OXSE4UCS Installation en: Difference between revisions
(Created page with 'https://rally1.rallydev.com/slm/detail/ar/1317222168') |
No edit summary |
||
Line 1: | Line 1: | ||
= OXSE for UCS Quickinstall Guide = | |||
==Preparation== | |||
===Planing a scenario=== | |||
Before the installation you must decide which scenario for the OXSEforUCS-integration will be used. You can find the supported scenarios in the specifications of OXSEforUCS in chapter 7. For simplification the installation only varies between 3 cases | |||
* One-Server-Solution comparable with OXAE | |||
* dedicated slave server for OXSE | |||
* installation in distributed environments | |||
===Installing UCS-systems=== | |||
====UCS Master installation==== | |||
A UCS Master is required for every scenario. It is possible to use an existing UCS Master, if so, exactly '''UCS version 2.2-3 must''' be installed. | |||
'''Please Note: For installation, please only this mentioned path with UCS 2.2-3. UCS 2.3 is currently not supported for the OXSE for UCS and there is no possibility to downgrade UCS 2.3 to 2.2-3.''' | |||
The UCS ISO images are available at http://apt.univention.de/download/ucs-cds/ucs2.2-0/ | |||
Please select one of the images, that is appropriate for your platform, burn it, and reboot the machines with the DVD in the tray. Choose Univention Installer from the boot-menu and proceed after the boot-dialog has been loaded as follows: | |||
* Choose installer language | |||
* Press F12 to load all modules. If you don't want to load certain modules (e.g. for hardware compatibility reasons), deselect them. After that press F12. | |||
* Choose the medium, you want to install from (default ist /dev/hdc, the DVD Drive) | |||
* Choose your timezone and press F12 | |||
* Choose the keyboard layout and press F12 | |||
* Choose one or more system languages and press F12 | |||
* Choose the default language from the list and press F12 | |||
* Next, you have to act as follows. For Single-Server-Setup, choose '''Domain Controller Master'''. In the Single-Server-Setup you need exactly one '''Domain Controller Master'''. All other servers have to be '''Domain Controller Backup''' or '''Domain Controller Slave''' | |||
* In the next step, you have to configure the hostname, domainname, the LDAP-Base and the Windows-Domain, as well as to set the root-password. | |||
The LDAP Base will be genererated from the domainname as follows:<p> | |||
subdomain.domain.com will become dc=subdomain,dc=domain,dc=com</p> | |||
<p> | |||
You can enter a different LDAP Base here, but for readbility reasons you should refrain from that.</p> | |||
* In the next step you have to partition the medium, that you're going to install to. This is left up to your needs. You're welcome to use the auto partitioner that will create swap-space and apply the LVM onto the partitions. | |||
After that, press F12 and install the bootloader, again with F12. | |||
* After that, your are requested to enter the Data for your networking interface. Press F12. | |||
The nameserver field should contain the nameserver, that handles the previously configured domain. As UCS brings its own nameserver '''bind''', this could also be 127.0.01 or the IP address of the networking interface, configured previously. Please enter the DNS-server of your ISP into the DNS Forwarder field. This will be automatically entered into bind. An optional proxy server can be entered in the HTTP proxy field. F12 | |||
* In the next dialog, you can enter certain values for the SSL certificate of your site. These should be correct, as they will be shown in the browsers that access your site with HTTPS. F12 | |||
* The next dialog is a basic configuration of the firewall. This is left up to you. F12 | |||
* Package selection (without GUI). We recommend to deselect following packages, press F12 after that: | |||
<p> | |||
Mail/Groupware: Kolab 2 for UCS, Kolab 2 Webservices</p><p> | |||
Systemservices: Thinclient Environment</p><p> | |||
Graphical UI: all</p> | |||
* In the following step, you can choose to mirror the univention-repository locally. This and the decision to export home directories via NFS/SMB is left up to you. If you export home directories, without further configuration, all users will get a share, that they can access on the OXSEforUCS server. | |||
* In the next step you can start the installation with F12 | |||
After the installer has finished, you will be requested to reboot. Following steps remain: | |||
====Update to 2.2-3 (prerequisite)==== | |||
The update might take long, and the progress won't be shown on the shell. | |||
You can observe the progress by: | |||
<pre>tail -f /var/log/univention/updater.log</pre> | |||
CTRL-C exits the output. | |||
If you are logged in via ssh, the system will refuse to update at first. You can circumvent this by typing: | |||
<pre>ucr set update22/ignoressh=yes</pre> | |||
A safer solution to this is to install '''screen''' beforehand, and run the update in screen. screen is a console-window-manager, that detaches from the user-terminal, so that the update can continue, even if the controlling terminal of the user exits (e.g. triggered by the update). Installation and running screen is done by: | |||
<pre>apt-get install screen | |||
screen</pre> | |||
=====Update in shell/screen===== | |||
The actual update ist performed with | |||
<pre> | |||
univention-updater net --updateto 2.2-3 | |||
univention-security-update net | |||
</pre> | |||
After the update, you can exit screen by typing '''exit''' or pressing CTRL-D. | |||
It's recommended to perform the update in screen or the local console. | |||
=====Update via UMC===== | |||
Login into UMC and click on the Online-Updates module. | |||
Under "UCS release" click on "Check for updates". Perform the Update. | |||
Under "Security Updates" click on "Check for updates". Perform the Update. | |||
Restart the machine, when the systems asks you to. | |||
====One-Server-Solution comparable with OXAE==== | |||
After the Master installation there are no further preparations needed for the One-Server-Solution | |||
====Dedicated Slave-/Backup server for OXSE==== | |||
* One UCS Master 2.2-0 installation (as describe above) | |||
* '''update to 2.2-3''' | |||
* One or more UCS Backup or Slave 2.2-0 installations (as described above) | |||
* the LDAP base must be the same as for the master | |||
* during installation, you will be asked to join the master: ensure, that DNS is running and the enter the hostname of the master and the credentials at this point. | |||
* '''update to 2.2-3''' | |||
====Installing a distributed environment==== | |||
For the installation of a distributed environment you must define, how the several services should be distributed on your system. In a distributed environment the following services can be installed and used on any system role (Master/Backup/Slave) | |||
===== Open-Xchange Server ===== | |||
More than one instance of Open-Xchange Server can be installed, in that case first one Open-Xchange Server instance must be installed and then bound to the UCS-domain with a join. This Open-Xchange Server instance uses a listener to synchronize with the UCS-directory service. Additional Open-Xchange Server instances can now be created easily out of existing Open-Xchange Server instances. The first instance, which takes care of the synchronization, is called 'Active-OX' (in the following example it is called ox-instance1), all additional Open-Xchange Server instances, which just access to the OX-DB, are called 'Passive-OX' (in the following example it is called ox-instance2) | |||
===== IMAP Server ===== | |||
It is possible to install a dedicated IMAP server for every mail-domain (in the following example it is called oximapserver), but of course one IMAP server can be responsible for multiple mail-domains too. Every mail-domain has to be dedicated exactly to one IMAP server. | |||
===== MySQL Server ===== | |||
For a distributed environment exactly one MySQL server (in the following example it is called oxdbserver) is used, which can be located on one of the UCS-systems. MySQL replication can be established manually afterwards over the known MySQL replication mechanisms. The Open-Xchange instances must be customized therefore. | |||
===Installation on all hosts=== | |||
====Register Apt-Sources==== | |||
Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password. | |||
ucr set repository/online/component/ox/server=software.open-xchange.com \ | |||
repository/online/component/ox/prefix=OX6/OXSEforUCS \ | |||
repository/online/component/ox/username={LDB-USERNAME} \ | |||
repository/online/component/ox/password='{LDB-PASSWORD}' \ | |||
repository/online/component/ox=enabled \ | |||
repository/online/component/oxseforucs/server=software.open-xchange.com \ | |||
repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \ | |||
repository/online/component/oxseforucs/username={LDB-USERNAME} \ | |||
repository/online/component/oxseforucs/password='{LDB-PASSWORD}' \ | |||
repository/online/component/oxseforucs=enabled | |||
Update the repository data afterwards | |||
apt-get update | |||
====Assuring, that all systems are joined==== | |||
If it is not sure that all systems are joined the join should be executed again. | |||
univention-join | |||
== Installation of the component OXSEforUCS == | |||
=== One-Server solution comparable with OXAE === | |||
* DC Master Single Server: Installation univention-ox | |||
DEBIAN_FRONTEND=noninteractive apt-get \ | |||
-o DPkg::Options::=--force-confold -y --force-yes \ | |||
install univention-ox-directory-integration univention-ox \ | |||
univention-mail-cyrus-ox univention-ox-framework | |||
=== Dedicated Slave server for OXSE === | |||
* DC Master: Installation univention-ox-directory-integration | |||
apt-get install univention-ox-directory-integration | |||
* Slave: Installation univention-ox | |||
DEBIAN_FRONTEND=noninteractive apt-get \ | |||
-o DPkg::Options::=--force-confold -y --force-yes \ | |||
install univention-ox univention-mail-cyrus-ox \ | |||
univention-ox-framework | |||
If it is not sure that all systems are joined the join should be executed again. | |||
univention-join | |||
====Installation of additional passive Open-Xchange Server instances ==== | |||
Please notice that the installation described here, '''does not support''' the future installation of further '''passive Open-Xchange Server instances'''. If this is required, please follow the Installation procedure "Installation of a distributed environment" described below and set both variables, OXDB and OXIMAPSERVER to the FQDN of the slave server. | |||
===Installation of a distributed environment=== | |||
====DC Master Installation==== | |||
apt-get install univention-ox-directory-integration | |||
====Installation of additional Servers==== | |||
On the other servers all dedicated packages can be installed (univention-mail-cyrus-ox, mysql-server, univention-ox-instance, univention-mail-antispam-ox) | |||
* Installation of the IMAP server: | |||
apt-get install univention-mail-cyrus-ox | |||
* Installation of the MySQL server | |||
apt-get install mysql-server | |||
Set up MySQL to listen to an external interface. The among others Bind-Address of “0.0.0.0” can be replaced through the IP-addresses of the network interface: | |||
/etc/mysql/my.cnf | |||
bind-address 0.0.0.0 | |||
or | |||
sed -i 's/^bind-address.*$/bind-address = 0.0.0.0/' /etc/mysql/my.cnf | |||
Restart MySQL | |||
/etc/init.d/mysql restart | |||
Register authorizations of all open-xchange-instances | |||
mysql | |||
mysql> GRANT ALL PRIVILEGES ON *.* TO \ | |||
'openexchange'@'ox-instance1.ox-experten.de' \ | |||
IDENTIFIED BY 'geheim'; | |||
mysql> GRANT ALL PRIVILEGES ON *.* TO \ | |||
'openexchange'@'ox-instance2.ox-experten.de' \ | |||
IDENTIFIED BY 'geheim'; | |||
mysql> GRANT ... | |||
mysql> FLUSH PRIVILEGES; | |||
mysql> exit | |||
====Installation of the active Open-Xchange instance ==== | |||
* Installation with apt | |||
apt-get install univention-ox univention-ox-framework | |||
* Specifcation of IMAP and MySQL server | |||
For the IMAP and MySQL services, which are not based on this host, they must be specified as environment variables before the join: | |||
export HISTIGNORE="export*" | |||
export OXDB=oxdbserver.ox-experten.de | |||
export OXDBPW="geheim" | |||
export OXIMAPSERVER=oximapserver.ox-experten.de | |||
* Optional: testing MySQL-connection before the join | |||
apt-get install mysql-client | |||
mysql -u openexchange -h $OXDB --password="$OXDBPW"</pre> | |||
* (Re-)Join des Systems | |||
univention-join | |||
if the join-scripts have not been executed, this is sufficient: | |||
univention-run-join-scripts | |||
====Installation of additional passive Open-Xchange Server instances ==== | |||
apt-get install univention-ox univention-ox-framework | |||
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/ | |||
/opt/open-xchange/etc/groupware/usm.properties | |||
com.openexchange.usm.ox.url=ox-instance2.ox-experten.de | |||
/opt/open-xchange/etc/authplugin.properties | |||
LDAP_HOST=ox-instance2.ox-experten.de | |||
/etc/init.d/open-xchange-admin restart | |||
/etc/init.d/open-xchange-groupware restart | |||
=== Creation of the first user === | |||
To do so, login on the Web-GUI of the DC-Master in the Univention Directory Manager and choose under the point "user" the option "add". | |||
There the pattern "open-xchange groupware account" has to be chosen and the button "next" must be clicked. | |||
In this Tab all fields marked with a * and the field "forename" have to be filled in. | |||
[[File:User_anlegen_en.jpg|center|600px|]] | |||
=== Mobility === | |||
Information about the mobility support can be found here: http://www.open-xchange.com/en/mobility-solutions-en. | |||
For mobility support, a new component has to be added on all servers where installation will happen later. Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password. Please note that accessing this component requires a mobility license key. | |||
<pre> | |||
ucr set repository/online/component/oxmobility/server=software.open-xchange.com\ | |||
repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \ | |||
repository/online/component/oxmobility/username={LDB-USERNAME} \ | |||
repository/online/component/oxmobility/password='{LDB-PASSWORD}' \ | |||
repository/online/component/oxmobility=enabled | |||
</pre> | |||
After the following installation procedure, you can configure mobility access per-user in the UDM user-module. | |||
Beware, that the groupware will be restarted, and users will lose their sessions: | |||
==== Single Server ==== | |||
On a single-server solution, following packages have to be installed: | |||
<pre> | |||
apt-get install univention-ox-usm-udm | |||
apt-get install univention-ox-usm-ox | |||
</pre> | |||
==== Multi Server ==== | |||
On master: | |||
<pre> | |||
apt-get install univention-ox-usm-udm | |||
</pre> | |||
On the primary OX: | |||
<pre> | |||
apt-get install univention-ox-usm-ox | |||
</pre> | |||
===Spam treatment=== | |||
The antispam package is optional. It must be installed and configured separately, in a distributed environment it must be placed on the IMAP servers. | |||
Install with: | |||
apt-get install univention-mail-antispam-ox | |||
Additionally the open-xchange bundle is required: | |||
apt-get install open-xchange-spamhandler-spamassassin | |||
To make the spamd service start automatically the default configuration has to be edited: | |||
/etc/default/spamassassin | |||
ENABLED=1 | |||
/etc/init.d/spamassassin restart | |||
Activation | |||
ucr set postfix/procmaildelivery=yes | |||
The spamrunner is started with | |||
ucr set mail/antispam/ox/spamrunner=yes | |||
= Troubleshooting = | |||
== apt cannot find packages == | |||
Please check the apt-sources. Maybe the credentials were not entered or wrong. UCS doesn't warn about that. | |||
<pre>cat /etc/apt/sources.list.d/20_ucs-online-component.list</pre> | |||
must contain lines like | |||
<pre>deb http://user:password@software.open-xchange.com/OX6/OXSEforUCS/2.2/maintained/component oxseforucs/i386/</pre> | |||
for your architecture (here: /i386/), platform independent (/all/) and all components (at the moment: oxseforucs and oxmobility) | |||
You can check the settings of your components on the shell with | |||
<pre>ucr search repository</pre> | |||
Then configure the variables with (here: the password for the oxseforucs component): | |||
<pre>ucr set repository/online/component/oxseforucs/password=secret</pre> | |||
= F.A.Q. = | |||
== What is the oxmobility component? == | |||
The oxmobility component is the implementation of "OXtender for Business Mobility" into OXSEforUCS. It has to be licensed and installed seperately. Further information is available under http://sdb.open-xchange.com/faq/63 | |||
== How can I switch of the scan of the package database? == | |||
If you keep getting messages like: | |||
<pre>Cannot find service-record of _pkgdb._tcp. | |||
No DB-Server-Name found. | |||
</pre> | |||
you can ignore them or switch the packagedb-scan off with | |||
<pre>ucr set pkgsb/scan=no | |||
</pre> | |||
== Where are the repositories located? == | |||
Conceptionally, OXSEforUCS is a component or an add-on to UCS. Thus, the distribution of ucs and the apt-sources are located at http://apt.univention.de | |||
The apt-sources for the components are in the (LDB-)password-protected area below http://software.open-xchange.com/OX6/OXSEforUCS/ | |||
[[Category: OX6]] |
Revision as of 13:33, 12 April 2010
OXSE for UCS Quickinstall Guide
Preparation
Planing a scenario
Before the installation you must decide which scenario for the OXSEforUCS-integration will be used. You can find the supported scenarios in the specifications of OXSEforUCS in chapter 7. For simplification the installation only varies between 3 cases
- One-Server-Solution comparable with OXAE
- dedicated slave server for OXSE
- installation in distributed environments
Installing UCS-systems
UCS Master installation
A UCS Master is required for every scenario. It is possible to use an existing UCS Master, if so, exactly UCS version 2.2-3 must be installed.
Please Note: For installation, please only this mentioned path with UCS 2.2-3. UCS 2.3 is currently not supported for the OXSE for UCS and there is no possibility to downgrade UCS 2.3 to 2.2-3.
The UCS ISO images are available at http://apt.univention.de/download/ucs-cds/ucs2.2-0/
Please select one of the images, that is appropriate for your platform, burn it, and reboot the machines with the DVD in the tray. Choose Univention Installer from the boot-menu and proceed after the boot-dialog has been loaded as follows:
- Choose installer language
- Press F12 to load all modules. If you don't want to load certain modules (e.g. for hardware compatibility reasons), deselect them. After that press F12.
- Choose the medium, you want to install from (default ist /dev/hdc, the DVD Drive)
- Choose your timezone and press F12
- Choose the keyboard layout and press F12
- Choose one or more system languages and press F12
- Choose the default language from the list and press F12
- Next, you have to act as follows. For Single-Server-Setup, choose Domain Controller Master. In the Single-Server-Setup you need exactly one Domain Controller Master. All other servers have to be Domain Controller Backup or Domain Controller Slave
- In the next step, you have to configure the hostname, domainname, the LDAP-Base and the Windows-Domain, as well as to set the root-password.
The LDAP Base will be genererated from the domainname as follows:
subdomain.domain.com will become dc=subdomain,dc=domain,dc=com
You can enter a different LDAP Base here, but for readbility reasons you should refrain from that.
- In the next step you have to partition the medium, that you're going to install to. This is left up to your needs. You're welcome to use the auto partitioner that will create swap-space and apply the LVM onto the partitions.
After that, press F12 and install the bootloader, again with F12.
- After that, your are requested to enter the Data for your networking interface. Press F12.
The nameserver field should contain the nameserver, that handles the previously configured domain. As UCS brings its own nameserver bind, this could also be 127.0.01 or the IP address of the networking interface, configured previously. Please enter the DNS-server of your ISP into the DNS Forwarder field. This will be automatically entered into bind. An optional proxy server can be entered in the HTTP proxy field. F12
- In the next dialog, you can enter certain values for the SSL certificate of your site. These should be correct, as they will be shown in the browsers that access your site with HTTPS. F12
- The next dialog is a basic configuration of the firewall. This is left up to you. F12
- Package selection (without GUI). We recommend to deselect following packages, press F12 after that:
Mail/Groupware: Kolab 2 for UCS, Kolab 2 Webservices
Systemservices: Thinclient Environment
Graphical UI: all
- In the following step, you can choose to mirror the univention-repository locally. This and the decision to export home directories via NFS/SMB is left up to you. If you export home directories, without further configuration, all users will get a share, that they can access on the OXSEforUCS server.
- In the next step you can start the installation with F12
After the installer has finished, you will be requested to reboot. Following steps remain:
Update to 2.2-3 (prerequisite)
The update might take long, and the progress won't be shown on the shell.
You can observe the progress by:
tail -f /var/log/univention/updater.log
CTRL-C exits the output.
If you are logged in via ssh, the system will refuse to update at first. You can circumvent this by typing:
ucr set update22/ignoressh=yes
A safer solution to this is to install screen beforehand, and run the update in screen. screen is a console-window-manager, that detaches from the user-terminal, so that the update can continue, even if the controlling terminal of the user exits (e.g. triggered by the update). Installation and running screen is done by:
apt-get install screen screen
Update in shell/screen
The actual update ist performed with
univention-updater net --updateto 2.2-3 univention-security-update net
After the update, you can exit screen by typing exit or pressing CTRL-D.
It's recommended to perform the update in screen or the local console.
Update via UMC
Login into UMC and click on the Online-Updates module. Under "UCS release" click on "Check for updates". Perform the Update. Under "Security Updates" click on "Check for updates". Perform the Update.
Restart the machine, when the systems asks you to.
One-Server-Solution comparable with OXAE
After the Master installation there are no further preparations needed for the One-Server-Solution
Dedicated Slave-/Backup server for OXSE
- One UCS Master 2.2-0 installation (as describe above)
- update to 2.2-3
- One or more UCS Backup or Slave 2.2-0 installations (as described above)
- the LDAP base must be the same as for the master
- during installation, you will be asked to join the master: ensure, that DNS is running and the enter the hostname of the master and the credentials at this point.
- update to 2.2-3
Installing a distributed environment
For the installation of a distributed environment you must define, how the several services should be distributed on your system. In a distributed environment the following services can be installed and used on any system role (Master/Backup/Slave)
Open-Xchange Server
More than one instance of Open-Xchange Server can be installed, in that case first one Open-Xchange Server instance must be installed and then bound to the UCS-domain with a join. This Open-Xchange Server instance uses a listener to synchronize with the UCS-directory service. Additional Open-Xchange Server instances can now be created easily out of existing Open-Xchange Server instances. The first instance, which takes care of the synchronization, is called 'Active-OX' (in the following example it is called ox-instance1), all additional Open-Xchange Server instances, which just access to the OX-DB, are called 'Passive-OX' (in the following example it is called ox-instance2)
IMAP Server
It is possible to install a dedicated IMAP server for every mail-domain (in the following example it is called oximapserver), but of course one IMAP server can be responsible for multiple mail-domains too. Every mail-domain has to be dedicated exactly to one IMAP server.
MySQL Server
For a distributed environment exactly one MySQL server (in the following example it is called oxdbserver) is used, which can be located on one of the UCS-systems. MySQL replication can be established manually afterwards over the known MySQL replication mechanisms. The Open-Xchange instances must be customized therefore.
Installation on all hosts
Register Apt-Sources
Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password.
ucr set repository/online/component/ox/server=software.open-xchange.com \ repository/online/component/ox/prefix=OX6/OXSEforUCS \ repository/online/component/ox/username={LDB-USERNAME} \ repository/online/component/ox/password='{LDB-PASSWORD}' \ repository/online/component/ox=enabled \ repository/online/component/oxseforucs/server=software.open-xchange.com \ repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \ repository/online/component/oxseforucs/username={LDB-USERNAME} \ repository/online/component/oxseforucs/password='{LDB-PASSWORD}' \ repository/online/component/oxseforucs=enabled
Update the repository data afterwards
apt-get update
Assuring, that all systems are joined
If it is not sure that all systems are joined the join should be executed again.
univention-join
Installation of the component OXSEforUCS
One-Server solution comparable with OXAE
- DC Master Single Server: Installation univention-ox
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-directory-integration univention-ox \ univention-mail-cyrus-ox univention-ox-framework
Dedicated Slave server for OXSE
- DC Master: Installation univention-ox-directory-integration
apt-get install univention-ox-directory-integration
- Slave: Installation univention-ox
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox univention-mail-cyrus-ox \ univention-ox-framework
If it is not sure that all systems are joined the join should be executed again.
univention-join
Installation of additional passive Open-Xchange Server instances
Please notice that the installation described here, does not support the future installation of further passive Open-Xchange Server instances. If this is required, please follow the Installation procedure "Installation of a distributed environment" described below and set both variables, OXDB and OXIMAPSERVER to the FQDN of the slave server.
Installation of a distributed environment
DC Master Installation
apt-get install univention-ox-directory-integration
Installation of additional Servers
On the other servers all dedicated packages can be installed (univention-mail-cyrus-ox, mysql-server, univention-ox-instance, univention-mail-antispam-ox)
- Installation of the IMAP server:
apt-get install univention-mail-cyrus-ox
- Installation of the MySQL server
apt-get install mysql-server
Set up MySQL to listen to an external interface. The among others Bind-Address of “0.0.0.0” can be replaced through the IP-addresses of the network interface:
/etc/mysql/my.cnf
bind-address 0.0.0.0
or
sed -i 's/^bind-address.*$/bind-address = 0.0.0.0/' /etc/mysql/my.cnf
Restart MySQL
/etc/init.d/mysql restart
Register authorizations of all open-xchange-instances
mysql mysql> GRANT ALL PRIVILEGES ON *.* TO \ 'openexchange'@'ox-instance1.ox-experten.de' \ IDENTIFIED BY 'geheim'; mysql> GRANT ALL PRIVILEGES ON *.* TO \ 'openexchange'@'ox-instance2.ox-experten.de' \ IDENTIFIED BY 'geheim'; mysql> GRANT ... mysql> FLUSH PRIVILEGES; mysql> exit
Installation of the active Open-Xchange instance
- Installation with apt
apt-get install univention-ox univention-ox-framework
- Specifcation of IMAP and MySQL server
For the IMAP and MySQL services, which are not based on this host, they must be specified as environment variables before the join:
export HISTIGNORE="export*" export OXDB=oxdbserver.ox-experten.de export OXDBPW="geheim" export OXIMAPSERVER=oximapserver.ox-experten.de
- Optional: testing MySQL-connection before the join
apt-get install mysql-client
mysql -u openexchange -h $OXDB --password="$OXDBPW"
- (Re-)Join des Systems
univention-join
if the join-scripts have not been executed, this is sufficient:
univention-run-join-scripts
Installation of additional passive Open-Xchange Server instances
apt-get install univention-ox univention-ox-framework
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/
/opt/open-xchange/etc/groupware/usm.properties
com.openexchange.usm.ox.url=ox-instance2.ox-experten.de
/opt/open-xchange/etc/authplugin.properties
LDAP_HOST=ox-instance2.ox-experten.de
/etc/init.d/open-xchange-admin restart /etc/init.d/open-xchange-groupware restart
Creation of the first user
To do so, login on the Web-GUI of the DC-Master in the Univention Directory Manager and choose under the point "user" the option "add". There the pattern "open-xchange groupware account" has to be chosen and the button "next" must be clicked. In this Tab all fields marked with a * and the field "forename" have to be filled in.
Mobility
Information about the mobility support can be found here: http://www.open-xchange.com/en/mobility-solutions-en. For mobility support, a new component has to be added on all servers where installation will happen later. Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password. Please note that accessing this component requires a mobility license key.
ucr set repository/online/component/oxmobility/server=software.open-xchange.com\ repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \ repository/online/component/oxmobility/username={LDB-USERNAME} \ repository/online/component/oxmobility/password='{LDB-PASSWORD}' \ repository/online/component/oxmobility=enabled
After the following installation procedure, you can configure mobility access per-user in the UDM user-module.
Beware, that the groupware will be restarted, and users will lose their sessions:
Single Server
On a single-server solution, following packages have to be installed:
apt-get install univention-ox-usm-udm apt-get install univention-ox-usm-ox
Multi Server
On master:
apt-get install univention-ox-usm-udm
On the primary OX:
apt-get install univention-ox-usm-ox
Spam treatment
The antispam package is optional. It must be installed and configured separately, in a distributed environment it must be placed on the IMAP servers. Install with:
apt-get install univention-mail-antispam-ox
Additionally the open-xchange bundle is required:
apt-get install open-xchange-spamhandler-spamassassin
To make the spamd service start automatically the default configuration has to be edited:
/etc/default/spamassassin
ENABLED=1
/etc/init.d/spamassassin restart
Activation
ucr set postfix/procmaildelivery=yes
The spamrunner is started with
ucr set mail/antispam/ox/spamrunner=yes
Troubleshooting
apt cannot find packages
Please check the apt-sources. Maybe the credentials were not entered or wrong. UCS doesn't warn about that.
cat /etc/apt/sources.list.d/20_ucs-online-component.list
must contain lines like
deb http://user:password@software.open-xchange.com/OX6/OXSEforUCS/2.2/maintained/component oxseforucs/i386/
for your architecture (here: /i386/), platform independent (/all/) and all components (at the moment: oxseforucs and oxmobility)
You can check the settings of your components on the shell with
ucr search repository
Then configure the variables with (here: the password for the oxseforucs component):
ucr set repository/online/component/oxseforucs/password=secret
F.A.Q.
What is the oxmobility component?
The oxmobility component is the implementation of "OXtender for Business Mobility" into OXSEforUCS. It has to be licensed and installed seperately. Further information is available under http://sdb.open-xchange.com/faq/63
How can I switch of the scan of the package database?
If you keep getting messages like:
Cannot find service-record of _pkgdb._tcp. No DB-Server-Name found.
you can ignore them or switch the packagedb-scan off with
ucr set pkgsb/scan=no
Where are the repositories located?
Conceptionally, OXSEforUCS is a component or an add-on to UCS. Thus, the distribution of ucs and the apt-sources are located at http://apt.univention.de
The apt-sources for the components are in the (LDB-)password-protected area below http://software.open-xchange.com/OX6/OXSEforUCS/