PA Provider Deployment Guide: Difference between revisions

Open-Xchange HE + Parallels Operations Automation - Integration Instructions

This document covers the installation and configuration instructions to integrate an already  installed and configured Open­Xchange HE Server into a POA environment. It does not  cover any normal OX setup instructions. It should be used by POA or/and OX specialists  since this configuration instructions require a very deep knowledge of both products.

For a list of default packages which should be installed on OX instance, please see end of  this document.

1. Installation of POA specific OX plugins

Please install following packages on the OX instance. These are mandatory for the POA  integration:

open­xchange­-custom­-parallels 
open­xchange­-custom­-parallels­-gui 
open­xchange­-spamhandler­-spamassassin 
open­xchange­-admin­-soap 
open­xchange­-easylogin 

IMPORTANT: Make sure that you dont have any other „spamhandler“ package installed like „open-xchange-spamhandler-default“. Also make sure, that you dont have any other OX authentication package installed like „open-xchange-authentication-database“ and that you do not have package „open-xchange-mailfilter“ installed since POA mailserver does not have server side mailfilter rules(„sieve“) which can be used by OX. Additionally, don`t install following packages, since they are not needed for POA installation:

open-xchange-admin-plugin-contextrestore, open-xchange-log4j, open-xchange-passwordchange-database, open-xchange-passwordchange-servlet

If already installed, please uninstall first!

These packages contain POA specific plugins for authentication, branding and advanced antispam cababilities. After you installed these packages via your favorite package manager like apt or yum, please restart „open-xchange-groupware“ via approciate init script. To verify that the plugins are correctly loaded, please execute the command „listbundles“ which is located in /opt/open-xchange/sbin“ . It should return a list with all „ACTIVE“ bundles.

If the bundle „com.openexchange.custom.parallels“ is not set to „ACTIVE“, please have a look at all OX logfiles located under „/var/log/open-xchange“ and watch out for error messages.

2. Configuration of POA specific OX plugins

You have to switch some properties of OX, else the just installed plugins will not work correctly.

a) To enable the OX-POA antispam functionality you must first edit file „/opt/open-xchange/etc/groupware/imap.properties“ and set property „com.openexchange.imap.spamHandler“ to value „SpamAssassin“.

# Define the registration name of the appropriate spam handler to use
com.openexchange.imap.spamHandler=SpamAssassin

Next you have to edit file „/opt/open-xchange/etc/groupware/spamassassin.properties“ and set property „com.openexchange.spamhandler.spamassassin.spamd“ to value „true“.

# Choose if a mail should be send to spamd afterwards
com.openexchange.spamhandler.spamassassin.spamd=true


INFO:


If POA XML-RPC Service runs on a different port than „3100“.

Please edit file:

"/opt/open-xchange/etc/groupware/parallels.properties"

and set property

"com.openexchange.custom.parallels.antispam.xmlrpc.port" to your custom port.

b) To enable correct branding for POA resellers and their customers, you have to define a „fallback“ FQDN under which the OX installation is reachable under the default skin/theme via http/https. 
To achieve this, please edit file „/opt/open-change/etc/groupware/parallels.properties“ and set property „com.openexchange.custom.parallels.branding.fallbackurl“ to the approciate value of your OX installation.

# THIS property below must only contain FQDN to OX GUI
# like webmail.system.com/ox6
com.openexchange.custom.parallels.branding.fallbackurl=ox.aps.sw.ru

c) To enable creation of OX contexts (customers) via POA correctly you have to edit file „/opt/open-xchange/etc/admindaemon/plugin/hosting.properties“ and set property „CHECK_CONTEXT_LOGIN_MAPPING_REGEXP“ to value „[$%:\\.+a-zA-Z0-9@_\\/\\|-]“

# pattern of allowed chars in login mapping names

CHECK_CONTEXT_LOGIN_MAPPING_REGEXP=[$%:\\.+a-zA-Z0-9@_\\/\\|-]

d)To enable correctly generated direct links when customer/context is branded you have to edit file „/opt/open-xchange/etc/groupware/notification.properties“ and set property „object_link“ to value „http://[hostname]/#m=[module]&i=[object]&f=[folder]“

object_link=http://[hostname]/#m=[module]&i=[object]&f=[folder]

e) The Open-Xchange SOAP interface is used by POA to provision the OX system. To restrict access to this interface, we recommend that you add following lines to the apache2 configuration of OX (/etc/apache2/conf.d/ox_soap_access.conf).

The following example configuration will allow SOAP requests only from "localhost" and IP address "172.16.65.1". Make sure you edit this configuration accordingly to your actual POA environment/network. If you dont know the IP address of the POA host which will use the SOAP interface, contact the POA specialist who is responsible for the project. If you need more fine grained access restrictions see "mod_access" documentation at www.apache.org.

<Location /servlet/axis2/services>
Order Deny,Allow
Deny from all
Allow from 172.16.65.1 127.0.0.1
</Location>

f) If you plan to sell Open-Xchange Business Mobility function, you should also install the following packages:

open-xchange-usm
open-xchange-help-usm-eas

g) IMPORTANT INFO: If you are using a version prior to OX-HE 6.18, you must replace the content of the file "/opt/open-xchange/etc/admindaemon/ModuleAccessDefinitions.properties" with the lines below:

# File contains all access combinations which can be used by the server
# when creating/changing contexts/users.
#
# Currently available modules/interfaces/rights listed below.
#
# Modules:
# webmail
# calendar
# contacts
# infostore
# tasks
#
# Interfaces:
# webdav (WebDAV interface to the InfoStore)
# webdavxml (interface for OXtender for Microsoft Outlook, used by KDE for synchronization)
# ical (WebDAV iCal readonly interface to the calendar)
# vcard (WebDAV vCard readonly interface to the contacts)
# syncml (enables 3rd party implementations of the SyncML interface)
# usm (Universal Sync Module, necessary for ActiveSync and OXtender 2 for Microsoft Outlook)
# activesync (enables the Exchange Active Sync protocol to sync with business mobile devices)
# 
# Permissions:
# readcreatesharedfolders (permission to share private folder and to view shared folder of other users)
# delegatetask (permission to create tasks that contain other users as participants)
# editpublicfolders (permission to modify public folders or data in them)
# editgroup (permission to administrate groups)
# editresource (permission to administrate resources)
# editpassword (permission to change its own password)
# globaladdressbookdisabled (Possibility to disabled the global address book for the user)
# publicfoldereditable (user gets folder administrator permissions on public folders)
#
# Features:
# collectemailaddresses (Collecting email addresses from received and send emails)
# multiplemailaccounts (Permission to add additional EMail accounts)
# subscription (Permission to subscribe to publications or to use the crawler)
# publication (Permission to publish content of folders)

# this are the deprecated definitions of module access combinations. please use the newly defined sets.
webmail_plus=contacts,webmail
pim_plus=contacts,webmail,calendar,tasks
groupware_plus=contacts,webmail,calendar,delegatetask,tasks,editpublicfolders,infostore,publicfoldereditable,readcreatesharedfolders
premium=contacts,webmail,calendar,delegatetask,tasks,editpublicfolders,infostore,publicfoldereditable,readcreatesharedfolders,ical,vcard,webdav,webdavxml

# PLEASE Update accordingly when UPDATING "all" level!
# Includes all modules except mobility, 
groupware=calendar,contacts,delegatetask,editpublicfolders,forum,ical,infostore,publicfoldereditable,pinboardwrite,projects,readcreatesharedfolders,rssbookmarks,rssportal,tasks,vcard,webdav,webdavxml,webmail,editresource,editgroup,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication

# 
webmail=webmail,contacts,globaladdressbookdisabled,collectemailaddresses
pim=webmail,calendar,contacts,tasks,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
pim_infostore=webmail,calendar,contacts,tasks,infostore,webdav,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
pim_mobility=webmail,calendar,contacts,tasks,syncml,usm,activesync,globaladdressbookdisabled,collectemailaddresses,multiplemailaccounts,subscription,publication
# Groupware Standard always gets new features except mobility and OXtender.
groupware_standard=webmail,calendar,contacts,infostore,tasks,webdav,ical,vcard,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication
groupware_premium=webmail,calendar,contacts,infostore,tasks,webdav,webdavxml,ical,vcard,syncml,usm,activesync,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,collectemailaddresses,multiplemailaccounts,subscription,publication
all=webmail,calendar,contacts,infostore,tasks,webdav,webdavxml,ical,vcard,syncml,usm,activesync,readcreatesharedfolders,delegatetask,editpublicfolders,editgroup,editresource,editpassword,publicfoldereditable,collectemailaddresses,multiplemailaccounts,subscription,publication

After you have edited all these properties, please restart „open-xchange-groupware", „open-xchange-admin“ and apache via init scripts. Now you need to write down the „oxadminmaster“ username and its password which you set up during installation of the normal OX system. Then you should give these credentials and the OX IP/Hostname to the POA specialist. He will enter this infos in the POA environment.

Package List for Open-Xchange 6.10 in POA Environment

open-xchange
open-xchange-sql
open-xchange-server
open-xchange-jcharset
open-xchange-common
open-xchange-configread
open-xchange-cache
open-xchange-conversion
open-xchange-conversion-engine
open-xchange-conversion-servlet
open-xchange-dataretention-csv
open-xchange-dataretention
open-xchange-data-conversion-ical4j
open-xchange-sessiond
open-xchange-charset
open-xchange-crypto
open-xchange-contactcollector
open-xchange-pop3
open-xchange-smtp
open-xchange-imap
open-xchange-admin
open-xchange-admin-plugin-hosting
open-xchange-admin-plugin-hosting-lib
open-xchange-admin-lib
open-xchange-admin-doc
open-xchange-admin-client
open-xchange-admin-plugin-hosting-doc
open-xchange-admin-soap

open-xchange-admin-plugin-hosting-client

open-xchange-axis2
open-xchange-control
open-xchange-settings-extensions
open-xchange-activation
open-xchange-global
open-xchange-management
open-xchange-monitoring
open-xchange-timer
open-xchange-i18n
open-xchange-xml
open-xchange-calendar
open-xchange-push-udp
open-xchange-spamhandler-spamassassin
open-xchange-contacts-ldap
open-xchange-group-managerequest
open-xchange-resource-managerequest
open-xchange-genconf
open-xchange-genconf-mysql
open-xchange-gui-ie6-compat
open-xchange-publish
open-xchange-publish-basic
open-xchange-publish-infostore-online
open-xchange-publish-json
open-xchange-publish-microformats
open-xchange-subscribe

open-xchange-subscribe-crawler

open-xchange-subscribe-linkedin
open-xchange-subscribe-json
open-xchange-subscribe-microformats
open-xchange-subscribe-xing
open-xchange-templating
open-xchange-unifiedinbox
open-xchange-easylogin
open-xchange-custom-parallels
open-xchange-custom-parallels-gui
open-xchange-xerces-sun
open-xchange-gui

open-xchange-online-help-de

open-xchange-online-help-en

open-xchange-online-help-fr