Menu Chiudi

Pillola #37: Open-xchange – Server di Groupware

Note tecniche relative all’installazione del server open-xchange.

Link utili:
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Plugin_Overview <– elenco plugin
http://software.open-xchange.com/OX6/doc/ <– elenco documentazione e rilasci varie patch

Note tecniche relative all’installazione del server open-xchange.

Link utili:
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Plugin_Overview <– elenco plugin
http://software.open-xchange.com/OX6/doc/ <– elenco documentazione e rilasci varie patch

E’ stata utilizzata la distribuzione Debian Squeeze.

cat /etc/apt/sources.list
# repository standard
deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free

# security updates
deb http://security.debian.org/ squeeze/updates main contrib

# repository per open-xchange STABLE
#deb http://software.open-xchange.com/OX6/stable/DebianSqueeze/ /

# repository con ultimi aggiornamenti disponibili aggiornati con le patch
deb http://software.open-xchange.com/OX6/snapshot/DebianSqueeze/ /

# utilizzando il repository snapshot è buona cosa aggiornare i pacchetti nel modo seguente:
# aptitude clean && aptitude update && aptitude -y upgrade 
# dpkg --get-selections | grep open-xchange | cut -f 1 | xargs aptitude reinstall
# aptitude clean

importiamo la chiave pubblica per i pacchetti di openexchange

wget http://software.open-xchange.com/oxbuildkey.pub
apt-key add - < oxbuildkey.pub
apt-get update

Installazione pacchetti base:

apt-get install mysql-server

NB. NON impostare la password di accesso per l’utente root in fase di installazione
dei pacchetti di open-xchange. Impostare la password di mysql solo a lavori conclusi.

apt-get install apache2
apt-get install libapache2-mod-proxy-html
apt-get install sun-java6-jre
apt-get install open-xchange-meta-singleserver
apt-get install open-xchange-mailfilter
apt-get install open-xchange-syncml  <---- da verificare se serve effettivamente !!!
echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc

Installazione della lingua italiana

apt-get install open-xchange-lang-it-it 
apt-get install open-xchange-gui-lang-it-it

NB. nel caso in cui la lingua italiana NON risultasse disponibile nell’elenco
delle lingue selezionabili in “Configuration/Options/Languages and region” rimuovere
i pacchetti relativi alle lingue e verificare di utilizzare il repository
http://software.open-xchange.com/OX6/stable/DebianSqueeze/

installare alcuni altri pacchetti utili per l’interfaccia amministrativa
(quella disponibile in Configurazione/Amministrazione)

apt-get install open-xchange-resource-managerequest
apt-get install open-xchange-group-managerequest

installare e configurare il plugin per l’interrogazioni di rubriche LDAP esterne

apt-get install open-xchange-contacts-ldap

inizializziamo il db

/opt/open-xchange/sbin/initconfigdb --configdb-pass=PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE -a

procedo con l’installazione di openexchange

/opt/open-xchange/sbin/oxinstaller --no-license \
--servername=srvopenexchange --configdb-pass=PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE \
--master-pass=PASSWORD_PER_UTENTE_OXADMINMASTER --ajp-bind-port=localhost

avvio il servizio open-xchange-admin e registro il servizio nel database di mysql

/etc/init.d/open-xchange-admin restart
/opt/open-xchange/sbin/registerserver -n srvopenexchange -A oxadminmaster \
-P PASSWORD_PER_UTENTE_OXADMINMASTER

creo il filestore, assegno i relativi permessi e lo registro nel database di mysql

mkdir /filestore
chown open-xchange:open-xchange /filestore
/opt/open-xchange/sbin/registerfilestore -A oxadminmaster \
-P PASSWORD_PER_UTENTE_OXADMINMASTER \
-t file:/filestore -s 1000000

Note: You might want to adapt the value provided with -s, the “The maximum size of the filestore in MB”, see registerfilestore –help.

e per finire registro il database groupware nel database di mysql

/opt/open-xchange/sbin/registerdatabase -A oxadminmaster \
-P PASSWORD_PER_UTENTE_OXADMINMASTER \
-n oxdatabase -p PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE -m true

abilito alcuni moduli aggiuntivi:

# a2enmod proxy proxy_ajp proxy_balancer expires deflate headers rewrite
cat /etc/apache2/conf.d/proxy_ajp.conf

<Location /servlet/axis2/services>
    # restrict access to the soap provisioning API
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    # you might add more ip addresses / networks here
    Allow from 192.168 10 172.16
</Location>

<IfModule mod_proxy_ajp.c>
   ProxyRequests Off
   <Proxy balancer://oxcluster>
       Order deny,allow
       Allow from all
       # multiple server setups need to have the hostname inserted instead localhost
       BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
       # Enable and maybe add additional hosts running OX here
       # BalancerMember ajp://oxhost2:8009 timeout=100  smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
       ProxySet stickysession=JSESSIONID
   </Proxy>
   <Proxy /ajax>
       ProxyPass balancer://oxcluster/ajax
   </Proxy>
   <Proxy /servlet>
       ProxyPass balancer://oxcluster/servlet
   </Proxy>
   <Proxy /infostore>
       ProxyPass balancer://oxcluster/infostore
   </Proxy>
   <Proxy /publications>
       ProxyPass balancer://oxcluster/publications
   </Proxy>
   <Proxy /Microsoft-Server-ActiveSync>
       ProxyPass balancer://oxcluster/Microsoft-Server-ActiveSync
   </Proxy>
   <Proxy /usm-json>
       ProxyPass balancer://oxcluster/usm-json
   </Proxy>
</IfModule>
cat /etc/apache2/sites-enabled/000-default

<VirtualHost *:80>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/

	<Directory /var/www/>
		AllowOverride None
		Order allow,deny
		allow from all
		RedirectMatch ^/$ /ox6/
               Options +FollowSymLinks +SymLinksIfOwnerMatch
	</Directory>
       # deflate
      AddOutputFilterByType DEFLATE text/html text/plain text/javascript application/javascript text/css text/xml application/xml text/x-js application/x-javascript

	# pre-compressed files
	AddType text/javascript .jsz
	AddType text/css .cssz
	AddType text/xml .xmlz
        AddType text/plain .po
	
	AddEncoding gzip .jsz .cssz .xmlz
	SetEnvIf Request_URI "\.(jsz|cssz|xmlz)$" no-gzip
	
	ExpiresActive On
	
	<Location /ox6>
	        # Expires (via ExpiresByType to override global settings)
	        ExpiresByType image/gif "access plus 6 months"
	        ExpiresByType image/png "access plus 6 months"
	        ExpiresByType image/jpg "access plus 6 months"
	        ExpiresByType image/jpeg "access plus 6 months"
	        ExpiresByType text/css "access plus 6 months"
	        ExpiresByType text/html "access plus 6 months"
	        ExpiresByType text/xml "access plus 6 months"
	        ExpiresByType text/javascript "access plus 6 months"
	        ExpiresByType text/x-js "access plus 6 months"
	        ExpiresByType application/x-javascript "access plus 6 months"
	        ExpiresDefault "access plus 6 months"
	        Header append Cache-Control "private"
	        Header unset Last-Modified
	        Header unset Vary
	        # Strip version
	        RewriteEngine On
	        RewriteRule v=\w+/(.+) $1 [L]
	        # Turn off ETag
	        Header unset ETag
	        FileETag None
	</Location>
	
	<Location /ox6/ox.html>
	        ExpiresByType text/html "now"
	        ExpiresDefault "now"
	        Header unset Last-Modified
	        Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
	        # Turn off ETag
	        Header unset ETag
	        FileETag None
	</Location>
	
	<Location /ox6/index.html>
	        ExpiresByType text/html "now"
	        ExpiresDefault "now"
	        Header unset Last-Modified
	        Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
	        # Turn off ETag
	        Header unset ETag
	        FileETag None
	</Location>
</VirtualHost>

riavvio apache e il server di groupware

/etc/init.d/apache2 restart
/etc/init.d/open-xchange-groupware start

per comodità disabilito la password per la creazione dei contesti, utenti e gruppi

#/opt/open-xchange/etc/admindaemon/AdminDaemon.properties

# Disabling authentication for system calls like context/server etc. creation!
# ONLY USE THIS SWITCH IF YOU EXACTLY KNOW WHAT YOU DO!!!
MASTER_AUTHENTICATION_DISABLED=true

# Disabling authentication for context calls like user/group etc. creation!
# This also disables authentication for calls which a "normal" user can make
# like change his own data or get his own data!
# ONLY USE THIS SWITCH IF YOU EXACTLY KNOW WHAT YOU DO!!!
CONTEXT_AUTHENTICATION_DISABLED=true

e riavvio il demone amministrativo

/etc/init.d/open-xchange-admin restart

creo un contesto e un utente di prova

/opt/open-xchange/sbin/createcontext -c 1 \
-u oxadmin -d "Context Admin" -g Admin -s User \
-p PASSWORD_PER_UTENTE_OXADMIN -L defaultcontext \
-e oxadmin@MIODOMINIO -q 1024 \
-l it_IT \
-t Europe/Rome \
--access-calendar on \
--access-contacts on \
--access-delegate-tasks on \
--access-edit-public-folder on \
--access-forum off \
--access-ical on \
--access-infostore on \
--access-pinboard-write on \
--access-projects on \
--access-read-create-shared-Folders on \
--access-rss-bookmarks on \
--access-rss-portal on \
--access-syncml off \
--access-tasks on \
--access-vcard on \
--access-webdav on \
--access-webdav-xml on \
--access-webmail on \
--access-edit-group on \
--access-edit-resource on \
--access-edit-password off \
--access-collect-email-addresses off \
--access-multiple-mail-accounts off \
--access-subscription off \
--access-publication off \
--access-active-sync off \
--access-usm off \
--access-olox20 off \
--access-global-address-book-disabled off \
--access-public-folder-editable on


/opt/open-xchange/sbin/createuser -c 1 -A oxadmin \
-P PASSWORD_PER_UTENTE_OXADMINMASTER \
-u utentXX -d "Nome e Cognome" -g Nome -s Cognome \
-p PASSWORD_UTENTE -e indirizzodiposta@MIODOMINIO \
--imaplogin UTENTEIMAP --imapserver IP_SERVER_IMAP --smtpserver IP_SERVER_SMTP

ottimizzare le impostazioni di mysql

wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl/mysqltuner.pl
chmod +x mysqltuner.pl
./mysqltuner.pl

sostituisco il metodo di autenticazione standard con quello IMAP

apt-get install open-xchange-authentication-imap

e modifico opportunamento il file /opt/open-xchange/etc/groupware/imapauth.properties

# imap server ip or fqdn
IMAP_SERVER=IP_DEL_SERVER_IMAP

# port on which the imap server is listening
IMAP_PORT=143

# set to true if connecting via imaps://
IMAP_USE_SECURE=false

# Socket I/O timeout value in milliseconds
IMAP_TIMEOUT=5000

# Socket connection timeout value in milliseconds
IMAP_CONNECTIONTIMEOUT=5000

##############################################
# Set to true to auth with "user@domain" instead of just "user" against imap server.
# If true the "domain" part will be used as the context name of the ox system.
# so add "domain" as a login mapping to be able to login.
# If false, the plugin react as only 1 context exists in the ox system,
# and this context has the mapping "defaultcontext" added.
USE_FULL_LOGIN_INFO=false

Sincronizzazione dei contatti e del calendario tra open-xchange e Parlmari
(Android, Windows Mobile, Symbian)

NB. funambol, lato server, utilizza tomcat il quale di default è configurato per utilizzare la porta 8009, esattamente
come OX…. la scelta è stata quella di modificare la porta di default di tomcat nel modo seguente:

cat /opt/Funambol/tools/tomcat/conf/server.xml

<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- >Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />

Per il momento (20/09/2011) ho testato Android e Windows Mobile con successo utilizzando le seguenti versioni di
funambol e del modulo ox per funambol:
– funambol server versione 10.0.0
– ox per funambol versione 9.0.2

scaricare i relativi moduli:

cd /tmp
wget http://downloads.sourceforge.net/project/funambol/bundle/v10/funambol-10...
wget http://m2.funambol.org/repositories/artifacts/funambol/ox-module/9.0.2/o...

rendere eseguibile funambol e procedere con l’installazione confermando tutti i parametri
di default:

chmod +x funambol-10.0.0.bin
./funambol-10.0.0.bin

procedere con l’installazione del modulo ox per funambol

unzip ox-module-9.0.2.zip
cp Funambol/ox-connector/ox-connector-9.0.2.s4j /opt/Funambol/ds-server/modules/
cd Funambol/ox-listener
unzip funambol-ox-listener-9.0.2.zip
cp -r Funambol/* /opt/Funambol/

modificare il file /opt/Funambol/ds-server/install.properties aggiungendo al parametro
‘modules-to-install’ il modulo ‘ox-connector-9.0.2’ e procedere con l’installazione
di tutti i moduli

#
# Modules definitions
#
modules-to-install=content-provider-10.0.0,email-connector-10.0.0,
foundation-10.0.0,phones-support-10.0.0,webdemo-10.0.0,ox-connector-9.0.2

cd /opt/Funambol
./bin/install-modules

NB. perché l’installazione vada a buon fine è necessario che il servizio funambol sia in
esecuzione.

cd /opt/Funambol
bin/funambol start

Procedere con la configurazione lato server nel modo seguente:

Passo 1
Modificare lo script oxlistener impostando la versione corretta di java utilizzata
dalla versione di funambol appena installata (es. 1.6.0)

/opt/Funambol/bin/ox-listener

# Setting the JAVA_HOME to the JRE in the bundle if not set or if not correctly set
unset JAVA_HOME
if [ -z "$JAVA_HOME" ]; then
    JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
else
    if [ ! -f "$JAVA_HOME/bin/java" ]; then
        JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
    fi
fi

e installare i moduli di Funambol

cd /opt/Funambol
./bin/install-modules

Passo 2
Modificare il parametro OXUrl nei seguenti file impostando l’indirizzo http del
server su cui è in esecuzione l’interfaccia di open-xchange (es. http://localhost:80)

/opt/Funambol/config/com/funambol/oxlistener/task/OXListenerTask.xml
/opt/Funambol/config/ox/ox/OXConnector.xml

Passo 3
Modificare il file /opt/Funambol/config/Funambol.xml e impostare il valore corretto
per il parametro “officer” (utilizzato da funambol per gestire l’autenticazione degli
utenti.

  com/funambol/server/security/OXOfficer.xml

Passo 4
Riavviare i servizi di funambol e il modulo ox-listener

/opt/Funambol/bin/funambol stop
/opt/Funambol/bin/funambol start
/opt/Funambol/bin/ox-listener start

Passo 5
Predisporre l’avvio automatico di funambol al riavvio del server

apt-get install less

creare il file /etc/init.d/funambol

#! /bin/bash
### BEGIN INIT INFO
# Provides:          funambol
# Required-Start:    $local_fs $remote_fs $network $syslog mysql
# Required-Stop:     $local_fs $remote_fs $network $syslog mysql
# Should-Start:      funambol
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start/stop funambol server
### END INIT INFO

FUNAMBOL_HOME="/opt/Funambol"
export FUNAMBOL_HOME
DS_SERVER_HOME=$FUNAMBOL_HOME/ds-server

if [ ! -d $FUNAMBOL_HOME/config ]; then
    #
    # maybe we are in Funambol/tool/bin
    #
    FUNAMBOL_HOME=$FUNAMBOL_HOME/..
    DS_SERVER_HOME=$FUNAMBOL_HOME/ds-server
fi

# Setting the JAVA_HOME to the JRE in the bundle if not set or if not correctly set
if [ -z "$JAVA_HOME" ]; then
    export JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
else
    if [ ! -f "$JAVA_HOME/bin/java" ]; then
        export JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
    fi
fi

if [ -z "$JAVA_HOME" ]; then
  echo "Please, set JAVA_HOME before running this script."
  exit 1
fi

if [ ! -f "$JAVA_HOME/bin/java" ]
then
    echo "Please set JAVA_HOME to the path of a valid jre."
    exit;
fi

export J2EE_HOME=${FUNAMBOL_HOME}/tools/tomcat
export CATALINA_HOME=${FUNAMBOL_HOME}/tools/tomcat

cd ${FUNAMBOL_HOME}

export LANG=en_US.utf-8

cd ${J2EE_HOME}/bin

COMED=true

case "$1" in
start)

    if [ "$COMED" = "true" ] ; then
        #
        # Run Hypersonic
        #
        $FUNAMBOL_HOME/bin/hypersonic start > /dev/null
    fi

    #
    # Run CTP Server
    #
    $FUNAMBOL_HOME/bin/ctp-server start > /dev/null

    #
    # Run DS Server
    #
    $FUNAMBOL_HOME/bin/funambol-server start > /dev/null

    #
    # Run Inbox Listener
    #
    $FUNAMBOL_HOME/bin/inbox-listener start > /dev/null

    #
    # Run Pim Listener
    #
    $FUNAMBOL_HOME/bin/pim-listener start > /dev/null
    ;;
stop)
    #
    # Shutdown Inbox Listener
    #
    $FUNAMBOL_HOME/bin/inbox-listener stop > /dev/null

    #
    # Shutdown Pim Listener
    #
    $FUNAMBOL_HOME/bin/pim-listener stop > /dev/null

    #
    # Shutdown Tomcat
    #
    $FUNAMBOL_HOME/bin/funambol-server stop > /dev/null

    #
    # Shutdown CTP Server
    #
    $FUNAMBOL_HOME/bin/ctp-server stop > /dev/null

    if [ "$COMED" = "true" ] ; then
        #
        # Shutdown Hypersonic
        #
        $FUNAMBOL_HOME/bin/hypersonic stop > /dev/null
    fi
    ;;
license)
    /usr/bin/less "${FUNAMBOL_HOME}/LICENSE.txt"
    ;;
*)
    echo "usage: $0 [start|stop|license]"
    ;;
esac
exit 0

e aggiungerlo ai processi di avvio del sistema.

Nota interessante relativa a funambol

Important notice
One of the most efficient labor-saving aspect of the Funambol Server is that Administrators and IT
staff do not need to manually add new user records (as described in this chapter), as new Funambol
users can auto-load their accounts (including device record) when they initially connect to the Data
Synchronization Service; this feature is referred to as “self-provisioning”. If you are anticipating
thousands of users, this is a tremendous benefit.
How does this work?
Each user initially prepares their mobile devices for a “sync” by entering a username and password of
their choice, along with the Funambol server URL. During the resulting connection attempt, this
information triggers the Data Synchronization Service to:
• Auto-generate a new user record (applying their user name and password).
• Add a new device record.
• Link user and device automatically in a new principal record.
A synchronization then starts. This auto-loading process is particularly useful if you have a large
number of potential users.

Questo significa che NON devono essere creati manualmente gli utenti funambol e che NON
dovrebbe rendersi necessaria l’interfaccia grafica di amministrazione di funambol server.

Funambol lato client
Esistono svariati client funambol per i vari dispositivi https://www.forge.funambol.org/download/#phone

La configurazione dei vari client dovrà essere la seguente:

server url=http://indirizzoserverfunambol:8080/funambol/ds
username=utente open-xchange
password=password utente open-xchange

nelle impostazioni avanzata è necessario impostare il nome dei campi relativi ai contatti
e al calendario:
Contacts Remote Name=oxcard
Calendar Remote Name=oxevent

L’interfaccia di amministrazione deve essere installata su di un pc provvisto di xserver e
della java virtual machine.

http://downloads.sourceforge.net/project/funambol/admin-tool/v10/funambo...


tar -xzvf funambol-admin-10.0.0.tgz

Funambol/admin/bin/funamboladmin

Modificare la password dell'utente admin (presente nell'elenco degli utenti funambol).

Link utili per l’installazione di funambol

https://sourceforge.net/projects/funambol/repositories/artifacts/funambol/ox-module/9.0.2/
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Funambol_7.0
https://core.forge.funambol.org/ds/viewMessage.do?dsForumId=405&dsMessag...
https://www.forge.funambol.org/download/#start

Alternativa a funambol
L’alternativa a funambol e alla parte commerciale di open-xchange è quella di utilizzare la parte “social” di open-xchange (es. GoogleCalendar e GoogleMail)

Alla data in cui scrivo questa nota (22/09/2011) ci sono alcune limitazioni:
– la sincronizzazione sia del calendario che della rubrica avviene in un solo verso,
da Google verso open-xchange e NON viceversa
– la rubrica di GMail è, almeno nel mio caso, incasinata/confusa in quanto viene
costruita al volo durante il normale utilizzo di GMail e di conseguenza NON è una
buona idea sincronizzarla con la mia rubrica interna.

Configurazione delle rubriche LDAP pubbliche
Verifico il numero del content utilizzato dagli utenti

/opt/open-xchange/sbin/listcontext

creo una cartella per lo specifico content

mkdir /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT

creo un file nella nuova cartella

touch /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT/Utenti.properties

con il seguente contenuto

# A property file for the context with id 1

# Specify the uri of the LDAP server here e.g. ldap://localhost
com.openexchange.contacts.ldap.context1.Utenti.uri=ldap://IP_DEL_SERVER_LDAP

# Specify the baseDN where the users reside here
com.openexchange.contacts.ldap.context1.Utenti.baseDN_users=cn=Users,DC=dominio,DC=locale

# Specify the bindDN here (optional)
com.openexchange.contacts.ldap.context1.Utenti.AdminDN=cn=ADlinux,cn=users,DC=dominio,DC=locale

# Specify the bindPW here (optional)
com.openexchange.contacts.ldap.context1.Utenti.AdminBindPW=PASSWORD

# Specify the search base here (sub, base, one)
com.openexchange.contacts.ldap.context1.Utenti.searchScope=one

# Specify the type of authentication here. Possible values are "anonymous", "AdminDN" or "user"
com.openexchange.contacts.ldap.context1.Utenti.authtype=AdminDN

# Specify if server-side sorting should be used or if the data should be sorted in the groupware.
# Possible values are "server", "groupware"
com.openexchange.contacts.ldap.context1.Utenti.sorting=groupware

# Set the login source if user auth is enabled; meaning which source is taken
# to determine a users login for LDAP. If 'login' is set, then user's individual
# mail login as defined in user storage is taken. If 'mail' is set, then user's
# individual primary email address is taken. If 'name' is set, then user's
# individual system's user name is taken.
# Possible values are: login, mail, and name
com.openexchange.contacts.ldap.context1.Utenti.userLoginSource=name

# Specify the user search filter here (optional). This is the first part which can be chose freely
com.openexchange.contacts.ldap.context1.Utenti.userSearchFilter=(objectclass=user)

# Specify the user search scope here (optional). Possible value are sub, base and one. If this
# value is left empty the default searchScope will be used
com.openexchange.contacts.ldap.context1.Utenti.userSearchScope=one

# Specify the user search attribute here (optional). This value specifies which attribute contains the
# loginname which is used for the groupware
com.openexchange.contacts.ldap.context1.Utenti.userSearchAttribute=name

# Specify the baseDN for the user search here (optional). If this value is left empty the global baseDN
# will be used
com.openexchange.contacts.ldap.context1.Utenti.userSearchBaseDN=

# Specify the user auth type here (optional). Possible values are "anonymous" or "AdminDN"
com.openexchange.contacts.ldap.context1.Utenti.userAuthType=

# Specify the user AdminDN here (optional). If this value is left empty the global AdminDN will be used
com.openexchange.contacts.ldap.context1.Utenti.userAdminDN=

# Specify the user AdminBindDN here (optional). If this value is left empty the global AdminBindPW will be used
com.openexchange.contacts.ldap.context1.Utenti.userAdminBindPW=

# Specify if the value given for uniqueid is a unique long value in LDAP and can be used for
# identifying (setting "false"), or if it's a string value then memorymapping must be enabled
# to generate the longs (setting "true")
# Possible values are "true", "false"
com.openexchange.contacts.ldap.context1.Utenti.memorymapping=true

# Specify the pagesize for paged results here. e.g. active directory only allows a max page size
# of 1000
# Setting this value to 0 disables paged results
com.openexchange.contacts.ldap.context1.Utenti.pagesize=0

# This properties defines which file contains the mapping for the attributes
com.openexchange.contacts.ldap.context1.Utenti.mappingfile=mapping.ads.properties

# Specify the foldername for the global ldap folder here
com.openexchange.contacts.ldap.context1.Utenti.foldername=Elenco - Utenti

# Specify the searchfilter for the global ldap folder here
com.openexchange.contacts.ldap.context1.Utenti.searchfilter=(objectclass=user)

# Specify what types of contacts should be displayed. Maybe "users", "distributionlists", or "both"
com.openexchange.contacts.ldap.context1.Utenti.contactTypes=users

# Specify the searchfilter for distributionlists of the global ldap folder here. This value is optional and might
# be specified if the search filter is different from the normal searchfilter. So if this value is empty the default
# searchfilter will be used.
com.openexchange.contacts.ldap.context1.Utenti.searchfilter_distributionlist=

# Specify the search base for distributionlists here (sub, base, one). This should only be specified if this
# is different from the searchScope parameter.
com.openexchange.contacts.ldap.context1.Utenti.searchScope_distributionlist=

# Specify the baseDN for distributionlists of the global ldap folder here. This value is optional and might
# be specified if this baseDN is different from the normal baseDN. So if this value is empty the default
# baseDN will be used
com.openexchange.contacts.ldap.context1.Utenti.baseDN_distributionlist=

# Specify whether Outlook offers support for this bundle. If this option is
# enabled the contents of the folder are displayed in Outlook, otherwise only
# the folder name is displayed in Outlook but not its contents. Note that even
# if you enable Outlook support, Outlook will not recognize the deletion of
# contacts in LDAP atm.
com.openexchange.contacts.ldap.context1.Utenti.outlook_support=false

# Specify if the support for detection of deleted object should be enabled for
# ADS, this is only used for the WebDAV interface used by Outlook.
# This feature uses a special information only available on Active Directory. Note
# that the deleted information is only available for the following lifetimes:
# 60 days for forests initially built using W2k and Server 2k3
# 180 days for forests that were initially built with Server 2k3 SP1
com.openexchange.contacts.ldap.context1.Utenti.ADS_deletion_support=false

# Specify if the ldap server contains referrals and and how to handle them.
# Available options are:
# standard: leaves the setting in the java standard
# follow: follows a referral
# ignore: ignores a referral
# See http://download.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html for a
# detailed description
com.openexchange.contacts.ldap.context1.Utenti.referrals=follow

# Specify the refresh interval for the cached contacts. If authtype is 
# "anonymous" or "AdminDN" the contacts are cached and refreshed in the
# background in the interval specified here (given in ms)
com.openexchange.contacts.ldap.context1.Utenti.refreshinterval=10000

# Specify the timeout of one connection in the pool here
com.openexchange.contacts.ldap.context1.Utenti.pooltimeout=

# Specify how aliases are dereferenced. This value influences the property
# "java.naming.ldap.derefAliases" of the underlying sun ldap implementation.
# The allowed values are: "always", "never", "finding" and "searching"
# Please see http://download.oracle.com/javase/jndi/tutorial/ldap/misc/aliases.html
# for details
com.openexchange.contacts.ldap.context1.Utenti.derefAliases=

creo un file nella nuova cartella

touch /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT/Gruppi.properties

con il seguente contenuto

# A property file for the context with id 1

# Specify the uri of the LDAP server here e.g. ldap://localhost
com.openexchange.contacts.ldap.context1.Gruppi.uri=ldap://IP_DEL_SERVER_LDAP

# Specify the baseDN where the users reside here
com.openexchange.contacts.ldap.context1.Gruppi.baseDN_users=OU=OU-GruppiPubblici,DC=dominio,DC=locale

# Specify the bindDN here (optional)
com.openexchange.contacts.ldap.context1.Gruppi.AdminDN=cn=ADlinux,cn=users,DC=dominio,DC=locale

# Specify the bindPW here (optional)
com.openexchange.contacts.ldap.context1.Gruppi.AdminBindPW=PASSWORD

# Specify the search base here (sub, base, one)
com.openexchange.contacts.ldap.context1.Gruppi.searchScope=one

# Specify the type of authentication here. Possible values are "anonymous", "AdminDN" or "user"
com.openexchange.contacts.ldap.context1.Gruppi.authtype=AdminDN

# Specify if server-side sorting should be used or if the data should be sorted in the groupware.
# Possible values are "server", "groupware"
com.openexchange.contacts.ldap.context1.Gruppi.sorting=groupware

# Set the login source if user auth is enabled; meaning which source is taken
# to determine a users login for LDAP. If 'login' is set, then user's individual
# mail login as defined in user storage is taken. If 'mail' is set, then user's
# individual primary email address is taken. If 'name' is set, then user's
# individual system's user name is taken.
# Possible values are: login, mail, and name
com.openexchange.contacts.ldap.context1.Gruppi.userLoginSource=name

# Specify the user search filter here (optional). This is the first part which can be chose freely
com.openexchange.contacts.ldap.context1.Gruppi.userSearchFilter=

# Specify the user search scope here (optional). Possible value are sub, base and one. If this
# value is left empty the default searchScope will be used
com.openexchange.contacts.ldap.context1.Gruppi.userSearchScope=

# Specify the user search attribute here (optional). This value specifies which attribute contains the
# loginname which is used for the groupware
com.openexchange.contacts.ldap.context1.Gruppi.userSearchAttribute=name

# Specify the baseDN for the user search here (optional). If this value is left empty the global baseDN
# will be used
com.openexchange.contacts.ldap.context1.Gruppi.userSearchBaseDN=

# Specify the user auth type here (optional). Possible values are "anonymous" or "AdminDN"
com.openexchange.contacts.ldap.context1.Gruppi.userAuthType=

# Specify the user AdminDN here (optional). If this value is left empty the global AdminDN will be used
com.openexchange.contacts.ldap.context1.Gruppi.userAdminDN=

# Specify the user AdminBindDN here (optional). If this value is left empty the global AdminBindPW will be used
com.openexchange.contacts.ldap.context1.Gruppi.userAdminBindPW=

# Specify if the value given for uniqueid is a unique long value in LDAP and can be used for
# identifying (setting "false"), or if it's a string value then memorymapping must be enabled
# to generate the longs (setting "true")
# Possible values are "true", "false"
com.openexchange.contacts.ldap.context1.Gruppi.memorymapping=true

# Specify the pagesize for paged results here. e.g. active directory only allows a max page size
# of 1000
# Setting this value to 0 disables paged results
com.openexchange.contacts.ldap.context1.Gruppi.pagesize=0

# This properties defines which file contains the mapping for the attributes
com.openexchange.contacts.ldap.context1.Gruppi.mappingfile=mapping.ads.properties

# Specify the foldername for the global ldap folder here
com.openexchange.contacts.ldap.context1.Gruppi.foldername=Elenco - Gruppi

# Specify the searchfilter for the global ldap folder here
com.openexchange.contacts.ldap.context1.Gruppi.searchfilter=(objectclass=group)

# Specify what types of contacts should be displayed. Maybe "users", "distributionlists", or "both"
com.openexchange.contacts.ldap.context1.Gruppi.contactTypes=distributionlists

# Specify the searchfilter for distributionlists of the global ldap folder here. This value is optional and might
# be specified if the search filter is different from the normal searchfilter. So if this value is empty the default
# searchfilter will be used.
com.openexchange.contacts.ldap.context1.Gruppi.searchfilter_distributionlist=

# Specify the search base for distributionlists here (sub, base, one). This should only be specified if this
# is different from the searchScope parameter.
com.openexchange.contacts.ldap.context1.Gruppi.searchScope_distributionlist=

# Specify the baseDN for distributionlists of the global ldap folder here. This value is optional and might
# be specified if this baseDN is different from the normal baseDN. So if this value is empty the default
# baseDN will be used
com.openexchange.contacts.ldap.context1.Gruppi.baseDN_distributionlist=

# Specify whether Outlook offers support for this bundle. If this option is
# enabled the contents of the folder are displayed in Outlook, otherwise only
# the folder name is displayed in Outlook but not its contents. Note that even
# if you enable Outlook support, Outlook will not recognize the deletion of
# contacts in LDAP atm.
com.openexchange.contacts.ldap.context1.Gruppi.outlook_support=false

# Specify if the support for detection of deleted object should be enabled for
# ADS, this is only used for the WebDAV interface used by Outlook.
# This feature uses a special information only available on Active Directory. Note
# that the deleted information is only available for the following lifetimes:
# 60 days for forests initially built using W2k and Server 2k3
# 180 days for forests that were initially built with Server 2k3 SP1
com.openexchange.contacts.ldap.context1.Gruppi.ADS_deletion_support=false

# Specify if the ldap server contains referrals and and how to handle them.
# Available options are:
# standard: leaves the setting in the java standard
# follow: follows a referral
# ignore: ignores a referral
# See http://download.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html for a
# detailed description
com.openexchange.contacts.ldap.context1.Gruppi.referrals=follow

# Specify the refresh interval for the cached contacts. If authtype is 
# "anonymous" or "AdminDN" the contacts are cached and refreshed in the
# background in the interval specified here (given in ms)
com.openexchange.contacts.ldap.context1.Gruppi.refreshinterval=10000

# Specify the timeout of one connection in the pool here
com.openexchange.contacts.ldap.context1.Gruppi.pooltimeout=

# Specify how aliases are dereferenced. This value influences the property
# "java.naming.ldap.derefAliases" of the underlying sun ldap implementation.
# The allowed values are: "always", "never", "finding" and "searching"
# Please see http://download.oracle.com/javase/jndi/tutorial/ldap/misc/aliases.html
# for details
com.openexchange.contacts.ldap.context1.Gruppi.derefAliases=

NB. evitare di utilizzare ldaps come protocollo per accedere all’enenco dei
contatti… in caso contrario la visualizzazione dell’elenco effettuata direttamente
dalla cartella contatti sarà lentissima (60 contatti visualizzati in 5/6 secondi !!).

modifico i permessi e l’owner dei file appena creati

chown root:open-xchange /opt/open-xchange/etc/groupware/contacts-ldap/ID_CONTESTO -R
chmod 740 /opt/open-xchange/etc/groupware/contacts-ldap/ID_CONTESTO -R

preparare il file per gestire il mapping dei campi tra open-xchange e AD

cd /opt/open-xchange/etc/groupware/contacts-ldap
cp mapping.ads.properties.example mapping.ads.properties -p

e riavvio il servizio open-xchange-groupware

/etc/init.d/open-xchange-groupware restart

Verifica dei “bundle” installati

/opt/open-xchange/sbin/listbundles

Interfaccia WEB per l’amministrazione di contesti/utenti/permessi
Fare riferimento a questo link per la versione ufficiale https://oxgui.wordpress.com/2009/10/11/peters-ox-admin-gui-0-1-4-en/

Installation:

wget http://oxgui.sciencesoft.at/psoxgui.0.1.15.tar.gz
tar -C / -xvzf psoxgui.0.1.15.tar.gz
chown -R open-xchange:open-xchange /opt/open-xchange/etc/psoxgui

Add following line
defaultOXguiLang = en_EN to the config file
/opt/open-xchange/etc/psoxgui/psoxgui.properties
to set the default GUI language.

stop OX
/etc/init.d/open-xchange-groupware stop
/etc/init.d/open-xchange-admin stop
restart OX /etc/init.d/open-xchange-groupware start
/etc/init.d/open-xchange-admin start

Wait some seconds until all components are running…
/opt/open-xchange/sbin/listbundles
Following output should be displayed:

bundlename: org.eclipse.osgi status: ACTIVE bundlename: at.sciencesoft.oxadmingui status: ACTIVE
bundlename: com.openexchange.authentication.database status: ACTIVE

The entry RESOLVED instead of ACTIV indicates a Java library dependency problem. Following command shows the Java dependency which prevents the loading of the bundle. tail -f -n200 /var/log/open-xchange/open-xchange.log.0

Questo è link per accedere all’interfaccia web di amministrazione:
http://nomeserveropen-xchange/servlet/webserver/index.html

E questo è il file di configurazione:

# cat /opt/open-xchange/etc/psoxgui/psoxgui.properties

# default OX GUI language
#defaultOXguiLang = en_EN
defaultOXguiLang = it_IT

# default user language
#defaultLang= de_DE
defaultLang= it_IT
defaultIMAPserver=IP_DEL_SERVER_IMAP_DI_DEFAULT
defaultSMTPserver=IP_DEL_SERVER_SMPT_DI_DEFAULT
defaultTimezone=Europe/Rome

rmiHost=rmi://localhost:1099/
urlBase=/servlet/webserver/
servletMappingBase=/webserver/

accessCombination=all,groupware_premium,pim_plus,webmail_plus
supportedOXLang=it_IT|Italiano,en_US|English,de_DE|Deutsch,fr_FR|Fran\u00E7ais,es_ES|Espa\u00F1ol
etcDir=/opt/open-xchange/etc/psoxgui

# Use this property to restrict the GUI access to certain IP adresses, separated
# by a comma. The programm matches partial and entirety IP adresses:
# e.g. 192.168,194.232.104.22
IPaccessFilter=IP_DELLE_SOLE_MACCHINE_AMMINISTRATIVE

# ‘true’ enables the Context Admin Login
CTXamdinLogin=false

# minimum required user password length
minPasswordLen = 5

# ‘true’ disables deleting an existing OX context
disableContextDelete=true

# Set local according
# http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt
# for sorting fields
# If this parameter is missing, the defaultOXguiLang will be used.
local=it

# This paramter determines which user information will be used in the group menu
# 0 (default) display name
# 1 user/login name
# 2 email
#showUserInGroup=2

# If this limit is exeeded, the user menu starts with the ‘only search’ option.
# No user will be displayed until a search provides a result
# The option ‘only search’ can be deactivated
#displayUserLimit=100

# Live time of cached user data in seconds
# 0 disables this cache
userCacheLiveTime=300

WordPress Appliance - Powered by TurnKey Linux