AppSuite:User management: Difference between revisions

From Open-Xchange
No edit summary
 
(26 intermediate revisions by 9 users not shown)
Line 17: Line 17:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| --extendedoptions  
| --extendedoptions  
Line 66: Line 69:
|Add a GUI setting (key=value)
|Add a GUI setting (key=value)
|}
|}
For the GUI preferences please also see [http://www.open-xchange.com/wiki/index.php?title=Gui_path]
For the GUI preferences please also see [http://oxpedia.org/wiki/index.php?title=Gui_path]




Line 179: Line 182:
| --mail_folder_trash_name <string>
| --mail_folder_trash_name <string>
|Mail_folder_trash_name
|Mail_folder_trash_name
|-
| --mail_folder_archive_full_name <string>
|Mail_folder_archive_full_name
|-
|-
| --manager_name <string>
| --manager_name <string>
Line 291: Line 297:
|Telephone_ttytdd
|Telephone_ttytdd
|-
|-
| --uploadFileSizeLimitPerFile <string>
| --uploadfilesizelimitperfile <string>
|uploadFileSizeLimitPerFile
|Upload file size limit per file for mail attachments
|-
|-
| --uploadFileSizeLimit <string>
| --uploadfilesizelimit <string>
|uploadFileSizeLimit
|Total upload file size limit for mail attachments
|-
|-
| --url <string>
| --url <string>
Line 381: Line 387:
|Mail_folder_confirmed_spam_name
|Mail_folder_confirmed_spam_name
|-
|-
| --Spam_filter_capabilities_enabled <booleanvalue>
| --gui_spam_filter_capabilities_enabled <booleanvalue>
|Spam_filter_capabilities_enabled
|GUI_spam_filter_capabilities_enabled
|-
|-
| --mailenabled <true/false>
| --mailenabled <true/false>
Line 407: Line 413:
| --access-edit-public-folder <on/off>
| --access-edit-public-folder <on/off>
|Edit public folder access (Default is off)
|Edit public folder access (Default is off)
|-
| --access-forum <on/off>
|Forum module access (Default is off)
|-
|-
| --access-ical <on/off>
| --access-ical <on/off>
Line 416: Line 419:
| --access-infostore <on/off>
| --access-infostore <on/off>
|Infostore module access (Default is off)
|Infostore module access (Default is off)
|-
| --access-pinboard-write <on/off>
|Pinboard write access (Default is off)
|-
| --access-projects <on/off>
|Project module access (Default is off)
|-
|-
| --access-read-create-shared-Folders <on/off>
| --access-read-create-shared-Folders <on/off>
|Read create shared folder access (Default is off)
|Read create shared folder access (Default is off)
|-
| --access-rss-bookmarks <on/off>
|RSS bookmarks access (Default is off)
|-
| --access-rss-portal <on/off>
|RSS portal access (Default is off)
|-
|-
| --access-syncml <on/off>
| --access-syncml <on/off>
Line 446: Line 437:
| --access-vcard <on/off>
| --access-vcard <on/off>
|Vcard access (Default is off)
|Vcard access (Default is off)
|-
| --access-webdav <on/off>
|Webdav access (Default is off)
|-
| --access-webdav-xml <on/off>
|Webdav-Xml access (Default is off)
|-
|-
|
|
Line 458: Line 443:
|-
|-
| --access-publication <on/off>
| --access-publication <on/off>
|Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
|[DEPRECATED] Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
|-
|-
| --access-subscription <on/off>
| --access-subscription <on/off>
Line 488: Line 473:
|-
|-
| --foldertree <0/1>
| --foldertree <0/1>
|0 sets the OX standard folder tree and 1 sets the Outlook-like folder tree.
|0 sets the OX standard folder tree
|-
|-
| --access-olox20 <on/off>
| --access-olox20 <on/off>
| Access to Olox2.0
| [DEPRECATED] Access to Olox2.0
|-
| --default-folder-mode
| The mode how the default folders should be created. 'default', 'default-deletable', 'no-default-folders'. If not selected, 'default' is applied.
|}
|}


Line 499: Line 487:
possible to limit the access to the available modules per context i. e., all users in one context per default get the same access rights. The rights though can be changed per user. Currently,
possible to limit the access to the available modules per context i. e., all users in one context per default get the same access rights. The rights though can be changed per user. Currently,
following modules are implemented: access-calendar, access-contacts, access-delegate-tasks, access-edit-public-folder, access-ical, access-infostore, access-read-create-shared-Folders,
following modules are implemented: access-calendar, access-contacts, access-delegate-tasks, access-edit-public-folder, access-ical, access-infostore, access-read-create-shared-Folders,
access-tasks, access-vcard, access-webdav, access-webdav-xml, access-syncml and access-webmail. There are several combinations possible and four are supported (not mentioned modules need to be
access-tasks, access-vcard, access-webdav, access-syncml and access-webmail. There are several combinations possible and four are supported (not mentioned modules need to be
disabled). This limitation is needed because some modules depend on access to others. There are different Open-Xchange packages available for the customer: Webmail+, PIM+, Groupware+, Premium.
disabled). This limitation is needed because some modules depend on access to others. There are different Open-Xchange packages available for the customer: Webmail+, PIM+, Groupware+, Premium.
These packages have to be configured per context i. e., all users in a context need to use the same package. Each package consists of a combination of modules that has to be set up appropriately.
These packages have to be configured per context i. e., all users in a context need to use the same package. Each package consists of a combination of modules that has to be set up appropriately.
Line 582: Line 570:
==== Premium ====
==== Premium ====


Premium is a desktop integration package. It provides the functionality of the "Groupware+" package and comes with interfaces to integrate with other software: The OXtender for MS Outlook and the
Premium is a desktop integration package. It provides the functionality of the "Groupware+" package and comes with interfaces to integrate with other software: The WebDAV interface to integrate the InfoStore with desktops. To grant access to this package, the following modules have to be set to "on" for all users in a context:
WebDAV interface to integrate the InfoStore with desktops. To grant access to this package, the following modules have to be set to "on" for all users in a context:




Line 619: Line 606:
|-
|-
|access-webdav
|access-webdav
|Access combination name: premium
|-
|access-webdavxml
|Access combination name: premium
|Access combination name: premium
|}
|}
==== All ====
The setting <code>all</code> is equivalent to <code>premium</code> for ordinary users. For context administrators, it adds the right <code>publicfoldereditable</code>, which allows the admin to change the access rights to public folders for groups.


==== Package access configuration ====
==== Package access configuration ====
Line 662: Line 649:
|on
|on
|on
|on
|-
| -access-forum
|off
|off
|off
|off
|-
|-
| -access-ical
| -access-ical
Line 680: Line 661:
|on
|on
|on
|on
|-
| -access-pinboard-write
|off
|off
|off
|off
|-
| -access-projects
|off
|off
|off
|off
|-
|-
| -access-read-create-shared-Folders
| -access-read-create-shared-Folders
Line 698: Line 667:
|on
|on
|on
|on
|-
| -access-rss-bookmarks
|off
|off
|off
|off
|-
| -access-rss-portal
|off
|off
|off
|off
|-
|-
| -access-syncml
| -access-syncml
Line 730: Line 687:
|-
|-
| -access-webdav
| -access-webdav
|off
|off
|off
|on
|-
| -access-webdav-xml
|off
|off
|off
|off
Line 808: Line 759:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,--contextid &lt;integer&gt;
| -c,--contextid &lt;integer&gt;
Line 877: Line 831:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,--contextid &lt;integer&gt;
| -c,--contextid &lt;integer&gt;
Line 889: Line 846:
| -i,--ignorecase  
| -i,--ignorecase  
|Do a case-insensitive search with the given search pattern
|Do a case-insensitive search with the given search pattern
|-
| --includeguests
|Add guest users to listing '''Available with v7.8.0'''
|-
| --excludeusers
|Exclude usual users from listing '''Available with v7.8.0'''
|}
|}


Line 925: Line 888:
|language
|language
|Webdav
|Webdav
|WebdavXml
|-
|-
|3
|3
Line 937: Line 899:


csv output:  
csv output:  
PasswordMech2String, Enabled, Username, PrimaryEmail, Sur_name, Given_name, Birthday, Anniversary, Branches, Business_category, Postal_code_business, State_business, Street_business, Telephone_callback, City_home, Commercial_register, Country_home, Company, Department, Display_name, Email2, Email3, EmployeeType, Fax_business, Fax_home, Fax_other, ImapServer, ImapLogin, SmtpServer, Instant_messenger1, Instant_messenger2, Telephone_ip, Telephone_isdn, Mail_folder_drafts_name, Mail_folder_sent_name, Mail_folder_spam_name, Mail_folder_trash_name,  
Name,Language,Id,Display_name,PrimaryEmail,MaxQuota,UsedQuota,Email1,Mailenabled,Password,Sur_name,Given_name,
Manager_name, Marital_status, Cellular_telephone1, Cellular_telephone2, Nickname, Number_of_children, Note, Number_of_employee, Telephone_pager, Password_expired, Telephone_assistant, Telephone_business1, Telephone_business2, Telephone_car, Telephone_company, Telephone_home1, Telephone_home2, Telephone_other, Postal_code_home, Profession, Telephone_radio, Room_number, Sales_volume, City_other, Country_other, Middle_name, Postal_code_other, State_other, Street_other, Spouse_name, State_home, Street_home, Suffix, Tax_id, Telephone_telex, Timezone, Telephone_ttytdd, Url, Userfield01, Userfield02, Userfield03, Userfield04, Userfield05, Userfield06, Userfield07, Userfield08, Userfield09, Userfield10, Userfield11, Userfield12, Userfield13, Userfield14, Userfield15, Userfield16, Userfield17, Userfield18, Userfield19, Userfield20, City_business, Country_business, Assistant_name, Telephone_primary, Email1, PasswordMech, Mail_folder_confirmed_ham_name, Mail_folder_confirmed_spam_name, Spam_filter_enabled, Id, Info, Title, Position, Password, Aliases, Categories, access-calendar, access-contacts, access-delegate-tasks, access-edit-public-folder, access-forum, access-ical, access-infostore, access-pinboard-write, access-projects, access-read-create-shared-Folders, access-rss-bookmarks, access-rss-portal, access-syncml, access-tasks, access-vcard, access-webdav, access-webdav-xml, access-webmail
FilestoreId,FilestoreOwner,Filestore_name,Birthday,Anniversary,Branches,Business_category,Postal_code_business,
 
State_business,Street_business,Telephone_callback,City_home,Commercial_register,Country_home,Company,Department,
Email2,Email3,EmployeeType,Fax_business,Fax_home,Fax_other,ImapServer,ImapLogin,SmtpServer,Instant_messenger1,
Instant_messenger2,Telephone_ip,Telephone_isdn,Mail_folder_drafts_name,Mail_folder_sent_name,
Mail_folder_spam_name,Mail_folder_trash_name,Mail_folder_archive_full_name,Manager_name,Marital_status,Cellular_telephone1,Cellular_telephone2,
Info,Nickname,Number_of_children,Note,Number_of_employee,Telephone_pager,Password_expired,Telephone_assistant,
Telephone_business1,Telephone_business2,Telephone_car,Telephone_company,Telephone_home1,Telephone_home2,
Telephone_other,Position,Postal_code_home,Profession,Telephone_radio,Room_number,Sales_volume,City_other,
Country_other,Middle_name,Postal_code_other,State_other,Street_other,Spouse_name,State_home,Street_home,Suffix,
Tax_id,Telephone_telex,Timezone,Title,Telephone_ttytdd,UploadFileSizeLimit,UploadFileSizeLimitPerFile,Url,
Userfield01,Userfield02,Userfield03,Userfield04,Userfield05,Userfield06,Userfield07,Userfield08,Userfield09,
Userfield10,Userfield11,Userfield12,Userfield13,Userfield14,Userfield15,Userfield16,Userfield17,Userfield18,
Userfield19,Userfield20,Aliases,City_business,Country_business,Assistant_name,Telephone_primary,Categories,
PasswordMech,Mail_folder_confirmed_ham_name,Mail_folder_confirmed_spam_name,GUI_Spam_filter_capabilities_enabled,
DefaultSenderAddress,FolderTree,UserAttributes,GuiPreferences,access-calendar,access-contacts,
access-delegate-tasks,access-edit-public-folder,access-ical,access-infostore,
access-read-create-shared-Folders,access-syncml,access-tasks,access-vcard,access-webdav,
access-webmail,access-edit-group,access-edit-resource,access-edit-password,access-collect-email-addresses,
access-multiple-mail-accounts,access-subscription,access-publication,access-active-sync,access-usm,
access-olox20,access-denied-portal,access-global-address-book-disabled,access-public-folder-editable


=== Example ===
=== Example ===
Line 946: Line 926:
holger@example.com  
holger@example.com  
</pre>
</pre>
 
 
== getusercapabilities ==
 
'''<code>getusercapabilities</code>''' is the tool to list available capabilities for a certain user.
 
 
=== Parameters ===
 
{| border="1"
|-
| -h,--help
|Prints a help text
|-
| --environment
|Show info about commandline environment
|-
| --nonl
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
| -c,--contextid &lt;integer&gt;
|The id of the context
|-
| -i,--userid &lt;userid&gt;
|Id of the user
|-
| -u,--username &lt;username&gt;
|Username of the user
|}
 
=== Extra parameters when authentication is enabled ===
 
{| border="1"
|-
| -A,--adminuser &lt;string&gt;
|Context Admin user name
|-
| -P,--adminpass &lt;string&gt;
|Context Admin password
|}
 
=== Return value ===
 
<code>0</code> on success
 
<code>&gt;0</code> on failure
 
=== Mandatory parameters ===
<code>contextid userid adminuser adminpass</code>
 
=== Command output ===
 
Either "There are no capabilities set for user &lt;user-id&gt; in context &lt;context-id&gt;"
or a line-wise listing of identifiers for available capabilities
 
=== Example ===
 
<pre> root@oxhe:~# /opt/open-xchange/sbin/getusercapabilities -c 6 -i 345
</pre>
 
== changeuser ==
== changeuser ==


Line 965: Line 1,007:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| --extendedoptions  
| --extendedoptions  
Line 1,021: Line 1,066:
|-
|-
| --capabilities-to-add &lt;capabilities-to-add&gt;
| --capabilities-to-add &lt;capabilities-to-add&gt;
| The capabilities to add as a comma-separated string  
| The capabilities to add as a comma-separated string (from 7.2.0 on)
|-
|-
| --capabilities-to-remove &lt;capabilities-to-remove&gt;
| --capabilities-to-remove &lt;capabilities-to-remove&gt;
|The capabilities to remove as a comma-separated string
|The capabilities to remove as a comma-separated string (from 7.2.0 on)
|-
| --capabilities-to-drop &lt;capabilities-to-drop&gt;
|The capabilities to drop; e.g. cleanse from storage; as a comma-separated string (from 7.6.0 on)
|}
|}
For the GUI preferences please also see http://www.open-xchange.com/wiki/index.php?title=Gui_path
For the GUI preferences please also see http://www.open-xchange.com/wiki/index.php?title=Gui_path
Line 1,121: Line 1,169:
| --mail_folder_trash_name &lt;string&gt;
| --mail_folder_trash_name &lt;string&gt;
|Mail_folder_trash_name
|Mail_folder_trash_name
|-
| --mail_folder_archive_full_name &lt;string&gt;
|Mail_folder_archive_full_name
|-
|-
| --manager_name &lt;string&gt;
| --manager_name &lt;string&gt;
Line 1,341: Line 1,392:
| --access-edit-public-folder &lt;on/off&gt;
| --access-edit-public-folder &lt;on/off&gt;
|Edit public folder access (Default is off)
|Edit public folder access (Default is off)
|-
| --access-forum &lt;on/off&gt;
|Forum module access (Default is off)
|-
|-
| --access-ical &lt;on/off&gt;
| --access-ical &lt;on/off&gt;
Line 1,350: Line 1,398:
| --access-infostore &lt;on/off&gt;
| --access-infostore &lt;on/off&gt;
|Infostore module access (Default is off)
|Infostore module access (Default is off)
|-
| --access-pinboard-write &lt;on/off&gt;
|Pinboard write access (Default is off)
|-
| --access-projects &lt;on/off&gt;
|Project module access (Default is off)
|-
|-
| --access-read-create-shared-Folders &lt;on/off&gt;
| --access-read-create-shared-Folders &lt;on/off&gt;
|Read create shared folder access (Default is off)
|Read create shared folder access (Default is off)
|-
| --access-rss-bookmarks &lt;on/off&gt;
|RSS bookmarks access (Default is off)
|-
| --access-rss-portal &lt;on/off&gt;
|RSS portal access (Default is off)
|-
|-
| --access-syncml &lt;on/off&gt;
| --access-syncml &lt;on/off&gt;
Line 1,383: Line 1,419:
| --access-webdav &lt;on/off&gt;
| --access-webdav &lt;on/off&gt;
|Webdav access (Default is off)
|Webdav access (Default is off)
|-
| --access-webdav-xml &lt;on/off&gt;
|Webdav-Xml access (Default is off)
|-
|-
| --access-webmail &lt;on/off&gt;
| --access-webmail &lt;on/off&gt;
Line 1,391: Line 1,424:
|-
|-
| --access-publication &lt;on/off&gt;
| --access-publication &lt;on/off&gt;
|Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
|[DEPRECATED] Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
|-
|-
| --access-subscription &lt;on/off&gt;
| --access-subscription &lt;on/off&gt;
Line 1,421: Line 1,454:
|-
|-
| --foldertree &lt;0/1&gt;
| --foldertree &lt;0/1&gt;
|0 sets the OX standard folder tree and 1 sets the Outlook-like folder tree.
|0 sets the OX standard folder tree  
|-
|-
| --access-olox20 &lt;on/off&gt;
| --access-olox20 &lt;on/off&gt;
| Access to Olox2.0
| [DEPRECATED] Access to Olox2.0
|}
|}



Latest revision as of 09:22, 10 January 2020

createuser

createuser is the tool to create new users in a given context. The displayname must be unique in one context.


Parameters

-h,--help Prints a help text
--environment Show infoabout commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
--extendedoptions Set this if you want to see all options, use this instead of help option
csv-import <CSV file> Full path to CSV file with user data to import. This option makes mandatory options obsolete, except credential options (if needed).
-c,--contextid <integer> The id of the context
-u,--username <string> Username of the user
-d,--displayname <string> Display name of the user
-g,--givenname <string> Given name for the user
-s,--surname <string> Surname of the user
-p,--password <string> Password for the user
-e,--email <string> Primary mail address
-l,--language <lang> Language for the user (de_DE,en_US,fr_FR)
-t,--timezone <timezone> Timezone of the user (Europe/Berlin)
-x,--department <string> Department of the user
-z,--company <string> Company of the user
-a,--aliases <string> E-Mail aliases of the user, separated by ","
--access-combination-name <access-combination-name> Access combination name
--addguipreferences <addguipreferences> Add a GUI setting (key=value)

For the GUI preferences please also see [1]


--csv-import <CSV file>

Full path to CSV file with user data to import. This option makes mandatory command line options obsolete, except credential options (if needed). But they have to be set in the CSV file.


With this option you can specify a csv file (a full pathname must be given) with the data which should be imported. The columnnames in the CSV file must be the same as the long-options of the command line tools, without the prefix "--".


This option will normally be used to fill new large installations with the new data. So instead of calling the command line tools in a shell script every time, just a csv file needs to be created, containing the whole data.


Note that the credentials of the masteradmin in the createcontext call must be given on the command line with the -A and -P options nevertheless - if authentication is enabled. If the createuser command line tool is used, the credentials are part of the csv file, and cannot be set as options on the command line itself. The reason for this different behavior is that different contexts have different credentials for the admin user, so they must be set in every line of the csv file. Opposed to this the credentials of the masteradmin are always the same.

Extended options

--email1 <string> Email1
--birthday <datevalue> Birthday
--anniversary <datevalue> Anniversary
--branches <string> Branches
--business_category <string> Business_category
--postal_code_business <string> Postal_code_business
--state_business <string> State_business
--street_business <string> Street_business
--telephone_callback <string> Telephone_callback
--city_home <string> City_home
--commercial_register <string> Commercial_register
--country_home <string> Country_home
--email2 <string> Email2
--email3 <string> Email3
--employeetype <string> EmployeeType
--fax_business <string> Fax_business
--fax_home <string> Fax_home
--fax_other <string> Fax_other
--imapserver <string> ImapServer
--imaplogin <string> ImapLogin
--smtpserver <string> SmtpServer
--instant_messenger1 <string> Instant_messenger1
--instant_messenger2 <string> Instant_messenger2
--telephone_ip <string> Telephone_ip
--telephone_isdn <string> Telephone_isdn
--mail_folder_drafts_name <string> Mail_folder_drafts_name
--mail_folder_sent_name <string> Mail_folder_sent_name
--mail_folder_spam_name <string> Mail_folder_spam_name
--mail_folder_trash_name <string> Mail_folder_trash_name
--mail_folder_archive_full_name <string> Mail_folder_archive_full_name
--manager_name <string> Manager_name
--marital_status <string> Marital_status
--cellular_telephone1 <string> Cellular_telephone1
--cellular_telephone2 <string> Cellular_telephone2
--info <string> Info
--nickname <string> Nickname
--number_of_children <string> Number_of_children
--note <string> Note
--number_of_employee <string> Number_of_employee
--telephone_pager <string> Telephone_pager
--password_expired <booleanvalue> Password_expired
--telephone_assistant <string> Telephone_assistant
--telephone_business1 <string> Telephone_business1
--telephone_business2 <string> Telephone_business2
--telephone_car <string> Telephone_car
--telephone_company <string> Telephone_company
--telephone_home1 <string> Telephone_home1
--telephone_home2 <string> Telephone_home2
--telephone_other <string> Telephone_other
--postal_code_home <string> Postal_code_home
--profession <string> Profession
--telephone_radio <string> Telephone_radio
--room_number <string> Room_number
--sales_volume <string> Sales_volume
--city_other <string> City_other
--country_other <string> Country_other
--middle_name <string> Middle_name
--postal_code_other <string> Postal_code_other
--state_other <string> State_other
--street_other <string> Street_other
--spouse_name <string> Spouse_name
--state_home <string> State_home
--street_home <string> Street_home
--suffix <string> Suffix
--tax_id <string> Tax_id
--telephone_telex <string> Telephone_telex
--telephone_ttytdd <string> Telephone_ttytdd
--uploadfilesizelimitperfile <string> Upload file size limit per file for mail attachments
--uploadfilesizelimit <string> Total upload file size limit for mail attachments
--url <string> Url
--userfield01 <string> Userfield01
--userfield02 <string> Userfield02
--userfield03 <string> Userfield03
--userfield04 <string> Userfield04
--userfield05 <string> Userfield05
--userfield06 <string> Userfield06
--userfield07 <string> Userfield07
--userfield08 <string> Userfield08
--userfield09 <string> Userfield09
--userfield10 <string> Userfield10
--userfield11 <string> Userfield11
--userfield12 <string> Userfield12
--userfield13 <string> Userfield13
--userfield14 <string> Userfield14
--userfield15 <string> Userfield15
--userfield16 <string> Userfield16
--userfield17 <string> Userfield17
--userfield18 <string> Userfield18
--userfield19 <string> Userfield19
--userfield20 <string> Userfield20
--city_business <string> City_business
--country_business <string> Country_business
--assistant_name <string> Assistant_name
--telephone_primary <string> Telephone_primary
--categories <string> Categories
--mail_folder_confirmed_ham_name <string> Mail_folder_confirmed_ham_name
--mail_folder_confirmed_spam_name <string> Mail_folder_confirmed_spam_name
--gui_spam_filter_capabilities_enabled <booleanvalue> GUI_spam_filter_capabilities_enabled
--mailenabled <true/false> Mailenabled
--defaultsenderaddress <stringvalue> DefaultSenderAddress
--title <string> Title
--position <string> Position
--access-calendar <on/off> Calendar module (Default is off)
--access-contacts <on/off> Contact module access (Default is on)
--access-delegate-tasks <on/off> Delegate tasks access (Default is off)
--access-edit-public-folder <on/off> Edit public folder access (Default is off)
--access-ical <on/off> Ical module access (Default is off)
--access-infostore <on/off> Infostore module access (Default is off)
--access-read-create-shared-Folders <on/off> Read create shared folder access (Default is off)
--access-syncml <on/off> Syncml access (Default is off)
--access-active-sync <on/off> Exchange Active Sync access (Default is off)
--access-usm <on/off> Universal Sync Module access (Default is off)
--access-tasks <on/off> Tasks access (Default is off)
--access-vcard <on/off> Vcard access (Default is off)

--access-webmail <on/off>

Webmail access (Default is on)
--access-publication <on/off> [DEPRECATED] Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
--access-subscription <on/off> Subscription permission (Default is on)
--access-edit-group <on/off> Edit group access (Default is off)
--access-edit-resource <on/off> Edit resource access (Default is off)
--access-edit-password <on/off> Edit password access (Default is off)
--access-collect-email-addresses <on/off> Edit collect email addresses (Default is off)
--access-multiple-mail-accounts <on/off> Use multiple mail account feature (Default is off)
--access-global-address-book-disabled <on/off> Access to global address book (Default is off). Note: Setting this option to true is only allowed in combination with PIM and Webmail rights. Note: There is a 'restoregaddefaults' script to restore the default permissions of the global address book folder.
--access--voipnow <on/off> Access to VoiceOverIP feature.
--access-public-folder-editable <on/off> Access to public folders. Allows or denies to see public folders.
--foldertree <0/1> 0 sets the OX standard folder tree
--access-olox20 <on/off> [DEPRECATED] Access to Olox2.0
--default-folder-mode The mode how the default folders should be created. 'default', 'default-deletable', 'no-default-folders'. If not selected, 'default' is applied.

Open-Xchange module access

With Open-Xchange it is possible to limit the access to the available modules per context i. e., all users in one context per default get the same access rights. The rights though can be changed per user. Currently, following modules are implemented: access-calendar, access-contacts, access-delegate-tasks, access-edit-public-folder, access-ical, access-infostore, access-read-create-shared-Folders, access-tasks, access-vcard, access-webdav, access-syncml and access-webmail. There are several combinations possible and four are supported (not mentioned modules need to be disabled). This limitation is needed because some modules depend on access to others. There are different Open-Xchange packages available for the customer: Webmail+, PIM+, Groupware+, Premium. These packages have to be configured per context i. e., all users in a context need to use the same package. Each package consists of a combination of modules that has to be set up appropriately. The following sections quickly introduce the packages and their module configuration. Open-Xchange also provides the possibility to use "access combination names" when creating and changing contexts/users. If you want to change the package acess rights for a context, you can simply add the "access-combination-name" switch to the appropriate tool (createcontext,createuser,changecontext etc.).


Webmail+

If there are no access rights specified when creating a new user Webmail+ is used as default. Webmail+ is a base package that allows access to the webmail interface and a personal address book. To grant access to this package, the following modules have to be set to "on" for all users in a context:


access-contacts Access combination name: webmail_plus
access-webmail Access combinationname: webmail_plus

PIM+

PIM+ is another base package that gives access to the webmailer, personal address book, calendar and tasks. Group appointments and delegating tasks are not supported. To grant access to this package, the following modules have to be set to "on" for all users in a context:


access-contacts Access combination name: pim_plus
access-webmail Access combination name: pim_plus
access-calendar Access combination name: pim_plus
access-delegate-tasks Access combination name: pim_plus
access-tasks Access combination name: pim_plus

Groupware+

Groupware+ is an upsell package that provides full groupware functionality: private, shared and public folders, conflict handling for appointments, team view. Furthermore, the InfoStore is available. To grant access to this package, the following modules have to be set to "on" for all users in a context:


access-contacts Access combination name: groupware_plus
access-webmail Access combination name: groupware_plus
access-calendar Access combination name: groupware_plus
access-delegate-tasks Access combination name: groupware_plus
access-tasks Access combination name: groupware_plus
access-edit-public-folder Access combination name: groupware_plus
access-infostore Access combination name: groupware_plus
access-read-create-shared-Folders Access combination name: groupware_plus

Premium

Premium is a desktop integration package. It provides the functionality of the "Groupware+" package and comes with interfaces to integrate with other software: The WebDAV interface to integrate the InfoStore with desktops. To grant access to this package, the following modules have to be set to "on" for all users in a context:


access-contacts Access combination name: premium
access-webmail Access combination name: premium
access-calendar Access combination name: premium
access-delegate-tasks Access combination name: premium
access-tasks Access combination name: premium
access-edit-public-folder Access combination name: premium
access-infostore Access combination name: premium
access-read-create-shared-Folders Access combination name: premium
access-ical Access combination name: premium
access-vcard Access combination name: premium
access-webdav Access combination name: premium

All

The setting all is equivalent to premium for ordinary users. For context administrators, it adds the right publicfoldereditable, which allows the admin to change the access rights to public folders for groups.

Package access configuration

This section provides a quick overview about the different packages that can be configured per context and the required access configuration:


Module Webmail+ PIM+ Groupware+ Premium
-access-calendar off on on on
-access-contacts on on on on
-access-delegate-tasks off on on on
-access-edit-public-folder off off on on
-access-ical off off off on
-access-infostore off off on on
-access-read-create-shared-Folders off off on on
-access-syncml off off off off
–access-tasks off on on on
-access-vcard off off off on
-access-webdav off off off on
-access-webmail on on on on

Extra parameters when authentication is enabled

-A,--adminuser <string> Context admin user name
-P,--adminpass <string> Context admin password

Return value

0 on success

>0 on failure


Mandatory parameters

contextid {adminuser adminpass} username displayname givenname surname password email

Command output

On success:

user <userid> in context <contextid> created

On failure:

user in context <contextid> could not be created: <reason from server>


Example

root@oxhe~# /opt/open-xchange/sbin/createuser -c 123 -u jd -d "john doe" -g John -s Doe -p userpw -e jd@example.com


user 3 in context 123 created


deleteuser

deleteuser is the tool to delete a user in a given context. If you delete a user the public folder entries of this user are transferred to the admin user. All other data are deleted.


Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of them context
-i,--userid <integer> Id of the user
-u,--username <string> Username ofthe user

Extra parameters when authentication is enabled

-A,--adminuser <string> Context Admin user name
-P,--adminpass <string> Context Admin password

Return value

0 on success

>0 on failure


Mandatory parameters

contextid {adminuser adminpass} (userid or username)

Command output

On success:

user <userid> in context <contextid> deleted


On failure:

user <userid> in context <contextid> could not be deleted: <reason from server>


Example

root@oxhe~# /opt/open-xchange/deleteuser -c 123 -i 3

user 3 in context 123 deleted


listuser

listuser is the tool to list and search for users.


Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of the context
-s,--searchpattern <string> Search/List pattern, default “*”
--csv Command output as csv
-i,--ignorecase Do a case-insensitive search with the given search pattern
--includeguests Add guest users to listing Available with v7.8.0
--excludeusers Exclude usual users from listing Available with v7.8.0

Extra parameters when authentication is enabled

-A,--adminuser <string> Context Admin user name
-P,--adminpass <string> Context Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

contextid adminuser adminpass

Command output

Standard output (only a subset of available attributes are printed also only disabled modules):


id enabled imapServer smtpserver language Webdav
3 true localhost localhost en_US false false

csv output: Name,Language,Id,Display_name,PrimaryEmail,MaxQuota,UsedQuota,Email1,Mailenabled,Password,Sur_name,Given_name, FilestoreId,FilestoreOwner,Filestore_name,Birthday,Anniversary,Branches,Business_category,Postal_code_business, State_business,Street_business,Telephone_callback,City_home,Commercial_register,Country_home,Company,Department, Email2,Email3,EmployeeType,Fax_business,Fax_home,Fax_other,ImapServer,ImapLogin,SmtpServer,Instant_messenger1, Instant_messenger2,Telephone_ip,Telephone_isdn,Mail_folder_drafts_name,Mail_folder_sent_name, Mail_folder_spam_name,Mail_folder_trash_name,Mail_folder_archive_full_name,Manager_name,Marital_status,Cellular_telephone1,Cellular_telephone2, Info,Nickname,Number_of_children,Note,Number_of_employee,Telephone_pager,Password_expired,Telephone_assistant, Telephone_business1,Telephone_business2,Telephone_car,Telephone_company,Telephone_home1,Telephone_home2, Telephone_other,Position,Postal_code_home,Profession,Telephone_radio,Room_number,Sales_volume,City_other, Country_other,Middle_name,Postal_code_other,State_other,Street_other,Spouse_name,State_home,Street_home,Suffix, Tax_id,Telephone_telex,Timezone,Title,Telephone_ttytdd,UploadFileSizeLimit,UploadFileSizeLimitPerFile,Url, Userfield01,Userfield02,Userfield03,Userfield04,Userfield05,Userfield06,Userfield07,Userfield08,Userfield09, Userfield10,Userfield11,Userfield12,Userfield13,Userfield14,Userfield15,Userfield16,Userfield17,Userfield18, Userfield19,Userfield20,Aliases,City_business,Country_business,Assistant_name,Telephone_primary,Categories, PasswordMech,Mail_folder_confirmed_ham_name,Mail_folder_confirmed_spam_name,GUI_Spam_filter_capabilities_enabled, DefaultSenderAddress,FolderTree,UserAttributes,GuiPreferences,access-calendar,access-contacts, access-delegate-tasks,access-edit-public-folder,access-ical,access-infostore, access-read-create-shared-Folders,access-syncml,access-tasks,access-vcard,access-webdav, access-webmail,access-edit-group,access-edit-resource,access-edit-password,access-collect-email-addresses, access-multiple-mail-accounts,access-subscription,access-publication,access-active-sync,access-usm, access-olox20,access-denied-portal,access-global-address-book-disabled,access-public-folder-editable

Example

 root@oxhe:~# /opt/open-xchange/sbin/listuser -c 6 Id Name Displayname Email 2 admin admin admin@example.com 3 holger Holger
holger@example.com 


getusercapabilities

getusercapabilities is the tool to list available capabilities for a certain user.


Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of the context
-i,--userid <userid> Id of the user
-u,--username <username> Username of the user

Extra parameters when authentication is enabled

-A,--adminuser <string> Context Admin user name
-P,--adminpass <string> Context Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

contextid userid adminuser adminpass

Command output

Either "There are no capabilities set for user <user-id> in context <context-id>" or a line-wise listing of identifiers for available capabilities

Example

 root@oxhe:~# /opt/open-xchange/sbin/getusercapabilities -c 6 -i 345

changeuser

The changeuser tool allows to modify attributes of an existing user in a given context. The displayname must be unique in one context.


Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
--extendedoptions Set this if you want to see all options, use this instead of help option
-c,--contextid <integer> The id of the context
-i,--userid <integer> Id of the user
-u,--username <string> Username of the user
-d,--displayname <string> Display name of the user
-g,--givenname <string> Given name for the user
-s,--surname <string> Surname of the user
-p,--password <string> Password for the user
-e,--email <string> Primary mail address
-l,--language <lang> Language for the user (de_DE,en_US, fr_FR)
-t,--timezone <timezone> Timezone of the user (Europe/Berlin)
-x,--department <string> Department of the user
-z,--company <string> Company of the user
-a,--aliases <string> E-Mail aliases of the user, separated by ","
--access-combination-name <access-combination-name> Access combination name
--addguipreferences <addguipreferences> Add a GUI setting (key=value)
--removeguipreferences <removeguipreferences> Remove a GUI setting
--access-denied-portal <on/off> Denies portal access (Default is off)
--capabilities-to-add <capabilities-to-add> The capabilities to add as a comma-separated string (from 7.2.0 on)
--capabilities-to-remove <capabilities-to-remove> The capabilities to remove as a comma-separated string (from 7.2.0 on)
--capabilities-to-drop <capabilities-to-drop> The capabilities to drop; e.g. cleanse from storage; as a comma-separated string (from 7.6.0 on)

For the GUI preferences please also see http://www.open-xchange.com/wiki/index.php?title=Gui_path

Extended options

--email1 <string> Email1
--mailenabled <booleanvalue > Mailenabled
--birthday <datevalue> Birthday
--anniversary <datevalue> Anniversary
--branches <string> Branches
--business_category <string> Business_category
--postal_code_business <string> Postal_code_business
--state_business <string> State_business
--street_business <string> Street_business
--telephone_callback <string> Telephone_callback
--city_home <string> City_home
--commercial_register <string> Commercial_register
--country_home <string> Country_home
--email2 <string> Email2
--email3 <string> Email3
--employeetype <string> EmployeeType
--fax_business <string> Fax_business
--fax_home <string> Fax_home
--fax_other <string> Fax_other
--imapserver <string> ImapServer
--imaplogin <string> ImapLogin
--smtpserver <string> SmtpServer
--instant_messenger1 <string> Instant_messenger1
--instant_messenger2 <string> Instant_messenger2
--telephone_ip <string> Telephone_ip
--telephone_isdn <string> Telephone_isdn
--mail_folder_drafts_name <string> Mail_folder_drafts_name
--mail_folder_sent_name <string> Mail_folder_sent_name
--mail_folder_spam_name <string> Mail_folder_spam_name
--mail_folder_trash_name <string> Mail_folder_trash_name
--mail_folder_archive_full_name <string> Mail_folder_archive_full_name
--manager_name <string> Manager_name
--marital_status <string> Marital_status
--cellular_telephone1 <string> Cellular_telephone1
--cellular_telephone2 <string> Cellular_telephone2
--info <string> Info
--nickname <string> Nickname
--number_of_children <string> Number_of_children
--note <string> Note
--number_of_employee <string> Number_of_employee
--telephone_pager <string> Telephone_pager
--password_expired <booleanvalue> Password_expired
--telephone_assistant <string> Telephone_assistant
--telephone_business1 <string> Telephone_business1
--telephone_business2 <string> Telephone_business2
--telephone_car <string> Telephone_car
--telephone_company <string> Telephone_company
--telephone_home1 <string> Telephone_home1
--telephone_home2 <string> Telephone_home2
--telephone_other <string> Telephone_other
--postal_code_home <string> Postal_code_home
--profession <string> Profession
--telephone_radio <string> Telephone_radio
--room_number <string> Room_number
--sales_volume <string> Sales_volume
--city_other <string> City_other
--country_other <string> Country_other
--middle_name <string> Middle_name
--postal_code_other <string> Postal_code_other
--state_other <string> State_other
--street_other <string> Street_other
--spouse_name <string> Spouse_name
--state_home <string> State_home
--street_home <string> Street_home
--suffix <string> Suffix
--tax_id <string> Tax_id
--telephone_telex <string> Telephone_telex
--telephone_ttytdd <string> Telephone_ttytdd
--url <string> Url
--userfield01 <string> Userfield01
--userfield02 <string> Userfield02
--userfield03 <string> Userfield03
--userfield04 <string> Userfield04
--userfield05 <string> Userfield05
--userfield06 <string> Userfield06
--userfield07 <string> Userfield07
--userfield08 <string> Userfield08
--userfield09 <string> Userfield09
--userfield10 <string> Userfield10
--userfield11 <string> Userfield11
--userfield12 <string> Userfield12
--userfield13 <string> Userfield13
--userfield14 <string> Userfield14
--userfield15 <string> Userfield15
--userfield16 <string> Userfield16
--userfield17 <string> Userfield17
--userfield18 <string> Userfield18
--userfield19 <string> Userfield19
--userfield20 <string> Userfield20
--city_business <string> City_business
--country_business <string> Country_business
--assistant_name <string> Assistant_name
--telephone_primary <string> Telephone_primary
--categories <string> Categories
--mail_folder_confirmed_ham_name <string> Mail_folder_confirmed_ham_name
--mail_folder_confirmed_spam_name <string> Mail_folder_confirmed_spam_name
--gui_spam_filter_capabilities_enabled <booleanvalue> GUI_Spam_filter_capabilities_enabled
--defaultsenderaddress<string> DefaultSenderAddress
--title <string> Title
--position <string> Position
--access-calendar

<on/off>

Calendar module (Default is off)
--access-contacts <on/off> Contact module access (Default is on)
--access-delegate-tasks <on/off> Delegate tasks access (Default is off)
--access-edit-public-folder <on/off> Edit public folder access (Default is off)
--access-ical <on/off> Ical module access (Default is off)
--access-infostore <on/off> Infostore module access (Default is off)
--access-read-create-shared-Folders <on/off> Read create shared folder access (Default is off)
--access-syncml <on/off> Syncml access (Default is off)
--access-active-sync <on/off> Exchange Active Sync access (Default is off)
--access-usm <on/off> Universal Sync Module access (Default is off)
--access-tasks <on/off> Tasks access (Default is off)
--access-vcard <on/off> Vcard access (Default is off)
--access-webdav <on/off> Webdav access (Default is off)
--access-webmail <on/off> Webmail access (Default is on)
--access-publication <on/off> [DEPRECATED] Publication permission (Default is on). Note: access-publication needs access-infostore and is optional for Groupware+ and premium
--access-subscription <on/off> Subscription permission (Default is on)
--access-edit-group <on/off> Edit group access (Default is off)
--access-edit-resource <on/off> Edit resource access (Default is off)
--access-edit-password <on/off> Edit password access (Default is off)
--access-collect-email-addresses <on/off> Edit collect email addresses (Default is off)
--access-multiple-mail-accounts <on/off> Use multiple mail account feature (Default is off)
--access-global-address-book-disabled <on/off> Access to global address book (Default is off). Note: Setting this option to true is only allowed in combination with PIM and Webmail rights. Note: There is a 'restoregaddefaults' script to restore the default permissions of the global address book folder.
--access--voipnow <on/off> Access to VoiceOverIP feature.
--access-public-folder-editable <on/off> Access to public folders. Allows or denies to see public folders.
--foldertree <0/1> 0 sets the OX standard folder tree
--access-olox20 <on/off> [DEPRECATED] Access to Olox2.0

Access changes for existing users

Changes to module access must be done for all users in a given context. On downgrade i. e., to revoke former given access, the data for objects will still be present in the database and on the filestore but is not visible to the customer any more. Please note that only the specified modules are changed. That is why it is required to explicitly turn modules off. A list of packages and the required module configuration is provided in the section called “Package access configuration”.


Extra parameters when authentication is enabled

Context Admin user name
Context Admin password

Return value

0 on success


>0 on failure


Mandatory parameters

contextid {adminuser adminpass} (userid or username) and at minimum one attribute to change

primaryMail, Email1 and defaultSenderAddress must be present in set of aliases i. e., whenever you want to change one of

  • --email
  • --email1
  • --defaultsenderaddress

you MUST take care, that the address you want to set is already contained in the aliases of the user.


So when user has aliases: foo, bar and you want to change email to anotheraddr, you must add anotheraddr to the aliases, first.


If needed, this can be done with one commandline call, e.g.:


/changeuser -A oxadmin -P secret -c 666 -i 4 -e anotheraddr -a foo,bar,anotheraddr

Command output

On success:


user <userid> in <contextid> changed


On failure:


user <userid> in <contextid> could not be changed: <reason from server>


Example

root@oxhe~# changeuser -c 123 -i 3 -p newpwd


user 3 in context 123 changed