Note tecniche relative all’installazione del server open-xchange.
Link utili:
http://oxpedia.org/wiki/index.php?title=Open-Xchange_Plugin_Overview <– elenco plugin
http://software.open-xchange.com/OX6/doc/ <– elenco documentazione e rilasci varie patch
E’ stata utilizzata la distribuzione Debian Squeeze.
cat /etc/apt/sources.list # repository standard deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free # security updates deb http://security.debian.org/ squeeze/updates main contrib # repository per open-xchange STABLE #deb http://software.open-xchange.com/OX6/stable/DebianSqueeze/ / # repository con ultimi aggiornamenti disponibili aggiornati con le patch deb http://software.open-xchange.com/OX6/snapshot/DebianSqueeze/ / # utilizzando il repository snapshot è buona cosa aggiornare i pacchetti nel modo seguente: # aptitude clean && aptitude update && aptitude -y upgrade # dpkg --get-selections | grep open-xchange | cut -f 1 | xargs aptitude reinstall # aptitude clean
importiamo la chiave pubblica per i pacchetti di openexchange
wget http://software.open-xchange.com/oxbuildkey.pub apt-key add - < oxbuildkey.pub apt-get update
Installazione pacchetti base:
apt-get install mysql-server
NB. NON impostare la password di accesso per l’utente root in fase di installazione
dei pacchetti di open-xchange. Impostare la password di mysql solo a lavori conclusi.
apt-get install apache2 apt-get install libapache2-mod-proxy-html apt-get install sun-java6-jre apt-get install open-xchange-meta-singleserver apt-get install open-xchange-mailfilter apt-get install open-xchange-syncml <---- da verificare se serve effettivamente !!! echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc
Installazione della lingua italiana
apt-get install open-xchange-lang-it-it apt-get install open-xchange-gui-lang-it-it
NB. nel caso in cui la lingua italiana NON risultasse disponibile nell’elenco
delle lingue selezionabili in “Configuration/Options/Languages and region” rimuovere
i pacchetti relativi alle lingue e verificare di utilizzare il repository
http://software.open-xchange.com/OX6/stable/DebianSqueeze/
installare alcuni altri pacchetti utili per l’interfaccia amministrativa
(quella disponibile in Configurazione/Amministrazione)
apt-get install open-xchange-resource-managerequest apt-get install open-xchange-group-managerequest
installare e configurare il plugin per l’interrogazioni di rubriche LDAP esterne
apt-get install open-xchange-contacts-ldap
inizializziamo il db
/opt/open-xchange/sbin/initconfigdb --configdb-pass=PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE -a
procedo con l’installazione di openexchange
/opt/open-xchange/sbin/oxinstaller --no-license \ --servername=srvopenexchange --configdb-pass=PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE \ --master-pass=PASSWORD_PER_UTENTE_OXADMINMASTER --ajp-bind-port=localhost
avvio il servizio open-xchange-admin e registro il servizio nel database di mysql
/etc/init.d/open-xchange-admin restart /opt/open-xchange/sbin/registerserver -n srvopenexchange -A oxadminmaster \ -P PASSWORD_PER_UTENTE_OXADMINMASTER
creo il filestore, assegno i relativi permessi e lo registro nel database di mysql
mkdir /filestore chown open-xchange:open-xchange /filestore /opt/open-xchange/sbin/registerfilestore -A oxadminmaster \ -P PASSWORD_PER_UTENTE_OXADMINMASTER \ -t file:/filestore -s 1000000
Note: You might want to adapt the value provided with -s, the “The maximum size of the filestore in MB”, see registerfilestore –help.
e per finire registro il database groupware nel database di mysql
/opt/open-xchange/sbin/registerdatabase -A oxadminmaster \ -P PASSWORD_PER_UTENTE_OXADMINMASTER \ -n oxdatabase -p PASSWORD_PER_UTENTE_MYSQL_OPENEXCHANGE -m true
abilito alcuni moduli aggiuntivi:
# a2enmod proxy proxy_ajp proxy_balancer expires deflate headers rewrite
cat /etc/apache2/conf.d/proxy_ajp.conf
<Location /servlet/axis2/services>
# restrict access to the soap provisioning API
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# you might add more ip addresses / networks here
Allow from 192.168 10 172.16
</Location>
<IfModule mod_proxy_ajp.c>
ProxyRequests Off
<Proxy balancer://oxcluster>
Order deny,allow
Allow from all
# multiple server setups need to have the hostname inserted instead localhost
BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
# Enable and maybe add additional hosts running OX here
# BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
ProxySet stickysession=JSESSIONID
</Proxy>
<Proxy /ajax>
ProxyPass balancer://oxcluster/ajax
</Proxy>
<Proxy /servlet>
ProxyPass balancer://oxcluster/servlet
</Proxy>
<Proxy /infostore>
ProxyPass balancer://oxcluster/infostore
</Proxy>
<Proxy /publications>
ProxyPass balancer://oxcluster/publications
</Proxy>
<Proxy /Microsoft-Server-ActiveSync>
ProxyPass balancer://oxcluster/Microsoft-Server-ActiveSync
</Proxy>
<Proxy /usm-json>
ProxyPass balancer://oxcluster/usm-json
</Proxy>
</IfModule>
cat /etc/apache2/sites-enabled/000-default
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory /var/www/>
AllowOverride None
Order allow,deny
allow from all
RedirectMatch ^/$ /ox6/
Options +FollowSymLinks +SymLinksIfOwnerMatch
</Directory>
# deflate
AddOutputFilterByType DEFLATE text/html text/plain text/javascript application/javascript text/css text/xml application/xml text/x-js application/x-javascript
# pre-compressed files
AddType text/javascript .jsz
AddType text/css .cssz
AddType text/xml .xmlz
AddType text/plain .po
AddEncoding gzip .jsz .cssz .xmlz
SetEnvIf Request_URI "\.(jsz|cssz|xmlz)$" no-gzip
ExpiresActive On
<Location /ox6>
# Expires (via ExpiresByType to override global settings)
ExpiresByType image/gif "access plus 6 months"
ExpiresByType image/png "access plus 6 months"
ExpiresByType image/jpg "access plus 6 months"
ExpiresByType image/jpeg "access plus 6 months"
ExpiresByType text/css "access plus 6 months"
ExpiresByType text/html "access plus 6 months"
ExpiresByType text/xml "access plus 6 months"
ExpiresByType text/javascript "access plus 6 months"
ExpiresByType text/x-js "access plus 6 months"
ExpiresByType application/x-javascript "access plus 6 months"
ExpiresDefault "access plus 6 months"
Header append Cache-Control "private"
Header unset Last-Modified
Header unset Vary
# Strip version
RewriteEngine On
RewriteRule v=\w+/(.+) $1 [L]
# Turn off ETag
Header unset ETag
FileETag None
</Location>
<Location /ox6/ox.html>
ExpiresByType text/html "now"
ExpiresDefault "now"
Header unset Last-Modified
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
# Turn off ETag
Header unset ETag
FileETag None
</Location>
<Location /ox6/index.html>
ExpiresByType text/html "now"
ExpiresDefault "now"
Header unset Last-Modified
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
# Turn off ETag
Header unset ETag
FileETag None
</Location>
</VirtualHost>
riavvio apache e il server di groupware
/etc/init.d/apache2 restart /etc/init.d/open-xchange-groupware start
per comodità disabilito la password per la creazione dei contesti, utenti e gruppi
#/opt/open-xchange/etc/admindaemon/AdminDaemon.properties # Disabling authentication for system calls like context/server etc. creation! # ONLY USE THIS SWITCH IF YOU EXACTLY KNOW WHAT YOU DO!!! MASTER_AUTHENTICATION_DISABLED=true # Disabling authentication for context calls like user/group etc. creation! # This also disables authentication for calls which a "normal" user can make # like change his own data or get his own data! # ONLY USE THIS SWITCH IF YOU EXACTLY KNOW WHAT YOU DO!!! CONTEXT_AUTHENTICATION_DISABLED=true
e riavvio il demone amministrativo
/etc/init.d/open-xchange-admin restart
creo un contesto e un utente di prova
/opt/open-xchange/sbin/createcontext -c 1 \ -u oxadmin -d "Context Admin" -g Admin -s User \ -p PASSWORD_PER_UTENTE_OXADMIN -L defaultcontext \ -e oxadmin@MIODOMINIO -q 1024 \ -l it_IT \ -t Europe/Rome \ --access-calendar on \ --access-contacts on \ --access-delegate-tasks on \ --access-edit-public-folder on \ --access-forum off \ --access-ical on \ --access-infostore on \ --access-pinboard-write on \ --access-projects on \ --access-read-create-shared-Folders on \ --access-rss-bookmarks on \ --access-rss-portal on \ --access-syncml off \ --access-tasks on \ --access-vcard on \ --access-webdav on \ --access-webdav-xml on \ --access-webmail on \ --access-edit-group on \ --access-edit-resource on \ --access-edit-password off \ --access-collect-email-addresses off \ --access-multiple-mail-accounts off \ --access-subscription off \ --access-publication off \ --access-active-sync off \ --access-usm off \ --access-olox20 off \ --access-global-address-book-disabled off \ --access-public-folder-editable on /opt/open-xchange/sbin/createuser -c 1 -A oxadmin \ -P PASSWORD_PER_UTENTE_OXADMINMASTER \ -u utentXX -d "Nome e Cognome" -g Nome -s Cognome \ -p PASSWORD_UTENTE -e indirizzodiposta@MIODOMINIO \ --imaplogin UTENTEIMAP --imapserver IP_SERVER_IMAP --smtpserver IP_SERVER_SMTP
ottimizzare le impostazioni di mysql
wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl/mysqltuner.pl chmod +x mysqltuner.pl ./mysqltuner.pl
sostituisco il metodo di autenticazione standard con quello IMAP
apt-get install open-xchange-authentication-imap
e modifico opportunamento il file /opt/open-xchange/etc/groupware/imapauth.properties
# imap server ip or fqdn IMAP_SERVER=IP_DEL_SERVER_IMAP # port on which the imap server is listening IMAP_PORT=143 # set to true if connecting via imaps:// IMAP_USE_SECURE=false # Socket I/O timeout value in milliseconds IMAP_TIMEOUT=5000 # Socket connection timeout value in milliseconds IMAP_CONNECTIONTIMEOUT=5000 ############################################## # Set to true to auth with "user@domain" instead of just "user" against imap server. # If true the "domain" part will be used as the context name of the ox system. # so add "domain" as a login mapping to be able to login. # If false, the plugin react as only 1 context exists in the ox system, # and this context has the mapping "defaultcontext" added. USE_FULL_LOGIN_INFO=false
Sincronizzazione dei contatti e del calendario tra open-xchange e Parlmari
(Android, Windows Mobile, Symbian)
NB. funambol, lato server, utilizza tomcat il quale di default è configurato per utilizzare la porta 8009, esattamente
come OX…. la scelta è stata quella di modificare la porta di default di tomcat nel modo seguente:
cat /opt/Funambol/tools/tomcat/conf/server.xml <!-- Define an AJP 1.3 Connector on port 8009 --> <!-- >Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> --> <Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />
Per il momento (20/09/2011) ho testato Android e Windows Mobile con successo utilizzando le seguenti versioni di
funambol e del modulo ox per funambol:
– funambol server versione 10.0.0
– ox per funambol versione 9.0.2
scaricare i relativi moduli:
cd /tmp wget http://downloads.sourceforge.net/project/funambol/bundle/v10/funambol-10... wget http://m2.funambol.org/repositories/artifacts/funambol/ox-module/9.0.2/o...
rendere eseguibile funambol e procedere con l’installazione confermando tutti i parametri
di default:
chmod +x funambol-10.0.0.bin ./funambol-10.0.0.bin
procedere con l’installazione del modulo ox per funambol
unzip ox-module-9.0.2.zip cp Funambol/ox-connector/ox-connector-9.0.2.s4j /opt/Funambol/ds-server/modules/ cd Funambol/ox-listener unzip funambol-ox-listener-9.0.2.zip cp -r Funambol/* /opt/Funambol/
modificare il file /opt/Funambol/ds-server/install.properties aggiungendo al parametro
‘modules-to-install’ il modulo ‘ox-connector-9.0.2’ e procedere con l’installazione
di tutti i moduli
# # Modules definitions # modules-to-install=content-provider-10.0.0,email-connector-10.0.0, foundation-10.0.0,phones-support-10.0.0,webdemo-10.0.0,ox-connector-9.0.2 cd /opt/Funambol ./bin/install-modules
NB. perché l’installazione vada a buon fine è necessario che il servizio funambol sia in
esecuzione.
cd /opt/Funambol bin/funambol start
Procedere con la configurazione lato server nel modo seguente:
Passo 1
Modificare lo script oxlistener impostando la versione corretta di java utilizzata
dalla versione di funambol appena installata (es. 1.6.0)
/opt/Funambol/bin/ox-listener
# Setting the JAVA_HOME to the JRE in the bundle if not set or if not correctly set
unset JAVA_HOME
if [ -z "$JAVA_HOME" ]; then
JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
else
if [ ! -f "$JAVA_HOME/bin/java" ]; then
JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
fi
fi
e installare i moduli di Funambol
cd /opt/Funambol ./bin/install-modules
Passo 2
Modificare il parametro OXUrl nei seguenti file impostando l’indirizzo http del
server su cui è in esecuzione l’interfaccia di open-xchange (es. http://localhost:80)
/opt/Funambol/config/com/funambol/oxlistener/task/OXListenerTask.xml /opt/Funambol/config/ox/ox/OXConnector.xml
Passo 3
Modificare il file /opt/Funambol/config/Funambol.xml e impostare il valore corretto
per il parametro “officer” (utilizzato da funambol per gestire l’autenticazione degli
utenti.
com/funambol/server/security/OXOfficer.xml
Passo 4
Riavviare i servizi di funambol e il modulo ox-listener
/opt/Funambol/bin/funambol stop /opt/Funambol/bin/funambol start /opt/Funambol/bin/ox-listener start
Passo 5
Predisporre l’avvio automatico di funambol al riavvio del server
apt-get install less
creare il file /etc/init.d/funambol
#! /bin/bash
### BEGIN INIT INFO
# Provides: funambol
# Required-Start: $local_fs $remote_fs $network $syslog mysql
# Required-Stop: $local_fs $remote_fs $network $syslog mysql
# Should-Start: funambol
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop funambol server
### END INIT INFO
FUNAMBOL_HOME="/opt/Funambol"
export FUNAMBOL_HOME
DS_SERVER_HOME=$FUNAMBOL_HOME/ds-server
if [ ! -d $FUNAMBOL_HOME/config ]; then
#
# maybe we are in Funambol/tool/bin
#
FUNAMBOL_HOME=$FUNAMBOL_HOME/..
DS_SERVER_HOME=$FUNAMBOL_HOME/ds-server
fi
# Setting the JAVA_HOME to the JRE in the bundle if not set or if not correctly set
if [ -z "$JAVA_HOME" ]; then
export JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
else
if [ ! -f "$JAVA_HOME/bin/java" ]; then
export JAVA_HOME=$FUNAMBOL_HOME/tools/jre-1.6.0/jre
fi
fi
if [ -z "$JAVA_HOME" ]; then
echo "Please, set JAVA_HOME before running this script."
exit 1
fi
if [ ! -f "$JAVA_HOME/bin/java" ]
then
echo "Please set JAVA_HOME to the path of a valid jre."
exit;
fi
export J2EE_HOME=${FUNAMBOL_HOME}/tools/tomcat
export CATALINA_HOME=${FUNAMBOL_HOME}/tools/tomcat
cd ${FUNAMBOL_HOME}
export LANG=en_US.utf-8
cd ${J2EE_HOME}/bin
COMED=true
case "$1" in
start)
if [ "$COMED" = "true" ] ; then
#
# Run Hypersonic
#
$FUNAMBOL_HOME/bin/hypersonic start > /dev/null
fi
#
# Run CTP Server
#
$FUNAMBOL_HOME/bin/ctp-server start > /dev/null
#
# Run DS Server
#
$FUNAMBOL_HOME/bin/funambol-server start > /dev/null
#
# Run Inbox Listener
#
$FUNAMBOL_HOME/bin/inbox-listener start > /dev/null
#
# Run Pim Listener
#
$FUNAMBOL_HOME/bin/pim-listener start > /dev/null
;;
stop)
#
# Shutdown Inbox Listener
#
$FUNAMBOL_HOME/bin/inbox-listener stop > /dev/null
#
# Shutdown Pim Listener
#
$FUNAMBOL_HOME/bin/pim-listener stop > /dev/null
#
# Shutdown Tomcat
#
$FUNAMBOL_HOME/bin/funambol-server stop > /dev/null
#
# Shutdown CTP Server
#
$FUNAMBOL_HOME/bin/ctp-server stop > /dev/null
if [ "$COMED" = "true" ] ; then
#
# Shutdown Hypersonic
#
$FUNAMBOL_HOME/bin/hypersonic stop > /dev/null
fi
;;
license)
/usr/bin/less "${FUNAMBOL_HOME}/LICENSE.txt"
;;
*)
echo "usage: $0 [start|stop|license]"
;;
esac
exit 0
e aggiungerlo ai processi di avvio del sistema.
Nota interessante relativa a funambol
Important notice One of the most efficient labor-saving aspect of the Funambol Server is that Administrators and IT staff do not need to manually add new user records (as described in this chapter), as new Funambol users can auto-load their accounts (including device record) when they initially connect to the Data Synchronization Service; this feature is referred to as “self-provisioning”. If you are anticipating thousands of users, this is a tremendous benefit. How does this work? Each user initially prepares their mobile devices for a “sync” by entering a username and password of their choice, along with the Funambol server URL. During the resulting connection attempt, this information triggers the Data Synchronization Service to: • Auto-generate a new user record (applying their user name and password). • Add a new device record. • Link user and device automatically in a new principal record. A synchronization then starts. This auto-loading process is particularly useful if you have a large number of potential users.
Questo significa che NON devono essere creati manualmente gli utenti funambol e che NON
dovrebbe rendersi necessaria l’interfaccia grafica di amministrazione di funambol server.
Funambol lato client
Esistono svariati client funambol per i vari dispositivi https://www.forge.funambol.org/download/#phone
La configurazione dei vari client dovrà essere la seguente:
server url=http://indirizzoserverfunambol:8080/funambol/ds username=utente open-xchange password=password utente open-xchange nelle impostazioni avanzata è necessario impostare il nome dei campi relativi ai contatti e al calendario: Contacts Remote Name=oxcard Calendar Remote Name=oxevent
L’interfaccia di amministrazione deve essere installata su di un pc provvisto di xserver e
della java virtual machine.
http://downloads.sourceforge.net/project/funambol/admin-tool/v10/funambo... tar -xzvf funambol-admin-10.0.0.tgz Funambol/admin/bin/funamboladmin Modificare la password dell'utente admin (presente nell'elenco degli utenti funambol).
Link utili per l’installazione di funambol
https://sourceforge.net/projects/funambol/repositories/artifacts/funambol/ox-module/9.0.2/ http://oxpedia.org/wiki/index.php?title=Open-Xchange_Funambol_7.0 https://core.forge.funambol.org/ds/viewMessage.do?dsForumId=405&dsMessag... https://www.forge.funambol.org/download/#start
Alternativa a funambol
L’alternativa a funambol e alla parte commerciale di open-xchange è quella di utilizzare la parte “social” di open-xchange (es. GoogleCalendar e GoogleMail)
Alla data in cui scrivo questa nota (22/09/2011) ci sono alcune limitazioni:
– la sincronizzazione sia del calendario che della rubrica avviene in un solo verso,
da Google verso open-xchange e NON viceversa
– la rubrica di GMail è, almeno nel mio caso, incasinata/confusa in quanto viene
costruita al volo durante il normale utilizzo di GMail e di conseguenza NON è una
buona idea sincronizzarla con la mia rubrica interna.
Configurazione delle rubriche LDAP pubbliche
Verifico il numero del content utilizzato dagli utenti
/opt/open-xchange/sbin/listcontext
creo una cartella per lo specifico content
mkdir /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT
creo un file nella nuova cartella
touch /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT/Utenti.properties
con il seguente contenuto
# A property file for the context with id 1 # Specify the uri of the LDAP server here e.g. ldap://localhost com.openexchange.contacts.ldap.context1.Utenti.uri=ldap://IP_DEL_SERVER_LDAP # Specify the baseDN where the users reside here com.openexchange.contacts.ldap.context1.Utenti.baseDN_users=cn=Users,DC=dominio,DC=locale # Specify the bindDN here (optional) com.openexchange.contacts.ldap.context1.Utenti.AdminDN=cn=ADlinux,cn=users,DC=dominio,DC=locale # Specify the bindPW here (optional) com.openexchange.contacts.ldap.context1.Utenti.AdminBindPW=PASSWORD # Specify the search base here (sub, base, one) com.openexchange.contacts.ldap.context1.Utenti.searchScope=one # Specify the type of authentication here. Possible values are "anonymous", "AdminDN" or "user" com.openexchange.contacts.ldap.context1.Utenti.authtype=AdminDN # Specify if server-side sorting should be used or if the data should be sorted in the groupware. # Possible values are "server", "groupware" com.openexchange.contacts.ldap.context1.Utenti.sorting=groupware # Set the login source if user auth is enabled; meaning which source is taken # to determine a users login for LDAP. If 'login' is set, then user's individual # mail login as defined in user storage is taken. If 'mail' is set, then user's # individual primary email address is taken. If 'name' is set, then user's # individual system's user name is taken. # Possible values are: login, mail, and name com.openexchange.contacts.ldap.context1.Utenti.userLoginSource=name # Specify the user search filter here (optional). This is the first part which can be chose freely com.openexchange.contacts.ldap.context1.Utenti.userSearchFilter=(objectclass=user) # Specify the user search scope here (optional). Possible value are sub, base and one. If this # value is left empty the default searchScope will be used com.openexchange.contacts.ldap.context1.Utenti.userSearchScope=one # Specify the user search attribute here (optional). This value specifies which attribute contains the # loginname which is used for the groupware com.openexchange.contacts.ldap.context1.Utenti.userSearchAttribute=name # Specify the baseDN for the user search here (optional). If this value is left empty the global baseDN # will be used com.openexchange.contacts.ldap.context1.Utenti.userSearchBaseDN= # Specify the user auth type here (optional). Possible values are "anonymous" or "AdminDN" com.openexchange.contacts.ldap.context1.Utenti.userAuthType= # Specify the user AdminDN here (optional). If this value is left empty the global AdminDN will be used com.openexchange.contacts.ldap.context1.Utenti.userAdminDN= # Specify the user AdminBindDN here (optional). If this value is left empty the global AdminBindPW will be used com.openexchange.contacts.ldap.context1.Utenti.userAdminBindPW= # Specify if the value given for uniqueid is a unique long value in LDAP and can be used for # identifying (setting "false"), or if it's a string value then memorymapping must be enabled # to generate the longs (setting "true") # Possible values are "true", "false" com.openexchange.contacts.ldap.context1.Utenti.memorymapping=true # Specify the pagesize for paged results here. e.g. active directory only allows a max page size # of 1000 # Setting this value to 0 disables paged results com.openexchange.contacts.ldap.context1.Utenti.pagesize=0 # This properties defines which file contains the mapping for the attributes com.openexchange.contacts.ldap.context1.Utenti.mappingfile=mapping.ads.properties # Specify the foldername for the global ldap folder here com.openexchange.contacts.ldap.context1.Utenti.foldername=Elenco - Utenti # Specify the searchfilter for the global ldap folder here com.openexchange.contacts.ldap.context1.Utenti.searchfilter=(objectclass=user) # Specify what types of contacts should be displayed. Maybe "users", "distributionlists", or "both" com.openexchange.contacts.ldap.context1.Utenti.contactTypes=users # Specify the searchfilter for distributionlists of the global ldap folder here. This value is optional and might # be specified if the search filter is different from the normal searchfilter. So if this value is empty the default # searchfilter will be used. com.openexchange.contacts.ldap.context1.Utenti.searchfilter_distributionlist= # Specify the search base for distributionlists here (sub, base, one). This should only be specified if this # is different from the searchScope parameter. com.openexchange.contacts.ldap.context1.Utenti.searchScope_distributionlist= # Specify the baseDN for distributionlists of the global ldap folder here. This value is optional and might # be specified if this baseDN is different from the normal baseDN. So if this value is empty the default # baseDN will be used com.openexchange.contacts.ldap.context1.Utenti.baseDN_distributionlist= # Specify whether Outlook offers support for this bundle. If this option is # enabled the contents of the folder are displayed in Outlook, otherwise only # the folder name is displayed in Outlook but not its contents. Note that even # if you enable Outlook support, Outlook will not recognize the deletion of # contacts in LDAP atm. com.openexchange.contacts.ldap.context1.Utenti.outlook_support=false # Specify if the support for detection of deleted object should be enabled for # ADS, this is only used for the WebDAV interface used by Outlook. # This feature uses a special information only available on Active Directory. Note # that the deleted information is only available for the following lifetimes: # 60 days for forests initially built using W2k and Server 2k3 # 180 days for forests that were initially built with Server 2k3 SP1 com.openexchange.contacts.ldap.context1.Utenti.ADS_deletion_support=false # Specify if the ldap server contains referrals and and how to handle them. # Available options are: # standard: leaves the setting in the java standard # follow: follows a referral # ignore: ignores a referral # See http://download.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html for a # detailed description com.openexchange.contacts.ldap.context1.Utenti.referrals=follow # Specify the refresh interval for the cached contacts. If authtype is # "anonymous" or "AdminDN" the contacts are cached and refreshed in the # background in the interval specified here (given in ms) com.openexchange.contacts.ldap.context1.Utenti.refreshinterval=10000 # Specify the timeout of one connection in the pool here com.openexchange.contacts.ldap.context1.Utenti.pooltimeout= # Specify how aliases are dereferenced. This value influences the property # "java.naming.ldap.derefAliases" of the underlying sun ldap implementation. # The allowed values are: "always", "never", "finding" and "searching" # Please see http://download.oracle.com/javase/jndi/tutorial/ldap/misc/aliases.html # for details com.openexchange.contacts.ldap.context1.Utenti.derefAliases=
creo un file nella nuova cartella
touch /opt/open-xchange/etc/groupware/contacts-ldap/ID_DEL_MIO_CONTENT/Gruppi.properties
con il seguente contenuto
# A property file for the context with id 1 # Specify the uri of the LDAP server here e.g. ldap://localhost com.openexchange.contacts.ldap.context1.Gruppi.uri=ldap://IP_DEL_SERVER_LDAP # Specify the baseDN where the users reside here com.openexchange.contacts.ldap.context1.Gruppi.baseDN_users=OU=OU-GruppiPubblici,DC=dominio,DC=locale # Specify the bindDN here (optional) com.openexchange.contacts.ldap.context1.Gruppi.AdminDN=cn=ADlinux,cn=users,DC=dominio,DC=locale # Specify the bindPW here (optional) com.openexchange.contacts.ldap.context1.Gruppi.AdminBindPW=PASSWORD # Specify the search base here (sub, base, one) com.openexchange.contacts.ldap.context1.Gruppi.searchScope=one # Specify the type of authentication here. Possible values are "anonymous", "AdminDN" or "user" com.openexchange.contacts.ldap.context1.Gruppi.authtype=AdminDN # Specify if server-side sorting should be used or if the data should be sorted in the groupware. # Possible values are "server", "groupware" com.openexchange.contacts.ldap.context1.Gruppi.sorting=groupware # Set the login source if user auth is enabled; meaning which source is taken # to determine a users login for LDAP. If 'login' is set, then user's individual # mail login as defined in user storage is taken. If 'mail' is set, then user's # individual primary email address is taken. If 'name' is set, then user's # individual system's user name is taken. # Possible values are: login, mail, and name com.openexchange.contacts.ldap.context1.Gruppi.userLoginSource=name # Specify the user search filter here (optional). This is the first part which can be chose freely com.openexchange.contacts.ldap.context1.Gruppi.userSearchFilter= # Specify the user search scope here (optional). Possible value are sub, base and one. If this # value is left empty the default searchScope will be used com.openexchange.contacts.ldap.context1.Gruppi.userSearchScope= # Specify the user search attribute here (optional). This value specifies which attribute contains the # loginname which is used for the groupware com.openexchange.contacts.ldap.context1.Gruppi.userSearchAttribute=name # Specify the baseDN for the user search here (optional). If this value is left empty the global baseDN # will be used com.openexchange.contacts.ldap.context1.Gruppi.userSearchBaseDN= # Specify the user auth type here (optional). Possible values are "anonymous" or "AdminDN" com.openexchange.contacts.ldap.context1.Gruppi.userAuthType= # Specify the user AdminDN here (optional). If this value is left empty the global AdminDN will be used com.openexchange.contacts.ldap.context1.Gruppi.userAdminDN= # Specify the user AdminBindDN here (optional). If this value is left empty the global AdminBindPW will be used com.openexchange.contacts.ldap.context1.Gruppi.userAdminBindPW= # Specify if the value given for uniqueid is a unique long value in LDAP and can be used for # identifying (setting "false"), or if it's a string value then memorymapping must be enabled # to generate the longs (setting "true") # Possible values are "true", "false" com.openexchange.contacts.ldap.context1.Gruppi.memorymapping=true # Specify the pagesize for paged results here. e.g. active directory only allows a max page size # of 1000 # Setting this value to 0 disables paged results com.openexchange.contacts.ldap.context1.Gruppi.pagesize=0 # This properties defines which file contains the mapping for the attributes com.openexchange.contacts.ldap.context1.Gruppi.mappingfile=mapping.ads.properties # Specify the foldername for the global ldap folder here com.openexchange.contacts.ldap.context1.Gruppi.foldername=Elenco - Gruppi # Specify the searchfilter for the global ldap folder here com.openexchange.contacts.ldap.context1.Gruppi.searchfilter=(objectclass=group) # Specify what types of contacts should be displayed. Maybe "users", "distributionlists", or "both" com.openexchange.contacts.ldap.context1.Gruppi.contactTypes=distributionlists # Specify the searchfilter for distributionlists of the global ldap folder here. This value is optional and might # be specified if the search filter is different from the normal searchfilter. So if this value is empty the default # searchfilter will be used. com.openexchange.contacts.ldap.context1.Gruppi.searchfilter_distributionlist= # Specify the search base for distributionlists here (sub, base, one). This should only be specified if this # is different from the searchScope parameter. com.openexchange.contacts.ldap.context1.Gruppi.searchScope_distributionlist= # Specify the baseDN for distributionlists of the global ldap folder here. This value is optional and might # be specified if this baseDN is different from the normal baseDN. So if this value is empty the default # baseDN will be used com.openexchange.contacts.ldap.context1.Gruppi.baseDN_distributionlist= # Specify whether Outlook offers support for this bundle. If this option is # enabled the contents of the folder are displayed in Outlook, otherwise only # the folder name is displayed in Outlook but not its contents. Note that even # if you enable Outlook support, Outlook will not recognize the deletion of # contacts in LDAP atm. com.openexchange.contacts.ldap.context1.Gruppi.outlook_support=false # Specify if the support for detection of deleted object should be enabled for # ADS, this is only used for the WebDAV interface used by Outlook. # This feature uses a special information only available on Active Directory. Note # that the deleted information is only available for the following lifetimes: # 60 days for forests initially built using W2k and Server 2k3 # 180 days for forests that were initially built with Server 2k3 SP1 com.openexchange.contacts.ldap.context1.Gruppi.ADS_deletion_support=false # Specify if the ldap server contains referrals and and how to handle them. # Available options are: # standard: leaves the setting in the java standard # follow: follows a referral # ignore: ignores a referral # See http://download.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html for a # detailed description com.openexchange.contacts.ldap.context1.Gruppi.referrals=follow # Specify the refresh interval for the cached contacts. If authtype is # "anonymous" or "AdminDN" the contacts are cached and refreshed in the # background in the interval specified here (given in ms) com.openexchange.contacts.ldap.context1.Gruppi.refreshinterval=10000 # Specify the timeout of one connection in the pool here com.openexchange.contacts.ldap.context1.Gruppi.pooltimeout= # Specify how aliases are dereferenced. This value influences the property # "java.naming.ldap.derefAliases" of the underlying sun ldap implementation. # The allowed values are: "always", "never", "finding" and "searching" # Please see http://download.oracle.com/javase/jndi/tutorial/ldap/misc/aliases.html # for details com.openexchange.contacts.ldap.context1.Gruppi.derefAliases=
NB. evitare di utilizzare ldaps come protocollo per accedere all’enenco dei
contatti… in caso contrario la visualizzazione dell’elenco effettuata direttamente
dalla cartella contatti sarà lentissima (60 contatti visualizzati in 5/6 secondi !!).
modifico i permessi e l’owner dei file appena creati
chown root:open-xchange /opt/open-xchange/etc/groupware/contacts-ldap/ID_CONTESTO -R chmod 740 /opt/open-xchange/etc/groupware/contacts-ldap/ID_CONTESTO -R
preparare il file per gestire il mapping dei campi tra open-xchange e AD
cd /opt/open-xchange/etc/groupware/contacts-ldap cp mapping.ads.properties.example mapping.ads.properties -p
e riavvio il servizio open-xchange-groupware
/etc/init.d/open-xchange-groupware restart
Verifica dei “bundle” installati
/opt/open-xchange/sbin/listbundles
Interfaccia WEB per l’amministrazione di contesti/utenti/permessi
Fare riferimento a questo link per la versione ufficiale https://oxgui.wordpress.com/2009/10/11/peters-ox-admin-gui-0-1-4-en/
Installation:
wget http://oxgui.sciencesoft.at/psoxgui.0.1.15.tar.gz
tar -C / -xvzf psoxgui.0.1.15.tar.gz
chown -R open-xchange:open-xchange /opt/open-xchange/etc/psoxgui
Add following line
defaultOXguiLang = en_EN to the config file
/opt/open-xchange/etc/psoxgui/psoxgui.properties
to set the default GUI language.
stop OX
/etc/init.d/open-xchange-groupware stop
/etc/init.d/open-xchange-admin stop
restart OX /etc/init.d/open-xchange-groupware start
/etc/init.d/open-xchange-admin start
Wait some seconds until all components are running…
/opt/open-xchange/sbin/listbundles
Following output should be displayed:
bundlename: org.eclipse.osgi status: ACTIVE bundlename: at.sciencesoft.oxadmingui status: ACTIVE
bundlename: com.openexchange.authentication.database status: ACTIVE
…
The entry RESOLVED instead of ACTIV indicates a Java library dependency problem. Following command shows the Java dependency which prevents the loading of the bundle. tail -f -n200 /var/log/open-xchange/open-xchange.log.0
Questo è link per accedere all’interfaccia web di amministrazione:
http://nomeserveropen-xchange/servlet/webserver/index.html
E questo è il file di configurazione:
# cat /opt/open-xchange/etc/psoxgui/psoxgui.properties
# default OX GUI language
#defaultOXguiLang = en_EN
defaultOXguiLang = it_IT
# default user language
#defaultLang= de_DE
defaultLang= it_IT
defaultIMAPserver=IP_DEL_SERVER_IMAP_DI_DEFAULT
defaultSMTPserver=IP_DEL_SERVER_SMPT_DI_DEFAULT
defaultTimezone=Europe/Rome
rmiHost=rmi://localhost:1099/
urlBase=/servlet/webserver/
servletMappingBase=/webserver/
accessCombination=all,groupware_premium,pim_plus,webmail_plus
supportedOXLang=it_IT|Italiano,en_US|English,de_DE|Deutsch,fr_FR|Fran\u00E7ais,es_ES|Espa\u00F1ol
etcDir=/opt/open-xchange/etc/psoxgui
# Use this property to restrict the GUI access to certain IP adresses, separated
# by a comma. The programm matches partial and entirety IP adresses:
# e.g. 192.168,194.232.104.22
IPaccessFilter=IP_DELLE_SOLE_MACCHINE_AMMINISTRATIVE
# ‘true’ enables the Context Admin Login
CTXamdinLogin=false
# minimum required user password length
minPasswordLen = 5
# ‘true’ disables deleting an existing OX context
disableContextDelete=true
# Set local according
# http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt
# for sorting fields
# If this parameter is missing, the defaultOXguiLang will be used.
local=it
# This paramter determines which user information will be used in the group menu
# 0 (default) display name
# 1 user/login name
# 2 email
#showUserInGroup=2
# If this limit is exeeded, the user menu starts with the ‘only search’ option.
# No user will be displayed until a search provides a result
# The option ‘only search’ can be deactivated
#displayUserLimit=100
# Live time of cached user data in seconds
# 0 disables this cache
userCacheLiveTime=300