AppSuite:Context management: Difference between revisions
No edit summary |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 27: | Line 27: | ||
|- | |- | ||
| -q,--quota <integer> | | -q,--quota <integer> | ||
|Context wide filestore quota in MB | |Context wide filestore quota in MB. -1 = unlimited. '''Note:''' The context-associated filestore is not only used by Infostore/Drive module, but also for other features like snippets/signatures, thumbnail cache, PIM (contacts, calendar & tasks) attachments, etc. Thus even if you don't use the Infostore/Drive, you should always set an appropriate amount so users can e.g. store signatures or attach files to PIM items. | ||
|- | |- | ||
| -u,--username <string> | | -u,--username <string> | ||
Line 603: | Line 603: | ||
|pim_mobility=webmail, calendar, contacts, tasks, syncml, ''usm'', activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, ''editpassword'' | |pim_mobility=webmail, calendar, contacts, tasks, syncml, ''usm'', activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, ''editpassword'' | ||
|- | |- | ||
|groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility | |groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility) | ||
|- | |- | ||
|groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav | |groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, ''syncml, ''usm'', ''olox20'', ''activesync'', readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication | ||
|- | |- | ||
|all=webmail, calendar, contacts, infostore, tasks, webdav | |all=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, ''publicfoldereditable'', collectemailaddresses, multiplemailaccounts, subscription, publication (This is a right tailored to a context administrator) | ||
|} | |} | ||
Latest revision as of 09:19, 10 January 2020
createcontext
createcontext
is the tool to create new contexts. A context is an independent instance within the createcontext Open-Xchange system and holds users, groups
and resources and all their objects. Data from one context is not visible to other contexts. Module access (calendar, tasks, email) can be set via predefined "access combination names". These
names can be configured on the server side. All users which are created during later use of the "createuser" tool will inherit the module access rights from the context. If you do not specify any
access rights on createcontext minimal access rights will be granted. Currently, these are Webmail and Contacts access rights.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-c,--contextid <integer> | The id of the context, when starting with 0, 0 is deleted |
-q,--quota <integer> | Context wide filestore quota in MB. -1 = unlimited. Note: The context-associated filestore is not only used by Infostore/Drive module, but also for other features like snippets/signatures, thumbnail cache, PIM (contacts, calendar & tasks) attachments, etc. Thus even if you don't use the Infostore/Drive, you should always set an appropriate amount so users can e.g. store signatures or attach files to PIM items. |
-u,--username <string> | Username for the new context admin user |
-d,--displayname <string> | Displayname for the new context admin user |
-g,--givenname <string> | Given name for the new context admin user |
-s,--surname <string> | Surname/last name for the new context Admin user |
-p,--password <string> | Password for the new context Admin user |
-e,--email <string> | Primary E-Mail address for the new context Admin user |
-l,--lang <lang> | Language for the new context Admin user |
-t,--timezone <timezone> | Timezone for the new context Amin user |
-N,--contextname <string> | Context name |
-L,--addmapping <string> | Add login mappings separated by "," |
-F,--destination-store-id <integer> | Specifies the optional file store identifier to which the context gets assigned; if missing the file store gets auto-detected |
-D,--destination-database-id <integer> | Specifies the optional database identifier to which the context gets assigned; if missing the database gets auto-detected |
--access-combination-name <access-combination-name> | Access combination name |
--access-denied-portal <on/off> | Denies portal access (Default is off) |
--csv-import <CSV file> | Full path to CSV file with user data to import. This option makes mandatory options obsolete, except credential options (if needed). |
--csv-import <CSV file>
Full path to CSV file with user data to import. This option makes mandatory command line options obsolete, except credential options (if needed). But they have to be set in the CSV file.
With this option you can specify a csv file (a full pathname must be given) with the data which should be imported. The columnnames in the CSV file must be the same as the long-options of the command line tools, without the prefix "--".
This option will normally be used to fill new large installations with the new data. So instead of calling the command line tools in a shell script every time, just a csv file needs to be created, containing the whole data.
Note that the credentials of the masteradmin in the createcontext call must be given on the command line with the -A and -P options nevertheless - if authentication is enabled. If the createuser command line tool is used, the credentials are part of the csv file, and cannot be set as options on the command line itself. The reason for this different behavior is that different contexts have different credentials for the admin user, so they must be set in every line of the csv file. Opposed to this the credentials of the masteradmin are always the same.
Extra parameters when authentication is enabled
-A,--adminuser <string> | Master Admin user name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
contextid {adminuser adminpass} quota username displayname givenname surname password email
Command output
On success:
context <contextid> created
On failure:
context <contextid> could not be created: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/createcontext
-c 123 -q 1000 -N CompanyA -u "admin" -d "Admin of CompanyA" -g John -s Example -p newpw -e john@example.com
context 123
created
deletecontext
deletecontext
is the tool to delete contexts and all data stored that belong to it. This includes all database entries and files in the infostore but no
E-Mail components.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-c,--contextid <contextid> | The id of the context |
-N,--contextname <contextname> | Context name |
Extra parameters when authentication is enabled
-A,--adminuser <string> | Master Admin user name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
(contextid or contexname) {adminuser adminpass}
Command output
On success:
context <contextid> deleted
On failure:
context
<contextid> could not be deleted: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/deletecontext -c
123
context 123 deleted
listcontext
listcontext
is the tool to list and search for contexts.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-s,--searchpattern <string> | Search/List pattern, default “*” |
--csv | Command output as csv |
Extra parameters when authentication is enabled
-A,--adminuser <adminuser> | Master Admin user name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
{adminuser adminpass}
Command output
Standard output:
cid fid fname enabled qmax qused name lmappings . . ... ... ... ... ... ...
csv output:
id,filestore_id,filestore_name,enabled,max_quota,used_quota,name,lmappings
Example
root@oxhe:/opt/open-xchange/sbin# ./listcontexts cid fid fname enabled qmax qused name lmappings 6 3 6_ctx_store true 1000 0 customerA 6,customerA,secondlogin
disablecontext
disablecontext
is the tool to disable contexts. Whenever a customer tries to log in to a disabled context, the login is denied.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-c,--contextid <integer> | The id of the context |
-N,--contextname <string> | Context name |
Extra parameters when authentication is enabled
-A,--adminuser <string> | Master Admin user name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on
failure
Mandatory parameters
(contextid or
contextname) {adminuser adminpass}
Command output
On success:
context <contextid> disabled
On failure:
context <contextid> could not be disabled:
<reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/disablecontext -c 123
context 123
disabled
disableallcontexts
disableallcontexts
is the tool to disable all contexts. Whenever a customer tries to log in to a disabled context, the login is denied.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
Extra parameters when authentication is enabled
-A,--adminuser <string> | Master Admin user
name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on
failure
Mandatory parameters
{adminuser
adminpass}
Command output
On success:
all contexts disabled
On failure:
all contexts could not be disabled: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/disableallcontexts
all contexts disabled
enablecontext
enablecontext
is the tool to enable a disabled context.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from
output |
-c,--contextid <integer> | The id of the context |
-N,--contextname <string> | Context name |
Extra parameters when authentication is enabled
-A,--adminuser <adminuser> | Master Admin user name |
-P,--adminpass <string> | Master Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
(contextid or contextname) {adminuser adminpass}
Command output
On success:
context <contextid> enabled
On failure:
context <contextid> could not be enabled: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/enablecontext -c 123
context <contextid> enabled
enableallcontexts
enableallcontexts
is the tool to enable all disabled contexts.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from
output |
Extra parameters when authentication is enabled
-A,--adminuser <string> | Master Admin user name |
-P,--adminpass
<string> |
Master Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
{adminuser adminpass}
Command output
On success:
all contexts enabled
On failure:
all contexts could not be enabled: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/enableallcontexts
all contexts enabled
getcontextcapabilities
getcontextcapabilities
is the tool to list available capabilities for a certain context.
Parameters
-h,--help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-c,--contextid <integer> | The id of the context |
-N,--contextname <contextname> | context name |
Extra parameters when authentication is enabled
-A,--adminuser <string> | Context Admin user name |
-P,--adminpass <string> | Context Admin password |
Return value
0
on success
>0
on failure
Mandatory parameters
contextid adminuser adminpass
Command output
Either "There are no capabilities set for context <context-id>" or a line-wise listing of identifiers for available capabilities
Example
root@oxhe:~# /opt/open-xchange/sbin/getcontextcapabilities -c 6
changecontext
changecontext
makes context-wide changes.
If you specify module access options; e.g. "--access-edit-password on"; then please be aware that basic module access set is the one from context's administrator. Meaning any option not explicitly specified as CLI argument will fall-back to context administrator setting for _every_ user in associated context.
You can use changecontext to change the current quota for a given context. When the context has more changecontext space in use than the new quota allows, the customer is only able to delete files until the usage is below quota. Module access (calendar,tasks,email) can be set via predefined "access combination names". These names can be configured on the server side. All users which are created during later use of the "createuser" tool will inherit the module access rights from the context. If you do not specify any access rights on createcontext minimal access rights will be granted. Currently, these are Webmail and Contacts access rights.
There are some default combinations in the ModuleAccessDefinitions.properties file on the admin server, like:
webmail=webmail, contacts, globaladdressbookdisabled, collectemailaddresses, editpassword |
pim=webmail, calendar, contacts, tasks, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword |
pim_infostore=webmail, calendar, contacts, tasks, infostore, webdav, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication |
pim_mobility=webmail, calendar, contacts, tasks, syncml, usm, activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword |
groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility) |
groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication |
all=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, publicfoldereditable, collectemailaddresses, multiplemailaccounts, subscription, publication (This is a right tailored to a context administrator) |
Note: Italics denote additional rights in comparison to the previous set where applicable.
When having changed the access rights of the context and its users with "changecontext" the "downgrade" command should be called on the admin server. All unnecessary data are removed from the data base via "groupware api". If e. g. the context 1 is changed from "pim_infostore" to "webmail", the "downgrade" command has to be called for this context then. Then, all unnecessary folders for this context are removed from the data base.
Parameters
-h,- -help | Prints a help text |
--environment | Show info about commandline environment |
--nonl | Remove all newlines (\n) from output |
--responsetimeout <integer> | response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0 |
-c,- -contextid <integer> | The id of the context |
-N,- -contextname <string> | The name of the context |
-L,- -addmapping <string(s)> | Add login mappings. Separated by "," |
-R,- -removemapping <stirng(s)> | Remove login mappings. Separated by "," |
-q,- -quota <integer> | Quota for the context filestore in MB |
--access-combination-name <access-combination-name> | Access combination name |
--capabilities-to-add <capabilities-to-add> | The capabilities to add as a comma-separated string (from 7.2.0 on) |
--capabilities-to-remove <capabilities-to-remove> | The capabilities to remove as a comma-separated string (from 7.2.0 on) |
--capabilities-to-drop <capabilities-to-drop> | The capabilities to drop; e.g. cleanse from storage; as a comma-separated string (from 7.6.0 on) |
--quota-module <quota-module> | The identifier of the module to which to apply the quota value (from 7.2.0 on) |
--quota-value <quota-value> | from v7.2.0 on: The quota value; zero is unlimited from v7.6.0 on: The numeric quota value specifying the max. number of items allowed for context. Zero is unlimited. A value less than zero deletes the quota entry (and falls back to configured behavior) |
Extra parameters when authentication is enabled
-A,- -adminuser <string> | Master Admin user name |
-P,- -adminpass <string> | Master Admin password |
Return value
0
on success
>0
on
failure
Mandatory parameters
(contextid or
contextname) {adminuser adminpass} and at minimum one attribute to change
Command output
On success:
context <contextid> changed
On failure:
context
<contextid> could not be changed: <reason from server>
Example
root@oxhe~#
/opt/open-xchange/sbin/changecontext -c 123 -q
500
context 123 changed
getAdminId
Returns the ID of the context administrator.