parallels.openapi_servlet=/ajax/parallels/openapi


b) To enable correct branding for POA resellers and their customers, you have to define a „fallback“ FQDN under which the OX installation is reachable under the default skin/theme via http/https. 
To achieve this, please edit file „/opt/open-change/etc/groupware/parallels.properties“ and set property „com.openexchange.custom.parallels.branding.fallbackurl“ to the approciate value of your OX installation. 

# THIS property below must only contain FQDN to OX GUI
# like webmail.system.com/ox6
com.openexchange.custom.parallels.branding.fallbackurl=ox.aps.sw.ru

c) To enable creation of OX contexts (customers) via POA correctly you have to edit file „/opt/open-xchange/etc/admindaemon/plugin/hosting.properties“ and set property „CHECK_CONTEXT_LOGIN_MAPPING_REGEXP“ to value „[$%:\\.+a-zA-Z0-9@_\\/\\|-]“ 

# pattern of allowed chars in login mapping names

CHECK_CONTEXT_LOGIN_MAPPING_REGEXP=[$%:\\.+a-zA-Z0-9@_\\/\\|-]


d)To enable correctly generated direct links when customer/context is branded you have to edit file „/opt/open-xchange/etc/groupware/notification.properties“ and set property „object_link“ to value „http://[hostname]/#m=[module]&i=[object]&f=[folder]“ 

object_link=http://[hostname]/#m=[module]&i=[object]&f=[folder]

e) The Open-Xchange SOAP interface is used by POA to provision the OX system. To restrict access to this interface, we recommend that you add following lines to the apache2 configuration of OX (/etc/apache2/conf.d/ox_soap_access.conf).

The following example configuration will allow SOAP requests only from "localhost" and IP address "172.16.65.1". Make sure you edit this configuration accordingly to your actual POA environment/network. If you dont know the IP address of the POA host which will use the SOAP interface, contact the POA specialist who is responsible for the project. If you need more fine grained access restrictions see "mod_access" documentation at www.apache.org. 

<Location /servlet/axis2/services>
Order Deny,Allow
Deny from all
Allow from 172.16.65.1 127.0.0.1
</Location>

f) If you plan to sell Open-Xchange Business Mobility function, you should also install the following packages: 

open-xchange-usm
open-xchange-help-usm-eas


After you have edited all these properties, please restart „open-xchange-groupware", „open-xchange-admin“ and apache service via init scripts. Now you need to write down the „oxadminmaster“ username and its password which you set up during installation of the normal OX system. Then you should give these credentials and the OX IP/Hostname to the POA specialist. He will enter this infos in the POA environment.

Retrieved from "https://oxpedia.org/wiki/index.php?title=PA_Provider_Deployment_Guide&oldid=8163"