Open-Xchange cPanel Installation: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
Line 381: Line 381:
One important piece is missing, though (in Open-Xchange versions < 7.4.2). It is not possible to transfer sub(sub)admins from one subadmin to
One important piece is missing, though (in Open-Xchange versions < 7.4.2). It is not possible to transfer sub(sub)admins from one subadmin to
another.
another.
= How to access the mail archive from within Open-Xchange webmail =
In order to access the archived email in cPanel if that feature has been turned on, just follow the instructions given
in the IMAP access link within the '''Email Archiving''' settings of cPanel.
[[File:CPanel_IMAP_Access_instruction_Link.png|800px]]
This link will bring you to an overview and a list of IMAP settings.
[[File:CPanel_IMAP_Access_Instructions.png|800px]]
Now in Open-Xchange setup this account as an external mail account.


= The tool <tt>/usr/local/cpanel/bin/oxcpanelenable</tt> =
= The tool <tt>/usr/local/cpanel/bin/oxcpanelenable</tt> =

Revision as of 12:53, 30 January 2014

Install Open-Xchange on WHM/cPanel

Requirements

Connector for cPanel requires to have WHM versions from 11.36 to 11.40 installed running on RHEL 5,6 or CentOS 5,6. It supports Open-Xchange versions 6.20 and newer. This guide, however, describes how to setup Open-Xchange Server 6.22 and above. In general, cPanel versions that are no longer supported by cPanel itself, are not supported.

Important: Do not update to newer versions of cPanel then mentioned here. You might want to turn autoupdates of in setting

UPDATES=manual

in /etc/cpupdate.conf

Changelog

1.1.1-rev2

  • Support for cPanel version 11.40
  • Fixed UI/CSS of WHM plugin
  • Introduced separate setting for the “autologin” URL
  • Improved oxcpanelenable commandline tool
  • Initial support for transferring cPanel accounts between servers
  • Several Bugfixes
    • Bugfix #29773 - Unable to login as webmail user after changing cPanel account name
    • Bugfix #29764 - [L3] Wrong 'Default Infostore quota (0=unlimited)' documentation in cpanel module
    • Bugfix #29707 - renaming domain and account in one step fails
    • Bugfix #29708 - renaming domain drops all addon domains
    • Bugfix #29712 - addon domain handling broken in multiple whm/one open-xchange mode
    • Bugfix #29530 - Unable to "terminate" account; do not try to delete an account that isn't there...

1.1.0-rev4

  • Fixed Addon Domain handling (login to Open-Xchange was not working for email accounts in Addon Domains)

1.1.0-rev3

  • Support for CentOS6/RHEL6
  • Support for OX App Suite

Mode of operation

It is recommended to run Open-Xchange on one or more separate machines. See the "Hosting Edition deployment tutorials" at

The connection between cPanel and Open-Xchange is done via some cPanel/WHM hooks and UI plugins using SOAP as communication channel. That means that SOAP must be enabled on Open-Xchange.

CPOX.png

Once the package open-xchange-cpanel is installed on the cPanel/WHM system, every cPanel user created within WHM will be created as an admin account and context in Open-Xchange. In addition, there's a single program to create all existing cPanel Accounts in Open-Xchange.

Availability

Connector for cPanel is available with a valid Open-Xchange Hosting Edition license. To get pricing information that meets your individual requirements, please contact Open-Xchange

Known issues

  • open-xchange icon not shown in cpanel in version 11.46.3
  • new paper_lantern theme not supported
  • Users with the same email localpart from different domains in a single cPanel account and a single context do not work because user names as well as display names must be unique
  • cPanel account names cannot be renamed when using the ox integration
  • Accessing the mail archiving does not automatically work in Open-Xchange webmail
  • park/unpark domain does not work

Release Notes

To download the Release Notes, follow this: Download

Install and prepare Open-Xchange

Follow one of the installation guides listed in here to install Open-Xchange and either just install the packages

On OX6 with backend versions < 7.2.2:

open-xchange-meta-cpanel

On OX6 with backend versions >= 7.2.2:

open-xchange-meta-cpanel open-xchange-meta-backend-ox6 open-xchange-meta-ui-ox6

On OX App Suite version >= 7.2.2 (older versions not supported):

open-xchange-meta-cpanel open-xchange-meta-backend-appsuite open-xchange-meta-ui-appsuite

or take care of the following exceptions:

  • Do not install the package open-xchange-mailfilter. cPanel does not support SIEVE at the moment.
  • Install the package open-xchange-admin-soap-reseller
  • Instead of open-xchange-authentication-database, install the package open-xchange-authentication-imap

Important:

  • Do NOT create a context, just follow the installation guide up to the database registration
  • Add the following argument to initconfigdb: --addon-sql "reseller.sql autocid.sql"

Preparation

  • run the command
$ /opt/open-xchange/sbin/initrestrictions -A oxadminmaster -P secret

once you've finished the open-xchange installation

  • On OX6 take care to install the packages open-xchange-gui-wizard-plugin open-xchange-gui-wizard-plugin-gui. The wizard must be used to enforce the user to provide a real valid displayname.
  • On OX6 edit file /opt/open-xchange/etc/settings/open-xchange-gui-wizard-plugin.properties and set
ui/wizard/firstrunmode=true
  • edit file /opt/open-xchange/etc/imapauth.properties and set
USE_MULTIPLE=true
  • edit file /opt/open-xchange/etc/mail.properties and set
com.openexchange.mail.adminMailLoginEnabled=true
  • edit file /opt/open-xchange/etc/sessiond.properties and set
com.openexchange.sessiond.autologin=true
  • edit file /opt/open-xchange/etc/AdminUser.properties and set
PRIMARY_MAIL_UNCHANGEABLE=false
USERNAME_CHANGEABLE=true
  • allow access from the cPanel server, edit /etc/httpd/conf.d/proxy_ajp.conf or /etc/httpd/conf.d/proxy_http.conf
<Location /servlet/axis2/services>
   # restrict access to the soap provisioning API
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
   Allow from <your cpanel server ip>
   # you might add more ip addresses / networks here
   # Allow from 192.168 10 172.16
</Location>
<Location /webservices>
   # restrict access to the soap provisioning API
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
   Allow from <your cpanel server ip>
   # you might add more ip addresses / networks here
   # Allow from 192.168 10 172.16
</Location>

Important: It is required to NOT set MASTER_AUTHENTICATION_DISABLED=true or CONTEXT_AUTHENTICATION_DISABLED=true in /opt/open-xchange/etc/AdminDaemon.properties

Install and prepare WHM/cPanel on CentOS

Note: Choose either CentOS5,6 or RHEL5,6. Nothing else is supported to integrate Open-Xchange with cPanel.

Important: If you have existing cpanel plugins that use /script hooks (or /usr/local/cpanel/script), as well as /usr/local/cpanel/hooks, take care to make a backup of these files because they will be replaced by the open-xchange-cpanel rpm

NOTE: This can take very long and it might look like it is hanging at

We are about to install SOAP::Lite and for your convenience will provide
you with list of modules and prerequisites, so you'll be able to choose
only modules you need for your configuration.

XMLRPC::Lite, UDDI::Lite, and XML::Parser::Lite are included by default.
Installed transports can be used for both SOAP::Lite and XMLRPC::Lite.

Press <enter> to see the detailed list.  

Just be patient and wait for it to finish.

VERY IMPORTANT: Due to the inability of yum to correctly handle the x86_64 architecture, it is important to add the line

exclude=*.i386

to your yum repo configuration (see below). Check http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9 for details.

yum repo config on i386

$ vi /etc/yum.repos.d/oxintegration.repo
[oxcpintegration]
name=Open-Xchange cPanel
baseurl=http://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/components/cPanel/stable/RHEL6
gpgkey=http://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m

yum repo config on x86_64

$ vi /etc/yum.repos.d/oxintegration.repo
[oxcpintegration]
name=Open-Xchange cPanel
baseurl=http://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/components/cPanel/stable/RHEL6
gpgkey=http://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
#IMPORTANT!!!!!
exclude=*.i386


  • install the package open-xchange-cpanel
$ yum install open-xchange-cpanel
  • run the installer (-h for help):
$ /usr/local/cpanel/bin/oxcpanelinstall --oxurl http://ox.example.com --oxadmin-password oxadminmasterpassword

Now your Open-Xchange server is integrated with your cPanel installation.

To check the connection, run

$ /usr/local/cpanel/bin/oxcpanelenable -c

This program can also be used to enable all existing cPanel users in OX. Run

$ /usr/local/cpanel/bin/oxcpanelenable -h

for more information.

Create all cPanel Accounts in Open-Xchange

Like mentioned before, you must now create accounts in Open-Xchange for all your existing cPanel accounts. This will not happen automatically. New accounts created in WHM, however, will automatically created in Open-Xchange.

To create an ox account per cPanel account you can either run

$ /usr/local/cpanel/bin/oxcpanelenable -e

or in the Open-Xchange WHM plugin click on every single cPanel Account and enable it.

Debugging

  • All errors happening during cPanel account creation and mail account creation are logged into the files /usr/local/cpanel/logs/open-xchange_log and /usr/local/cpanel/logs/error_log. If something does not work, check these logs first!
  • /usr/local/cpanel/bin/oxcpanelinstall creates a debug output file with every execution, check its output, e.g.:
$ /usr/local/cpanel/bin/oxcpanelinstall --oxurl http://myox.example.com --oxadmin-password secret
running installer, please wait. Debugoutput is placed into file /tmp/cpoxinst3542.out
  • do NOT disable authentication in /opt/open-xchange/etc/AdminDaemon.properties because this will mess up authentication using the Connector for cPanel, see Reseller_Bundle#Setup_and_Configuration for more information.
  • The name of each context admin account is the same as the corresponding cpanel account name.
  • and the password of the admin can be found in /var/cpanel/open-xchange/subadmin/<CPACCOUNT>/.oxadminpw

Troubleshooting

Creation of Accounts in Open-Xchange does not work? Please check the following:

Check connection between Open-Xchange and cPanel (connector)

run the command

$ sudo /usr/local/cpanel/bin/oxcpanelenable -c

to check Open-Xchange connection before doing anything else. It must output

connection check successfull

Check whether cPanel Hooks are available

run the command

 $ sudo /usr/local/cpanel/bin/manage_hooks list | grep OX

it must output

hook: OX::Hooks::addpop
hook: OX::Hooks::del_addon_domain
hook: OX::Hooks::delpop
hook: OX::Hooks::add_addon_domain
hook: OX::Hooks::postrestore
hook: OX::Hooks::delete_ox_account
hook: OX::Hooks::create_ox_account
hook: OX::Hooks::modify_ox_account

If it doesn't, run

$ sudo /usr/local/cpanel/bin/manage_hooks del module OX::Hooks

to clean up all OX Hooks, if there are any, and then run

$ sudo /usr/local/cpanel/bin/manage_hooks add module OX::Hooks

must output

Added hook for Whostmgr::Accounts::Create to hooks registry
Added hook for Whostmgr::Accounts::Remove to hooks registry
Added hook for Whostmgr::Accounts::Modify to hooks registry
Added hook for PkgAcct::Restore to hooks registry
Added hook for Cpanel::Api2::AddonDomain::addaddondomain to hooks registry
Added hook for Cpanel::Api2::AddonDomain::deladdondomain to hooks registry
Added hook for Cpanel::Api2::Email::addpop to hooks registry
Added hook for Cpanel::Api2::Email::delpop to hooks registry

Context listing in WHM does not work or Mailaccounts in cPanel are not listed in Open-Xchange

Check for known issues, e.g. you might been hit by a bug in SOAP::Lite.

WHM OX Plugin Usage

To create Open-Xchange accounts, nothing else is required than to create cPanel accounts as usual. Due to the design of the WHM plugin mechanism, however, it is not possible to indicate any errors that might happen when creating the account in Open-Xchange fails.

You can easily check, however, if the Open-Xchange account creation failed when you open the Open-Xchange plugin which can be found in the left menu in WHM almost on the bottom.

Whm-ox-failed.png

Failed attempts to create an ox accounts can be seen there because in that case, the account is not enabled. In such a case you need to Terminate that account and create it again after you fixed the reason for the failed attempt. Check the logs for errors.

Whm-ox-enable.png

In addition you will find all relevant error messages in /usr/local/cpanel/logs/open-xchange_log and /usr/local/cpanel/logs/error_log.

cPanel OX Plugin Usage

To create email accounts in Open-Xchange, nothing else is required than to create email accounts in cPanel. Due to the design of the cPanel plugin mechanism, however, it is not possible to indicate any errors that might happen when creating the account in Open-Xchange fails.

To check whether the email account creation fails, just open the Open-Xchange plugin and check if the recently created email account(s) appear in the list. If not, contact your hosting provider or, if you are the owner of the machine, you will find all relevant error messages in /usr/local/cpanel/logs/open-xchange_log and /usr/local/cpanel/logs/error_log.

Cpanel-account-list.png

Running multiple WHM/cPanel instances with a single Open-Xchange instance (cluster)

Starting with version 1.0.0 Rev2 it is possible to run multiple WHM/cPanel instances with a single Open-Xchange (cluster) installation. This, however, requires some extra management which is not part of the open-xchange-cpanel package nor is there any other ready to use ui for that.

The setup of the cPanel server and Connector is the same as described in the installation section. The same applies to the installation of the Open-Xchange server. Once the Open-Xchange server is installed, however, you need to create a subadmin account per WHM/cPanel server. These subadmins must be able to create further subadmin accounts (one per cPanel account).

$ /opt/open-xchange/sbin/createadmin -A oxadminmaster -P secret -u cpanelmaster1 -d "cPanel Superadmin 1" -p secret -a Subadmin.CanCreateSubadmin=true
$ /opt/open-xchange/sbin/createadmin -A oxadminmaster -P secret -u cpanelmaster2 -d "cPanel Superadmin 2" -p secret -a Subadmin.CanCreateSubadmin=true

and so on. You can also restrict the maximum number of subadmins a subadmin can create, see Reseller Bundle description for further details.

$ /opt/open-xchange/sbin/listadmin -A oxadminmaster -P secret
Id Name          Displayname         Parent Restrictions
96 cpanelmaster1 cPanel Superadmin 1 0      Subadmin.CanCreateSubadmin=true
97 cpanelmaster2 cPanel Superadmin 2 0      Subadmin.CanCreateSubadmin=true

Now on each WHM/cPanel installation, instead of using the oxadminmaster account when running the oxcpanelinstaller, specify the corresponding cpanel supadmin, e.g.

$ /usr/local/cpanel/bin/oxcpanelinstall --oxurl http://ox.example.com --oxadmin-name cpanelmaster1 --oxadmin-password secret

and so on.

"Copy an Account From Another Server" support

Copy accounts.png

Starting with 1.1.1-rev2, the connector supports to transfer cPanel accounts between servers. That basically means it is able to restore an account. The concept behind copying an account in cPanel is that it will be backed up in one and restored into another server. The problem is, that the Whostmgr::Accounts::Create(Post) hook is executed before the webmail accounts have been restored and thus, the restored account will create an context in Open-Xchange, but no users. The only way to solve that is to hook into PkgAcct::Restore, which is what will be done since 1.1.1-rev2.

Pitfalls

Source and destination server connect to the same Open-Xchange server

When both systems, source and destination connect to the same Open-Xchange server, the creation on the destination will fail since Open-Xchange account already exists. In this case, use the oxcpanelenable tool to enforce the enablement on the destination server even though the creation fails because it already exists.

In addition, you have to manually update the smtpServer and imapServer settings on the Open-Xchange server. This can be done by this little shell script:

OXPW="1!ySg(ed@y/W"
OXCTX=71
CPHOSTNAME=test.example.com
CPUSER=example
for i in $(/opt/open-xchange/sbin/listuser -A example -P "$OXPW" -c $OXCTX | \
          awk 'BEGIN {getline}{print $2}'); do
          /opt/open-xchange/sbin/changeuser -A $CPUSER -P "$OXPW" -c $OXCTX -u $i \
          --imapserver $CPHOSTNAME --smtpserver $CPHOSTNAME
done

Just copy and paste that into a new file, adapt the four settings on the top and run the script. Use the listuser --csv command to control whether the change was successful. The old password can be found on the source server in /var/cpanel/open-xchange/subadmin/<CPACCOUNT>/.oxadminpw. The context id is listed in the Open-Xchange WHM plugin. Also you have to copy the contents of the directory /var/cpanel/open-xchange/subadmin/<CPACCOUNT>/.oxadminpw from the source to the destination server (including correct permissions and ownerships).

Delete account on source server when both connect to the same Open-Xchange server

Attention, that will delete the Open-Xchange account! To prevent that, go to the WHM Open-Xchange plugin on the source server and disable that specific account before you terminate it. You can also use the oxcpanelenable tool to do that. Now you can safely terminate the cPanel account on the source server.

Important: Missing piece

One important piece is missing, though (in Open-Xchange versions < 7.4.2). It is not possible to transfer sub(sub)admins from one subadmin to another.

How to access the mail archive from within Open-Xchange webmail

In order to access the archived email in cPanel if that feature has been turned on, just follow the instructions given in the IMAP access link within the Email Archiving settings of cPanel.

CPanel IMAP Access instruction Link.png

This link will bring you to an overview and a list of IMAP settings.

CPanel IMAP Access Instructions.png

Now in Open-Xchange setup this account as an external mail account.

The tool /usr/local/cpanel/bin/oxcpanelenable

This tool will help you maintaining your integration. It can be used to check the integration as well as enable/disable single or all accounts on the cPanel server.

Function overview

<NAME> := a cpanel user name OR a perl regular expression like '.*'

/usr/local/cpanel/bin/oxcpanelenable --list|-l
Lists all cPanel accounts including webmail accounts and the status on whether they are enabled or not.
/usr/local/cpanel/bin/oxcpanelenable --enableall|-e [-f]
Enable all cPanel accounts which means that an Open-Xchange account will be created for each local cPanel account. Use -f (force) to set enabled status even when the operation fails.
/usr/local/cpanel/bin/oxcpanelenable --enable|-E <NAME> [-f]
Enable a single account matching the <NAME> pattern. Use -f (force) to set enabled status even when the operation fails.
/usr/local/cpanel/bin/oxcpanelenable --disable|-d <NAME>
Disable a single account or all accounts matching the <NAME> pattern.
/usr/local/cpanel/bin/oxcpanelenable --dumpuser|-X <NAME>
Dump the cPanel internals of a single account or all accounts matching the <NAME> pattern.
/usr/local/cpanel/bin/oxcpanelenable --checkox|-c
Check the interconnection between Open-Xchange and cPanel

Note: None of the operations of the tool will actually remove anything on the Open-Xchange server. Where the enable operation creates accounts on Open-Xchange, disable won't remove those! Removing accounts must be done manually on the Open-Xchange server. The tool will also NOT repair incomplete or broken accounts on the Open-Xchange side. It can be used to maintain the LOCAL state of the Open-Xchange<->cPanel connection.