AppSuite:Context management: Difference between revisions

From Open-Xchange
No edit summary
 
(17 intermediate revisions by 4 users not shown)
Line 19: Line 19:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,--contextid <integer>
| -c,--contextid <integer>
Line 24: Line 27:
|-
|-
| -q,--quota <integer>
| -q,--quota <integer>
|Context wide filestore quota in MB
|Context wide filestore quota in MB. -1 = unlimited. '''Note:''' The context-associated filestore is not only used by Infostore/Drive module, but also for other features like snippets/signatures, thumbnail cache, PIM (contacts, calendar & tasks) attachments, etc. Thus even if you don't use the Infostore/Drive, you should always set an appropriate amount so users can e.g. store signatures or attach files to PIM items.
|-
|-
| -u,--username <string>
| -u,--username <string>
Line 55: Line 58:
| -L,--addmapping <string>
| -L,--addmapping <string>
|Add login mappings separated by ","
|Add login mappings separated by ","
|-
| -F,--destination-store-id <integer>
|Specifies the optional file store identifier to which the context gets assigned; if missing the file store gets auto-detected
|-
| -D,--destination-database-id <integer>
|Specifies the optional database identifier to which the context gets assigned; if missing the database gets auto-detected
|-
|-
| --access-combination-name <access-combination-name>
| --access-combination-name <access-combination-name>
Line 140: Line 149:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,--contextid <contextid>
| -c,--contextid <contextid>
Line 204: Line 216:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -s,--searchpattern <string>
| -s,--searchpattern <string>
Line 267: Line 282:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,--contextid <integer>
| -c,--contextid <integer>
Line 334: Line 352:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout <integer>
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|}
|}


Line 499: Line 520:
<code>all contexts enabled</code>
<code>all contexts enabled</code>


 
== getcontextcapabilities ==
 
'''<code>getcontextcapabilities</code>''' is the tool to list available capabilities for a certain context.
 
 
=== Parameters ===
 
{| border="1"
|-
| -h,--help
|Prints a help text
|-
| --environment
|Show info about commandline environment
|-
| --nonl
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
| -c,--contextid &lt;integer&gt;
|The id of the context
|-
| -N,--contextname &lt;contextname&gt;
|context name
|}
 
=== Extra parameters when authentication is enabled ===
 
{| border="1"
|-
| -A,--adminuser &lt;string&gt;
|Context Admin user name
|-
| -P,--adminpass &lt;string&gt;
|Context Admin password
|}
 
=== Return value ===
 
<code>0</code> on success
 
<code>&gt;0</code> on failure
 
=== Mandatory parameters ===
<code>contextid adminuser adminpass</code>
 
=== Command output ===
 
Either "There are no capabilities set for context &lt;context-id&gt;"
or a line-wise listing of identifiers for available capabilities
 
=== Example ===
 
<pre> root@oxhe:~# /opt/open-xchange/sbin/getcontextcapabilities -c 6
</pre>
 
== changecontext ==
== changecontext ==


Line 518: Line 597:
|webmail=webmail, contacts, globaladdressbookdisabled, collectemailaddresses, editpassword
|webmail=webmail, contacts, globaladdressbookdisabled, collectemailaddresses, editpassword
|-
|-
|pim=webmail, calendar, contacts, tasks, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword
|pim=webmail, ''calendar'', contacts, ''tasks'', globaladdressbookdisabled, collectemailaddresses, ''multiplemailaccounts'', ''subscription'', ''publication'', editpassword
|-
|-
|pim_infostore=webmail, calendar, contacts, tasks, infostore, webdav, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication
|pim_infostore=webmail, calendar, contacts, tasks, ''infostore'', ''webdav'', globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication
|-
|-
|pim_mobility=webmail, calendar, contacts, tasks, syncml, usm, activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword
|pim_mobility=webmail, calendar, contacts, tasks, syncml, ''usm'', activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, ''editpassword''
|-
|-
|groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility and OXtender. )  
|groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility)  
|-
|-
|groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav, webdavxml, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication
|groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, ''syncml, ''usm'', ''olox20'', ''activesync'', readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication
|-
|-
|all=webmail, calendar, contacts, infostore, tasks, webdav, webdavxml, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, publicfoldereditable, collectemailaddresses, multiplemailaccounts, subscription, publication
|all=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, ''publicfoldereditable'', collectemailaddresses, multiplemailaccounts, subscription, publication (This is a right tailored to a context administrator)
|}
|}
'''Note:''' Italics denote additional rights in comparison to the previous set where applicable.


When having changed the access rights of the context and its users with "changecontext" the "downgrade" command should be called on the admin server. All unnecessary data are removed from
When having changed the access rights of the context and its users with "changecontext" the "downgrade" command should be called on the admin server. All unnecessary data are removed from
Line 547: Line 628:
| --nonl
| --nonl
|Remove all newlines (\n) from output
|Remove all newlines (\n) from output
|-
| --responsetimeout &lt;integer&gt;
|response timeout in seconds for reading response from the backend (default 0s; infinite) '''Available with v7.8.0'''
|-
|-
| -c,- -contextid &lt;integer&gt;
| -c,- -contextid &lt;integer&gt;
Line 567: Line 651:
|-
|-
| --capabilities-to-add &lt;capabilities-to-add&gt;
| --capabilities-to-add &lt;capabilities-to-add&gt;
| The capabilities to add as a comma-separated string
| The capabilities to add as a comma-separated string (from 7.2.0 on)
|-
|-
| --capabilities-to-remove &lt;capabilities-to-remove&gt;
| --capabilities-to-remove &lt;capabilities-to-remove&gt;
| The capabilities to remove as a comma-separated string
| The capabilities to remove as a comma-separated string (from 7.2.0 on)
|-
| --capabilities-to-drop &lt;capabilities-to-drop&gt;
|The capabilities to drop; e.g. cleanse from storage; as a comma-separated string (from 7.6.0 on)
|-
| --quota-module &lt;quota-module&gt;
|The identifier of the module to which to apply the quota value (from 7.2.0 on)
|-
| --quota-value &lt;quota-value&gt;
| from v7.2.0 on: The quota value; zero is unlimited<br>from v7.6.0 on: The numeric quota value specifying the max. number of items allowed for context. Zero is unlimited. A value less than zero deletes the quota entry (and falls back to configured behavior)
|}
|}



Latest revision as of 09:19, 10 January 2020

createcontext

createcontext is the tool to create new contexts. A context is an independent instance within the createcontext Open-Xchange system and holds users, groups and resources and all their objects. Data from one context is not visible to other contexts. Module access (calendar, tasks, email) can be set via predefined "access combination names". These names can be configured on the server side. All users which are created during later use of the "createuser" tool will inherit the module access rights from the context. If you do not specify any access rights on createcontext minimal access rights will be granted. Currently, these are Webmail and Contacts access rights.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of the context, when starting with 0, 0 is deleted
-q,--quota <integer> Context wide filestore quota in MB. -1 = unlimited. Note: The context-associated filestore is not only used by Infostore/Drive module, but also for other features like snippets/signatures, thumbnail cache, PIM (contacts, calendar & tasks) attachments, etc. Thus even if you don't use the Infostore/Drive, you should always set an appropriate amount so users can e.g. store signatures or attach files to PIM items.
-u,--username <string> Username for the new context admin user
-d,--displayname <string> Displayname for the new context admin user
-g,--givenname <string> Given name for the new context admin user
-s,--surname <string> Surname/last name for the new context Admin user
-p,--password <string> Password for the new context Admin user
-e,--email <string> Primary E-Mail address for the new context Admin user
-l,--lang <lang> Language for the new context Admin user
-t,--timezone <timezone> Timezone for the new context Amin user
-N,--contextname <string> Context name
-L,--addmapping <string> Add login mappings separated by ","
-F,--destination-store-id <integer> Specifies the optional file store identifier to which the context gets assigned; if missing the file store gets auto-detected
-D,--destination-database-id <integer> Specifies the optional database identifier to which the context gets assigned; if missing the database gets auto-detected
--access-combination-name <access-combination-name> Access combination name
--access-denied-portal <on/off> Denies portal access (Default is off)
--csv-import <CSV file> Full path to CSV file with user data to import. This option makes mandatory options obsolete, except credential options (if needed).

--csv-import <CSV file>

Full path to CSV file with user data to import. This option makes mandatory command line options obsolete, except credential options (if needed). But they have to be set in the CSV file.

With this option you can specify a csv file (a full pathname must be given) with the data which should be imported. The columnnames in the CSV file must be the same as the long-options of the command line tools, without the prefix "--".

This option will normally be used to fill new large installations with the new data. So instead of calling the command line tools in a shell script every time, just a csv file needs to be created, containing the whole data.

Note that the credentials of the masteradmin in the createcontext call must be given on the command line with the -A and -P options nevertheless - if authentication is enabled. If the createuser command line tool is used, the credentials are part of the csv file, and cannot be set as options on the command line itself. The reason for this different behavior is that different contexts have different credentials for the admin user, so they must be set in every line of the csv file. Opposed to this the credentials of the masteradmin are always the same.

Extra parameters when authentication is enabled

-A,--adminuser <string> Master Admin user name
-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

contextid {adminuser adminpass} quota username displayname givenname surname password email

Command output

On success:

context <contextid> created

On failure:

context <contextid> could not be created: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/createcontext -c 123 -q 1000 -N CompanyA -u "admin" -d "Admin of CompanyA" -g John -s Example -p newpw -e john@example.com

context 123 created


deletecontext

deletecontext is the tool to delete contexts and all data stored that belong to it. This includes all database entries and files in the infostore but no E-Mail components.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <contextid> The id of the context
-N,--contextname <contextname> Context name

Extra parameters when authentication is enabled

-A,--adminuser <string> Master Admin user name
-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

(contextid or contexname) {adminuser adminpass}

Command output

On success:

context <contextid> deleted

On failure:

context <contextid> could not be deleted: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/deletecontext -c 123

context 123 deleted


listcontext

listcontext is the tool to list and search for contexts.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-s,--searchpattern <string> Search/List pattern, default “*”
--csv Command output as csv

Extra parameters when authentication is enabled

-A,--adminuser <adminuser> Master Admin user name
-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

{adminuser adminpass}

Command output

Standard output:

cid fid fname enabled qmax qused name
lmappings . . ... ... ... ... ... ...

csv output:

id,filestore_id,filestore_name,enabled,max_quota,used_quota,name,lmappings

Example

root@oxhe:/opt/open-xchange/sbin# ./listcontexts cid fid fname
enabled qmax qused name lmappings 6 3 6_ctx_store true 1000 0 customerA 6,customerA,secondlogin

disablecontext

disablecontext is the tool to disable contexts. Whenever a customer tries to log in to a disabled context, the login is denied.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of the context
-N,--contextname <string> Context name

Extra parameters when authentication is enabled

-A,--adminuser <string> Master Admin user name
-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

(contextid or contextname) {adminuser adminpass}

Command output

On success:

context <contextid> disabled

On failure:

context <contextid> could not be disabled: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/disablecontext -c 123

context 123 disabled


disableallcontexts

disableallcontexts is the tool to disable all contexts. Whenever a customer tries to log in to a disabled context, the login is denied.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0

Extra parameters when authentication is enabled

-A,--adminuser <string> Master Admin user

name

-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

{adminuser adminpass}

Command output

On success:

all contexts disabled

On failure:

all contexts could not be disabled: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/disableallcontexts

all contexts disabled


enablecontext

enablecontext is the tool to enable a disabled context.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from

output

-c,--contextid <integer> The id of the context
-N,--contextname <string> Context name

Extra parameters when authentication is enabled

-A,--adminuser <adminuser> Master Admin user name
-P,--adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

(contextid or contextname) {adminuser adminpass}

Command output

On success:

context <contextid> enabled

On failure:

context <contextid> could not be enabled: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/enablecontext -c 123

context <contextid> enabled


enableallcontexts

enableallcontexts is the tool to enable all disabled contexts.

Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from

output

Extra parameters when authentication is enabled

-A,--adminuser <string> Master Admin user name
-P,--adminpass

<string>

Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

{adminuser adminpass}

Command output

On success:

all contexts enabled

On failure:

all contexts could not be enabled: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/enableallcontexts

all contexts enabled


getcontextcapabilities

getcontextcapabilities is the tool to list available capabilities for a certain context.


Parameters

-h,--help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,--contextid <integer> The id of the context
-N,--contextname <contextname> context name

Extra parameters when authentication is enabled

-A,--adminuser <string> Context Admin user name
-P,--adminpass <string> Context Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

contextid adminuser adminpass

Command output

Either "There are no capabilities set for context <context-id>" or a line-wise listing of identifiers for available capabilities

Example

 root@oxhe:~# /opt/open-xchange/sbin/getcontextcapabilities -c 6

changecontext

changecontext makes context-wide changes.

If you specify module access options; e.g. "--access-edit-password on"; then please be aware that basic module access set is the one from context's administrator. Meaning any option not explicitly specified as CLI argument will fall-back to context administrator setting for _every_ user in associated context.

You can use changecontext to change the current quota for a given context. When the context has more changecontext space in use than the new quota allows, the customer is only able to delete files until the usage is below quota. Module access (calendar,tasks,email) can be set via predefined "access combination names". These names can be configured on the server side. All users which are created during later use of the "createuser" tool will inherit the module access rights from the context. If you do not specify any access rights on createcontext minimal access rights will be granted. Currently, these are Webmail and Contacts access rights.

There are some default combinations in the ModuleAccessDefinitions.properties file on the admin server, like:

webmail=webmail, contacts, globaladdressbookdisabled, collectemailaddresses, editpassword
pim=webmail, calendar, contacts, tasks, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword
pim_infostore=webmail, calendar, contacts, tasks, infostore, webdav, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication
pim_mobility=webmail, calendar, contacts, tasks, syncml, usm, activesync, globaladdressbookdisabled, collectemailaddresses, multiplemailaccounts, subscription, publication, editpassword
groupware_standard=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication (Groupware Standard always gets new features except mobility)
groupware_premium=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, collectemailaddresses, multiplemailaccounts, subscription, publication
all=webmail, calendar, contacts, infostore, tasks, webdav, ical, vcard, syncml, usm, olox20, activesync, readcreatesharedfolders, delegatetask, editpublicfolders, editgroup, editresource, editpassword, publicfoldereditable, collectemailaddresses, multiplemailaccounts, subscription, publication (This is a right tailored to a context administrator)

Note: Italics denote additional rights in comparison to the previous set where applicable.

When having changed the access rights of the context and its users with "changecontext" the "downgrade" command should be called on the admin server. All unnecessary data are removed from the data base via "groupware api". If e. g. the context 1 is changed from "pim_infostore" to "webmail", the "downgrade" command has to be called for this context then. Then, all unnecessary folders for this context are removed from the data base.

Parameters

-h,- -help Prints a help text
--environment Show info about commandline environment
--nonl Remove all newlines (\n) from output
--responsetimeout <integer> response timeout in seconds for reading response from the backend (default 0s; infinite) Available with v7.8.0
-c,- -contextid <integer> The id of the context
-N,- -contextname <string> The name of the context
-L,- -addmapping <string(s)> Add login mappings. Separated by ","
-R,- -removemapping <stirng(s)> Remove login mappings. Separated by ","
-q,- -quota <integer> Quota for the context filestore in MB
--access-combination-name <access-combination-name> Access combination name
--capabilities-to-add <capabilities-to-add> The capabilities to add as a comma-separated string (from 7.2.0 on)
--capabilities-to-remove <capabilities-to-remove> The capabilities to remove as a comma-separated string (from 7.2.0 on)
--capabilities-to-drop <capabilities-to-drop> The capabilities to drop; e.g. cleanse from storage; as a comma-separated string (from 7.6.0 on)
--quota-module <quota-module> The identifier of the module to which to apply the quota value (from 7.2.0 on)
--quota-value <quota-value> from v7.2.0 on: The quota value; zero is unlimited
from v7.6.0 on: The numeric quota value specifying the max. number of items allowed for context. Zero is unlimited. A value less than zero deletes the quota entry (and falls back to configured behavior)

Extra parameters when authentication is enabled

-A,- -adminuser <string> Master Admin user name
-P,- -adminpass <string> Master Admin password

Return value

0 on success

>0 on failure

Mandatory parameters

(contextid or contextname) {adminuser adminpass} and at minimum one attribute to change

Command output

On success:

context <contextid> changed

On failure:

context <contextid> could not be changed: <reason from server>

Example

root@oxhe~# /opt/open-xchange/sbin/changecontext -c 123 -q 500

context 123 changed

getAdminId

Returns the ID of the context administrator.