Reseller Bundle

From Open-Xchange
Revision as of 07:06, 11 May 2011 by Choeger (talk | contribs) (Created page with "= Open-Xchange Reseller package = The reseller package introduces an additional layer of permissions, so called subadmins. * subadmins can be managed by the oxadminmaster accou...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Open-Xchange Reseller package

The reseller package introduces an additional layer of permissions, so called subadmins.

  • subadmins can be managed by the oxadminmaster account
  • subadmins are oxadminmaster accounts with restricted rights:
    • they can only manage contexts (no database, filestore, etc)
    • they can only manage their own contexts (list/change/delete)

The corresponding documentation of restrictions available and what they do can be found in the javadoc api documentation found in /usr/share/doc/open-xchange-admin-plugin-reseller/javadoc/doc on Debian.

These are basically the restrictions available:

Subadmin.MaxOverallUser
  - the maximum number of users a subadmin can create distributed over all it's
    contexts
Subadmin.MaxContext
  - the maximum number of contexts a subadmin can create
Context.MaxUser
  - the maximum number of users in a single context a contextadmin can create
    Note: this is a restriction, a subadmin can apply to each context
Subadmin.MaxOverallContextQuota
  - the maximum number of quota distributed over all contexts a subadmin
    can use


plus all the restrictions based on module access combinations as found in /opt/open-xchange/etc/admindaemon/ModuleAccessDefinitions.properties

Install on OX AppSuite

Debian GNU/Linux 11.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/stable/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBullseye/ /

and run

$ apt-get update
$ apt-get install open-xchange-admin-plugin-reseller

Debian GNU/Linux 12.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/stable/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBookworm/ /

and run

$ apt-get update
$ apt-get install open-xchange-admin-plugin-reseller


Setup and Configuration

The reseller package requires additional tables in the configdb database as well as the package open-xchange-admin-plugin-autocontextid to be installed.

open-xchange-admin-plugin-autocontextid introduces the feature, that context ids can no longer be specified and maintained by the system administrator, but are now generated by open-xchange itself. This is a requirement since reseller admins do not know, which context ids are already used.

To add the new tables to the configdb, either run

$ mysql -u openexchange -p<YOURPW> configdb \
   < /opt/open-xchange/etc/admindaemon/mysql/reseller.sql
$ mysql -u openexchange -p<YOURPW> configdb \
   < /opt/open-xchange/etc/admindaemon/mysql/autocid.sql

or on a fresh setup, when running initconfigdb, add the following arguments:

$ /opt/open-xchange/sbin/initconfigdb --configdb-pass secret -a \
   --addon-sql "reseller.sql autocid.sql"


Initializing the restrictions

After the additional tables in the configdb have been created, the restrictions must be initialized. This can be done via RMI, SOAP or on commandline using

$ initrestrictions -A oxadminmaster -P secret


Manage subadmins

Subadmin accounts can be managed via the create/change/deleteadmin commands installed to /opt/open-xchange/sbin

Example:

$ /opt/open-xchange/sbin/createadmin -A oxadminmaster -P secret -u testadmin \
   -d "Test Subadmin" -p secret -a Subadmin.MaxContext=2000 \
   -a Subadmin.MaxOverallUser=2100 \
   -a Subadmin.MaxOverallUserByModuleaccess_webmail_plus=2010

Would create a subadmin which is able to create max. 2000 contexts containing max. 2100 users and of these users, max. 2010 can have the module access combination webmail_plus.

list it with

$ /opt/open-xchange/sbin/listadmin -A oxadminmaster -P secret
Id Name      Displayname   Restrictions
36 testadmin Test Subadmin Subadmin.MaxOverallUser=2100,Subadmin.MaxOverallUserByModuleaccess_webmail_plus=2010,Subadmin.MaxContext=2000


Manage contexts

When the reseller package has been installed, context listings contain additional information such as the owner of the single contexts.

$ /opt/open-xchange/sbin/listcontext -A oxadminmaster -P secret
cid fid fname       enabled qmax qused name        lmappings   CustomID         Owner
  1   3 1_ctx_store true     500     0 1                                        oxadminmaster
  2   3 2_ctx_store true     500     0 example.com example.com                  oxadminmaster
  3   3 3_ctx_store true     500     0 3                                        oxadminmaster
  4   3 4_ctx_store true     500     0 4                       a custom id 1234 testadmin    

The subadmin called testadmin can only list it's own context(s):

$ /opt/open-xchange/sbin/listcontext -A testadmin -P secret
cid fid fname       enabled qmax qused name lmappings CustomID         Owner    
 4   3 4_ctx_store true     500     0 4              a custom id 1234 testadmin


Using the SOAP Interface

Due to the fact, that we cannot use the plugin mechanism we're using in Java to extend the existing objects, the APIs and objects

OXContext OXGroup OXResource OXUser Context

had to be wrapped into new APIs

OXResellerContext OXResellerGroup OXResellerResource OXResellerUser ResellerContext

and the corresponding SOAP URLs

http://localhost/servlet/axis2/services/OXResellerContextService?wsdl http://localhost/servlet/axis2/services/OXResellerUserService?wsdl http://localhost/servlet/axis2/services/OXResellerGroupService?wsdl http://localhost/servlet/axis2/services/OXResellerResourceService?wsdl

and of course the additional API to manage the subadmin accounts:

http://localhost/servlet/axis2/services/OXResellerService?wsdl

That also means that the existing SOAP interfaces for the mentioned classes above cannot be used anymore when installing the reseller package.

ResellerContext just adds some additional members to the existing Context object and the corresponding APIs just oberate on and return this wrapped class.