OXSE4UCS Installation en: Difference between revisions
No edit summary |
|||
| Line 5: | Line 5: | ||
More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html]. | More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html]. | ||
= Installation = | = Installation = | ||
| Line 11: | Line 12: | ||
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible. | There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible. | ||
To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html]. | To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html]. | ||
The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this: | The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this: | ||
<pre> | <pre> | ||
export LDBUSER=myusername LDBPASS=secret | |||
ucr set repository/online/component/ox/server=software.open-xchange.com \ | |||
repository/online/component/ox/prefix=OX6/OXSEforUCS \ | repository/online/component/ox/prefix=OX6/OXSEforUCS \ | ||
repository/online/component/ox/username=$LDBUSER \ | repository/online/component/ox/username=$LDBUSER \ | ||
| Line 29: | Line 30: | ||
repository/online/component/oxseforucs/version=2.2,2.3 \ | repository/online/component/oxseforucs/version=2.2,2.3 \ | ||
repository/online/component/oxseforucs=enabled | repository/online/component/oxseforucs=enabled | ||
apt-get update | |||
</pre> | </pre> | ||
The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly. | The access data (''myusername'' and ''secret'') are created when the Open-Xchange licence is activated and must be adapted here accordingly. | ||
== Installation on a DC master == | == Installation on a DC master == | ||
When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line: | When installing OXSE4UCS on a DC master, only the '''univention-ox-meta-singleserver''' package requires installing. This can be performed via the Univention Management Console or on the command line: | ||
<pre> | <pre> | ||
DEBIAN_FRONTEND=noninteractive apt-get \ | DEBIAN_FRONTEND=noninteractive apt-get \ | ||
-o DPkg::Options::=--force-confold -y --force-yes \ | -o DPkg::Options::=--force-confold -y --force-yes \ | ||
install univention-ox-meta-singleserver | install univention-ox-meta-singleserver | ||
</pre> | </pre> | ||
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package. | The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the '''univention-ox and univention-mail-cyrus-ox''' packages can be installed instead of the '''univention-ox-meta-singleserver package'''. | ||
==Installation on a dedicated DC slave== | ==Installation on a dedicated DC slave== | ||
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system. | In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the '''univention-ox-directory-integration''' package must be installed on the DC master in order to initiate integration in the UCS management system. | ||
<pre> | <pre> | ||
DEBIAN_FRONTEND=noninteractive apt-get \ | DEBIAN_FRONTEND=noninteractive apt-get \ | ||
-o DPkg::Options::=--force-confold -y --force-yes \ | -o DPkg::Options::=--force-confold -y --force-yes \ | ||
install univention-ox-directory-integration | install univention-ox-directory-integration | ||
</pre> | </pre> | ||
The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation: | The '''univention-ox-meta-singleserver''' package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation: | ||
<pre> | <pre> | ||
| Line 64: | Line 65: | ||
</pre> | </pre> | ||
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package. | The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses. If this is not required, the '''univention-ox''' and '''univention-mail-cyrus-ox''' packages can be specified instead of the '''univention-ox-meta-singleserver''' package. | ||
== Installation in a distributed environment == | == Installation in a distributed environment == | ||
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration. | When installing a distributed environment, integration in the UCS management system must be performed firstly by installing '''univention-ox-directory-integration'''. | ||
<pre> | <pre> | ||
| Line 76: | Line 77: | ||
The following services can then be distributed on the other UCS systems: | The following services can then be distributed on the other UCS systems: | ||
* IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail) | * IMAP server and optionally spam and virus filtering (''univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail'') | ||
* MySQL server (mysql-server) | * MySQL server (''mysql-server'') | ||
* OX instance (univention-ox) | * OX instance (''univention-ox'') | ||
===MySQL server=== | ===MySQL server=== | ||
| Line 87: | Line 89: | ||
</pre> | </pre> | ||
The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf. | The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the ''bind-address'' option can be set to ''0.0.0.0'' in the MySQL configuration file ''/etc/mysql/my.cnf''. | ||
<pre> | <pre> | ||
| Line 116: | Line 118: | ||
=== Active OX instance === | === Active OX instance === | ||
The univention-ox package must be installed on the active OX instance. | The '''univention-ox''' package must be installed on the active OX instance. | ||
<pre> | <pre> | ||
| Line 130: | Line 132: | ||
export OXDB=oxdbserver.ucs.local | export OXDB=oxdbserver.ucs.local | ||
export OXDBPW="secret" | export OXDBPW="secret" | ||
export OXIMAPSERVER=oximapserver.ucs.local | export OXIMAPSERVER=oximapserver.ucs.local | ||
</pre> | </pre> | ||
| Line 146: | Line 148: | ||
=== IMAP server === | === IMAP server === | ||
The IMAP server is installed by installing the univention-mail-cyrus-ox package. | The IMAP server is installed by installing the '''univention-mail-cyrus-ox''' package. | ||
<pre> | <pre> | ||
DEBIAN_FRONTEND=noninteractive apt-get \ | DEBIAN_FRONTEND=noninteractive apt-get \ | ||
-o DPkg::Options::=--force-confold -y --force-yes \ | -o DPkg::Options::=--force-confold -y --force-yes \ | ||
install univention-mail-cyrus-ox | install univention-mail-cyrus-ox | ||
</pre> | </pre> | ||
The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package: | The spam check via ''spamassassin'' can be installed and activated by installing the '''univention-mail-antispam-ox''' package: | ||
<pre> | <pre> | ||
| Line 160: | Line 162: | ||
</pre> | </pre> | ||
The virus check via amavis and clamav can be installed and activated by installing the | The virus check via ''amavis'' and ''clamav'' can be installed and activated by installing the u'''nivention-antivir-mail''' package. | ||
<pre> | <pre> | ||
| Line 173: | Line 175: | ||
=== Additional passive OX instances === | === Additional passive OX instances === | ||
Firstly, the univention-ox package must also be installed on the additional passive OX instances. | Firstly, the '''univention-ox''' package must also be installed on the additional passive OX instances. | ||
<pre> | <pre> | ||
DEBIAN_FRONTEND=noninteractive apt-get \ | DEBIAN_FRONTEND=noninteractive apt-get \ | ||
-o DPkg::Options::=--force-confold -y --force-yes \ | -o DPkg::Options::=--force-confold -y --force-yes \ | ||
install univention-ox | install univention-ox | ||
</pre> | </pre> | ||
| Line 187: | Line 189: | ||
</pre> | </pre> | ||
The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file: | The FQDN of the current computer must be entered in the'' /opt/open-xchange/etc/groupware/usm.properties'' file: | ||
<pre> | <pre> | ||
| Line 193: | Line 195: | ||
</pre> | </pre> | ||
The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file: | The FQDN of the current computer must also be entered in the'' /opt/open-xchange/etc/authplugin.properties'' file: | ||
<pre> | <pre> | ||
| Line 222: | Line 224: | ||
</pre> | </pre> | ||
Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system. | Installing the '''univention-ox-usm-ox''' package installs the Oxtender for Business Mobility on the OXSE4UCS system. | ||
<pre> | <pre> | ||
apt-get install univention-ox-usm-ox | apt-get install '''univention-ox-usm-ox''' | ||
</pre> | </pre> | ||
If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master. | If the target system is neither a DC master nor a DC backup system, the '''univention-ox-usm-udm''' package should also be installed on the DC master. | ||
<pre> | <pre> | ||
apt-get install univention-ox-usm-udm | apt-get install '''univention-ox-usm-udm''' | ||
</pre> | </pre> | ||
| Line 242: | Line 244: | ||
</pre> | </pre> | ||
The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update. | The system can then be updated as usual for UCS using the ''univention-updater net command'' or the ''UMC module Online Update''. | ||
=Administration= | =Administration= | ||
| Line 249: | Line 251: | ||
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation. | New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation. | ||
When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings. | When creating a user, the '''open-xchange groupware account''' user template should be selected. This preselects all Open-Xchange specific settings. | ||
== System messages == | == System messages == | ||
The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose: | The ''mail/alias/root'' UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose: | ||
<pre> | <pre> | ||
| Line 260: | Line 262: | ||
</pre> | </pre> | ||
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file. | It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the ''/etc/ox-secrets/context10.secret'' file. | ||
[[Category: OX6]] | [[Category: OX6]] | ||
Revision as of 14:21, 12 April 2010
Introduction
The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).
OXSE4UCS is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.
More detailed information on UCS can be found on the Univention GmbH website: http://www.univention.de/dokumentation.html.
Installation
As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly.
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: http://www.univention.de/dokumentation.html.
The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:
export LDBUSER=myusername LDBPASS=secret ucr set repository/online/component/ox/server=software.open-xchange.com \ repository/online/component/ox/prefix=OX6/OXSEforUCS \ repository/online/component/ox/username=$LDBUSER \ repository/online/component/ox/password=$LDBPASS \ repository/online/component/ox/version=2.2,2.3 \ repository/online/component/ox=enabled \ repository/online/component/oxseforucs/server=software.open-xchange.com \ repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \ repository/online/component/oxseforucs/username=$LDBUSER \ repository/online/component/oxseforucs/password=$LDBPASS \ repository/online/component/oxseforucs/version=2.2,2.3 \ repository/online/component/oxseforucs=enabled apt-get update
The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly.
Installation on a DC master
When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line:
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-meta-singleserver
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package.
Installation on a dedicated DC slave
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system.
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-directory-integration
The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-meta-singleserver univention-run-join-scripts
The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package.
Installation in a distributed environment
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration.
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox-directory-integration
The following services can then be distributed on the other UCS systems:
- IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail)
- MySQL server (mysql-server)
- OX instance (univention-ox)
MySQL server
The MySQL server is installed by installing the mysql-server package.
apt-get install mysql-server
The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf.
bind-address 0.0.0.0
After the change, the MySQL service needs to be restarted:
/etc/init.d/mysql restart
In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand.
$ mysql mysql> GRANT ALL PRIVILEGES ON *.* TO \ 'openexchange'@'ox-instance1.ucs.local' \ IDENTIFIED BY 'secret'; mysql> GRANT ALL PRIVILEGES ON *.* TO \ 'openexchange'@'ox-instance2.ucs.local' \ IDENTIFIED BY 'secret'; mysql> GRANT ... mysql> FLUSH PRIVILEGES; mysql> exit $
Active OX instance
The univention-ox package must be installed on the active OX instance.
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox
Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.
export HISTIGNORE="export*" export OXDB=oxdbserver.ucs.local export OXDBPW="secret" export OXIMAPSERVER=oximapserver.ucs.local
Then the join scripts need to run:
univention-run-join-scripts
Finally, the environment variable OXDBPW with the password can be unset using the following command:
unset OXDBPW
IMAP server
The IMAP server is installed by installing the univention-mail-cyrus-ox package.
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-mail-cyrus-ox
The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:
apt-get install univention-mail-antispam-ox
The virus check via amavis and clamav can be installed and activated by installing the univention-antivir-mail package.
apt-get install univention-antivir-mail
A check should then be performed to see whether all join scripts have been run successfully:
univention-run-join-scripts
Additional passive OX instances
Firstly, the univention-ox package must also be installed on the additional passive OX instances.
DEBIAN_FRONTEND=noninteractive apt-get \ -o DPkg::Options::=--force-confold -y --force-yes \ install univention-ox
Then the settings can be copied from the active OX instance. This can be done, for example, using the following command:
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/
The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file:
com.openexchange.usm.ox.url=ox-instance2.ucs.local
The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file:
LDAP_HOST=ox-instance2.ucs.local
Finally, the groupware must be restarted on the passive OX instance:
/etc/init.d/open-xchange-admin restart /etc/init.d/open-xchange-groupware restart
OXtender for business mobility
The Open-Xchange OXtender for Business Mobility is an optionally available component for OXSE4UCS which enables the connection of mobile devices. The repository must be activated for it to be possible to install the corresponding packages:
export LDBUSER=ldbuser LDBPASS=lsbpass ucr set repository/online/component/oxmobility/server=software.open-xchange.com \ repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \ repository/online/component/oxmobility/username=$LDBUSER \ repository/online/component/oxmobility/password=$LDBPASS \ repository/online/component/oxmobility/version=2.2,2.3 \ repository/online/component/oxmobility=enabled apt-get update
Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system.
apt-get install '''univention-ox-usm-ox'''
If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master.
apt-get install '''univention-ox-usm-udm'''
Updating
To update a UCS 2.2 system with OXSE4UCS 6.12 or 6.14 to UCS 2.3, the following variables must be set before the update.
ucr set repository/online/component/ox/version=2.2,2.3 \
repository/online/component/oxseforucs/version=2.2,2.3
The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
Administration
User and group management
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.
When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.
System messages
The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:
ucr set mail/alias/root=oxadmin@ucs.local newaliases /etc/init.d/postfix reload
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.