OXSE4UCS Installation en: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
Line 1: Line 1:
= OXSE for UCS Quickinstall Guide =
= Introduction=
The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).


OXSE4UCS is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.


==Preparation==
More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html].
===Planing a scenario===
Before the installation you must decide which scenario for the OXSEforUCS-integration will be used. You can find the supported scenarios in the specifications of OXSEforUCS in chapter 7. For simplification the installation only varies between 3 cases
* One-Server-Solution comparable with OXAE
* dedicated slave server for OXSE
* installation in distributed environments


===Installing UCS-systems===
= Installation =
====UCS Master installation====
As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly.  
A UCS Master is required for every scenario. It is possible to use an existing UCS Master, if so, exactly '''UCS version 2.2-3 must''' be installed.


'''Please Note: For installation, please only this mentioned path with UCS 2.2-3. UCS 2.3 is currently not supported for the OXSE for UCS and there is no possibility to downgrade UCS 2.3 to 2.2-3.'''
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.


The UCS ISO images are available at http://apt.univention.de/download/ucs-cds/ucs2.2-0/
To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html].  


Please select one of the images, that is appropriate for your platform, burn it, and reboot the machines with the DVD in the tray. Choose Univention Installer from the boot-menu and proceed after the boot-dialog has been loaded as follows:
The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:


* Choose installer language
export LDBUSER=myusername LDBPASS=secret
* Press F12 to load all modules. If you don't want to load certain modules (e.g. for hardware compatibility reasons), deselect them. After that press F12.
ucr set repository/online/component/ox/server=software.open-xchange.com \                                                                                                                           
* Choose the medium, you want to install from (default ist /dev/hdc, the DVD Drive)
repository/online/component/ox/prefix=OX6/OXSEforUCS \                                                                                                                                     
* Choose your timezone and press F12
repository/online/component/ox/username=$LDBUSER \                                                                                                                                         
* Choose the keyboard layout and press F12
repository/online/component/ox/password=$LDBPASS \                                                                                                                                         
* Choose one or more system languages and press F12
repository/online/component/ox/version=2.2,2.3 \                                                                                                                                           
* Choose the default language from the list and press F12
repository/online/component/ox=enabled \                                                                                                                                                   
* Next, you have to act as follows. For Single-Server-Setup, choose '''Domain Controller Master'''. In the Single-Server-Setup you need exactly one '''Domain Controller Master'''. All other servers have to be '''Domain Controller Backup''' or '''Domain Controller Slave'''
repository/online/component/oxseforucs/server=software.open-xchange.com \                                                                                                                   
* In the next step, you have to configure the hostname, domainname, the LDAP-Base and the Windows-Domain, as well as to set the root-password.
repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \                                                                                                                             
The LDAP Base will be genererated from the domainname as follows:<p>
repository/online/component/oxseforucs/username=$LDBUSER \                                                                                                                                 
subdomain.domain.com will become dc=subdomain,dc=domain,dc=com</p>
repository/online/component/oxseforucs/password=$LDBPASS \                                                                                                                                 
<p>
repository/online/component/oxseforucs/version=2.2,2.3 \                                                                                                                                   
You can enter a different LDAP Base here, but for readbility reasons you should refrain from that.</p>
repository/online/component/oxseforucs=enabled                                                                                                                                             
* In the next step you have to partition the medium, that you're going to install to. This is left up to your needs. You're welcome to use the auto partitioner that will create swap-space and apply the LVM onto the partitions.
apt-get update
After that, press F12 and install the bootloader, again with F12.
* After that, your are requested to enter the Data for your networking interface. Press F12.
 
The nameserver field should contain the nameserver, that handles the previously configured domain. As UCS brings its own nameserver '''bind''', this could also be 127.0.01 or the IP address of the networking interface, configured previously. Please enter the DNS-server of your ISP into the DNS Forwarder field. This will be automatically entered into bind. An optional proxy server can be entered in the HTTP proxy field. F12
 
* In the next dialog, you can enter certain values for the SSL certificate of your site. These should be correct, as they will be shown in the browsers that access your site with HTTPS. F12
 
* The next dialog is a basic configuration of the firewall. This is left up to you. F12


* Package selection (without GUI). We recommend to deselect following packages, press F12 after that:
The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly.  
<p>
2.1  Installation on a DC master
Mail/Groupware: Kolab 2 for UCS, Kolab 2 Webservices</p><p>
When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line:
Systemservices: Thinclient Environment</p><p>
Graphical UI: all</p>
* In the following step, you can choose to mirror the univention-repository locally. This and the decision to export home directories via NFS/SMB is left up to you. If you export home directories, without further configuration, all users will get a share, that they can access on the OXSEforUCS server.
* In the next step you can start the installation with F12


After the installer has finished, you will be requested to reboot. Following steps remain:
DEBIAN_FRONTEND=noninteractive apt-get \                                       
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox-meta-singleserver                                   


====Update to 2.2-3 (prerequisite)====
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package.
2.2 Installation on a dedicated DC slave
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system.


The update might take long, and the progress won't be shown on the shell.
DEBIAN_FRONTEND=noninteractive apt-get \                                       
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox-directory-integration                                     
   
The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:                                                     


You can observe the progress by:
DEBIAN_FRONTEND=noninteractive apt-get \                                       
<pre>tail -f /var/log/univention/updater.log</pre>
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox-meta-singleserver                                   


CTRL-C exits the output.
univention-run-join-scripts


If you are logged in via ssh, the system will refuse to update at first. You can circumvent this by typing:
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package.
<pre>ucr set update22/ignoressh=yes</pre>
2.3  Installation in a distributed environment
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration.


A safer solution to this is to install '''screen''' beforehand, and run the update in screen. screen is a console-window-manager, that detaches from the user-terminal, so that the update can continue, even if the controlling terminal of the user exits (e.g. triggered by the update). Installation and running screen is done by:
DEBIAN_FRONTEND=noninteractive apt-get \                                       
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox-directory-integration                                     


<pre>apt-get install screen
The following services can then be distributed on the other UCS systems: 
screen</pre>
• IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail)
• MySQL server (mysql-server)
• OX instance (univention-ox)
2.3.1  MySQL server
The MySQL server is installed by installing the mysql-server package.                                                   


=====Update in shell/screen=====
apt-get install mysql-server                                               
The actual update ist performed with
<pre>
univention-updater net --updateto 2.2-3
univention-security-update net
</pre>
After the update, you can exit screen by typing '''exit''' or pressing CTRL-D.


It's recommended to perform the update in screen or the local console.
The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf.


=====Update via UMC=====
bind-address 0.0.0.0                                                           
Login into UMC and click on the Online-Updates module.
Under "UCS release" click on "Check for updates". Perform the Update.
Under "Security Updates" click on "Check for updates". Perform the Update.


Restart the machine, when the systems asks you to.
After the change, the MySQL service needs to be restarted:               


====One-Server-Solution comparable with OXAE====
/etc/init.d/mysql restart
After the Master installation there are no further preparations needed for the One-Server-Solution


====Dedicated Slave-/Backup server for OXSE====
In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand.                                                                 


* One UCS Master 2.2-0 installation (as describe above)
$ mysql                                                                           
* '''update to 2.2-3'''
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                         
* One or more UCS Backup or Slave 2.2-0 installations (as described above)
'openexchange'@'ox-instance1.ucs.local' \                                     
* the LDAP base must be the same as for the master
IDENTIFIED BY 'secret';                                                       
* during installation, you will be asked to join the master: ensure, that DNS is running and the enter the hostname of the master and the credentials at this point.
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                         
* '''update to 2.2-3'''
'openexchange'@'ox-instance2.ucs.local' \                                     
IDENTIFIED BY 'secret';                                                       
mysql> GRANT ...                                                               
mysql> FLUSH PRIVILEGES;                                                       
mysql> exit                         
$
                                         
2.3.2 Active OX instance
The univention-ox package must be installed on the active OX instance.     


====Installing a distributed environment====
DEBIAN_FRONTEND=noninteractive apt-get \                                       
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox                                                         


For the installation of a distributed environment you must define, how the several services should be distributed on your system. In a distributed environment the following services can be installed and used on any system role (Master/Backup/Slave)
Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.


===== Open-Xchange Server =====
export HISTIGNORE="export*"                                                     
More than one instance of Open-Xchange Server can be installed, in that case first one Open-Xchange Server instance must be installed and then bound to the UCS-domain with a join. This Open-Xchange Server instance uses a listener to synchronize with the UCS-directory service. Additional Open-Xchange Server instances can now be created easily out of existing Open-Xchange Server instances. The first instance, which takes care of the synchronization, is called 'Active-OX' (in the following example it is called ox-instance1), all additional Open-Xchange Server instances, which just access to the OX-DB, are called 'Passive-OX' (in the following example it is called ox-instance2)
export OXDB=oxdbserver.ucs.local                                               
export OXDBPW="secret"                                                         
export OXIMAPSERVER=oximapserver.ucs.local                                     


===== IMAP Server =====
Then the join scripts need to run:                                     
It is possible to install a dedicated IMAP server for every mail-domain (in the following example it is called oximapserver), but of course one IMAP server can be responsible for multiple mail-domains too. Every mail-domain has to be dedicated exactly to one IMAP server.


===== MySQL Server =====
univention-run-join-scripts
For a distributed environment exactly one MySQL server (in the following example it is called oxdbserver) is used, which can be located on one of the UCS-systems. MySQL replication can be established manually afterwards over the known MySQL replication mechanisms. The Open-Xchange instances must be customized therefore.


===Installation on all hosts===
Finally, the environment variable OXDBPW with the password can be unset using the following command:
====Register Apt-Sources====
unset OXDBPW
Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password.
2.3.3  IMAP server
The IMAP server is installed by installing the univention-mail-cyrus-ox package.


ucr set repository/online/component/ox/server=software.open-xchange.com \
DEBIAN_FRONTEND=noninteractive apt-get \                                        
  repository/online/component/ox/prefix=OX6/OXSEforUCS \
-o DPkg::Options::=--force-confold -y --force-yes \                            
  repository/online/component/ox/username={LDB-USERNAME} \
install univention-mail-cyrus-ox                                         
  repository/online/component/ox/password='{LDB-PASSWORD}' \
  repository/online/component/ox=enabled \
  repository/online/component/oxseforucs/server=software.open-xchange.com \
  repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \
  repository/online/component/oxseforucs/username={LDB-USERNAME} \
  repository/online/component/oxseforucs/password='{LDB-PASSWORD}' \
  repository/online/component/oxseforucs=enabled


Update the repository data afterwards
The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:           
apt-get update


====Assuring, that all systems are joined====
apt-get install univention-mail-antispam-ox                                         
If it is not sure that all systems are joined the join should be executed again.
The virus check via amavis and clamav can be installed and activated by installing the univention-antivir-mail package.                                                           
univention-join


== Installation of the component OXSEforUCS ==
apt-get install univention-antivir-mail                                     
=== One-Server solution comparable with OXAE ===
* DC Master Single Server: Installation univention-ox


DEBIAN_FRONTEND=noninteractive apt-get \
A check should then be performed to see whether all join scripts have been run successfully:                                                          
  -o DPkg::Options::=--force-confold -y --force-yes \
  install univention-ox-directory-integration univention-ox \
  univention-mail-cyrus-ox univention-ox-framework


=== Dedicated Slave server for OXSE ===
univention-run-join-scripts
* DC Master: Installation univention-ox-directory-integration
apt-get install univention-ox-directory-integration


* Slave: Installation univention-ox
2.3.4 Additional passive OX instances
  DEBIAN_FRONTEND=noninteractive apt-get \
Firstly, the univention-ox package must also be installed on the additional passive OX instances.
  -o DPkg::Options::=--force-confold -y --force-yes \
  install univention-ox univention-mail-cyrus-ox \
  univention-ox-framework


If it is not sure that all systems are joined the join should be executed again.
DEBIAN_FRONTEND=noninteractive apt-get \                                       
univention-join
-o DPkg::Options::=--force-confold -y --force-yes \                           
install univention-ox                                                         


====Installation of additional passive Open-Xchange Server instances ====
Then the settings can be copied from the active OX instance. This can be done, for example, using the following command:
Please notice that the installation described here,  '''does not support''' the future installation of further '''passive Open-Xchange Server instances'''. If this is required, please follow the Installation procedure "Installation of a distributed environment" described below and set both variables, OXDB and OXIMAPSERVER to the FQDN of the slave server.


===Installation of a distributed environment===
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/
====DC Master Installation====
apt-get install univention-ox-directory-integration


====Installation of additional Servers====
The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file:
On the other servers all dedicated packages can be installed (univention-mail-cyrus-ox, mysql-server, univention-ox-instance, univention-mail-antispam-ox)


* Installation of the IMAP server:
com.openexchange.usm.ox.url=ox-instance2.ucs.local
apt-get install univention-mail-cyrus-ox


* Installation of the MySQL server
The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file:


apt-get install mysql-server
LDAP_HOST=ox-instance2.ucs.local


Set up MySQL to listen to an external interface. The among others Bind-Address of “0.0.0.0” can be replaced through the IP-addresses of the network interface:
Finally, the groupware must be restarted on the passive OX instance:


/etc/mysql/my.cnf
/etc/init.d/open-xchange-admin restart
bind-address 0.0.0.0
/etc/init.d/open-xchange-groupware restart
or
sed -i 's/^bind-address.*$/bind-address = 0.0.0.0/' /etc/mysql/my.cnf


Restart MySQL
2.4  OXtender for business mobility
/etc/init.d/mysql restart
The Open-Xchange OXtender for Business Mobility is an optionally available component for OXSE4UCS which enables the connection of mobile devices. The repository must be activated for it to be possible to install the corresponding packages:                                                                           


Register authorizations of all open-xchange-instances
export LDBUSER=ldbuser LDBPASS=lsbpass
mysql
ucr set repository/online/component/oxmobility/server=software.open-xchange.com \
mysql> GRANT ALL PRIVILEGES ON *.* TO \
repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \
  'openexchange'@'ox-instance1.ox-experten.de' \
repository/online/component/oxmobility/username=$LDBUSER \
  IDENTIFIED BY 'geheim';
repository/online/component/oxmobility/password=$LDBPASS \
mysql> GRANT ALL PRIVILEGES ON *.* TO \
repository/online/component/oxmobility/version=2.2,2.3 \
  'openexchange'@'ox-instance2.ox-experten.de' \
repository/online/component/oxmobility=enabled
  IDENTIFIED BY 'geheim';
mysql> GRANT ...
mysql> FLUSH PRIVILEGES;
mysql> exit


====Installation of the active Open-Xchange instance ====
apt-get update
* Installation with apt
apt-get install univention-ox univention-ox-framework


* Specifcation of IMAP and MySQL server
Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system.
For the IMAP and MySQL services, which are not based on this host, they must be specified as environment variables before the join:
export HISTIGNORE="export*"
export OXDB=oxdbserver.ox-experten.de
export OXDBPW="geheim"
export OXIMAPSERVER=oximapserver.ox-experten.de


* Optional: testing MySQL-connection before the join
apt-get install mysql-client
mysql -u openexchange -h $OXDB --password="$OXDBPW"</pre>
* (Re-)Join des Systems
univention-join
if the join-scripts have not been executed, this is sufficient:
univention-run-join-scripts
====Installation of additional passive Open-Xchange Server instances ====
apt-get install univention-ox univention-ox-framework
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/
/opt/open-xchange/etc/groupware/usm.properties
com.openexchange.usm.ox.url=ox-instance2.ox-experten.de
/opt/open-xchange/etc/authplugin.properties
LDAP_HOST=ox-instance2.ox-experten.de
/etc/init.d/open-xchange-admin restart
/etc/init.d/open-xchange-groupware restart
=== Creation of the first user ===
To do so, login on the Web-GUI of the DC-Master in the Univention Directory Manager and choose under the point "user" the option "add".
There the pattern "open-xchange groupware account" has to be chosen and the button "next" must be clicked.
In this Tab all fields marked with a * and the field "forename" have to be filled in.
[[File:User_anlegen_en.jpg|center|600px|]]
=== Mobility ===
Information about the mobility support can be found here: http://www.open-xchange.com/en/mobility-solutions-en.
For mobility support, a new component has to be added on all servers where installation will happen later. Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password. Please note that accessing this component requires a mobility license key.
<pre>
ucr set repository/online/component/oxmobility/server=software.open-xchange.com\
repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \
repository/online/component/oxmobility/username={LDB-USERNAME} \
repository/online/component/oxmobility/password='{LDB-PASSWORD}' \
repository/online/component/oxmobility=enabled
</pre>
After the following installation procedure, you can configure mobility access per-user in the UDM user-module.
Beware, that the groupware will be restarted, and users will lose their sessions:
==== Single Server ====
On a single-server solution, following packages have to be installed:
<pre>
apt-get install univention-ox-usm-udm
apt-get install univention-ox-usm-ox
apt-get install univention-ox-usm-ox
</pre>


==== Multi Server ====
If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master.


On master:
<pre>
apt-get install univention-ox-usm-udm
apt-get install univention-ox-usm-udm
</pre>
On the primary OX:
<pre>
apt-get install univention-ox-usm-ox
</pre>
===Spam treatment===
The antispam package is optional. It must be installed and configured separately, in a distributed environment it must be placed on the IMAP servers.
Install with:
apt-get install univention-mail-antispam-ox
Additionally the open-xchange bundle is required:
apt-get install open-xchange-spamhandler-spamassassin
To make the spamd service start automatically the default configuration has to be edited:
/etc/default/spamassassin
ENABLED=1
/etc/init.d/spamassassin restart
Activation
ucr set postfix/procmaildelivery=yes
The spamrunner is started with
ucr set mail/antispam/ox/spamrunner=yes
= Troubleshooting =
== apt cannot find packages ==
Please check the apt-sources. Maybe the credentials were not entered or wrong. UCS doesn't warn about that.
<pre>cat /etc/apt/sources.list.d/20_ucs-online-component.list</pre>
must contain lines like
<pre>deb http://user:password@software.open-xchange.com/OX6/OXSEforUCS/2.2/maintained/component oxseforucs/i386/</pre>
for your architecture (here: /i386/), platform independent (/all/) and all components (at the moment: oxseforucs and oxmobility)
You can check the settings of your components on the shell with
<pre>ucr search repository</pre>
Then configure the variables with (here: the password for the oxseforucs component):
<pre>ucr set repository/online/component/oxseforucs/password=secret</pre>
= F.A.Q. =
== What is the oxmobility component? ==
The oxmobility component is the implementation of "OXtender for Business Mobility" into OXSEforUCS. It has to be licensed and installed seperately. Further information is available under http://sdb.open-xchange.com/faq/63


== How can I switch of the scan of the package database? ==
3  Updating
To update a UCS 2.2 system with OXSE4UCS 6.12 or 6.14 to UCS 2.3, the following variables must be set before the update.


If you keep getting messages like:
ucr set repository/online/component/ox/version=2.2,2.3 \
<pre>Cannot find service-record of _pkgdb._tcp.
        repository/online/component/oxseforucs/version=2.2,2.3
No DB-Server-Name found.
</pre>
you can ignore them or switch the packagedb-scan off with
<pre>ucr set pkgsb/scan=no


</pre>
The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
4  Administration
4.1  User and group management
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.
When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.
4.2  System messages
The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:


== Where are the repositories located? ==
ucr set mail/alias/root=oxadmin@ucs.local
newaliases
/etc/init.d/postfix reload


Conceptionally, OXSEforUCS is a component or an add-on to UCS. Thus, the distribution of ucs and the apt-sources are located at http://apt.univention.de
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.


The apt-sources for the components are in the (LDB-)password-protected area below http://software.open-xchange.com/OX6/OXSEforUCS/




[[Category: OX6]]
[[Category: OX6]]

Revision as of 13:39, 12 April 2010

Introduction

The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).

OXSE4UCS is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.

More detailed information on UCS can be found on the Univention GmbH website: [1].

Installation

As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly.

There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.

To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [2].

The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:

export LDBUSER=myusername LDBPASS=secret
ucr set repository/online/component/ox/server=software.open-xchange.com \                                                                                                                            

repository/online/component/ox/prefix=OX6/OXSEforUCS \ repository/online/component/ox/username=$LDBUSER \ repository/online/component/ox/password=$LDBPASS \ repository/online/component/ox/version=2.2,2.3 \ repository/online/component/ox=enabled \ repository/online/component/oxseforucs/server=software.open-xchange.com \ repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \ repository/online/component/oxseforucs/username=$LDBUSER \ repository/online/component/oxseforucs/password=$LDBPASS \ repository/online/component/oxseforucs/version=2.2,2.3 \ repository/online/component/oxseforucs=enabled

apt-get update

The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly. 2.1 Installation on a DC master When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line:

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-meta-singleserver

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package. 2.2 Installation on a dedicated DC slave In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system.

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-directory-integration

The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-meta-singleserver

univention-run-join-scripts

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package. 2.3 Installation in a distributed environment When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration.

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-directory-integration

The following services can then be distributed on the other UCS systems: • IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail) • MySQL server (mysql-server) • OX instance (univention-ox) 2.3.1 MySQL server The MySQL server is installed by installing the mysql-server package.

apt-get install mysql-server

The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf.

bind-address 0.0.0.0

After the change, the MySQL service needs to be restarted:

/etc/init.d/mysql restart

In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand.

$ mysql mysql> GRANT ALL PRIVILEGES ON *.* TO \

'openexchange'@'ox-instance1.ucs.local' \                                       
IDENTIFIED BY 'secret';                                                         

mysql> GRANT ALL PRIVILEGES ON *.* TO \

'openexchange'@'ox-instance2.ucs.local' \                                       
IDENTIFIED BY 'secret';                                                         

mysql> GRANT ... mysql> FLUSH PRIVILEGES; mysql> exit $

2.3.2 Active OX instance The univention-ox package must be installed on the active OX instance.

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox

Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.

export HISTIGNORE="export*" export OXDB=oxdbserver.ucs.local export OXDBPW="secret" export OXIMAPSERVER=oximapserver.ucs.local

Then the join scripts need to run:

univention-run-join-scripts

Finally, the environment variable OXDBPW with the password can be unset using the following command: unset OXDBPW 2.3.3 IMAP server The IMAP server is installed by installing the univention-mail-cyrus-ox package.

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-mail-cyrus-ox

The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:

apt-get install univention-mail-antispam-ox The virus check via amavis and clamav can be installed and activated by installing the univention-antivir-mail package.

apt-get install univention-antivir-mail

A check should then be performed to see whether all join scripts have been run successfully:

univention-run-join-scripts

2.3.4 Additional passive OX instances Firstly, the univention-ox package must also be installed on the additional passive OX instances.

DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox

Then the settings can be copied from the active OX instance. This can be done, for example, using the following command:

rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/

The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file:

com.openexchange.usm.ox.url=ox-instance2.ucs.local

The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file:

LDAP_HOST=ox-instance2.ucs.local

Finally, the groupware must be restarted on the passive OX instance:

/etc/init.d/open-xchange-admin restart /etc/init.d/open-xchange-groupware restart

2.4 OXtender for business mobility The Open-Xchange OXtender for Business Mobility is an optionally available component for OXSE4UCS which enables the connection of mobile devices. The repository must be activated for it to be possible to install the corresponding packages:

export LDBUSER=ldbuser LDBPASS=lsbpass ucr set repository/online/component/oxmobility/server=software.open-xchange.com \ repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \ repository/online/component/oxmobility/username=$LDBUSER \ repository/online/component/oxmobility/password=$LDBPASS \ repository/online/component/oxmobility/version=2.2,2.3 \ repository/online/component/oxmobility=enabled

apt-get update

Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system.

apt-get install univention-ox-usm-ox

If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master.

apt-get install univention-ox-usm-udm

3 Updating To update a UCS 2.2 system with OXSE4UCS 6.12 or 6.14 to UCS 2.3, the following variables must be set before the update.

ucr set repository/online/component/ox/version=2.2,2.3 \

       repository/online/component/oxseforucs/version=2.2,2.3

The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update. 4 Administration 4.1 User and group management New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation. When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings. 4.2 System messages The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:

ucr set mail/alias/root=oxadmin@ucs.local newaliases /etc/init.d/postfix reload

It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.