3. Configuration#
The following reference shows the available settings for the OX Connector app.
3.1. App Settings#
- OX_SOAP_SERVER#
Defines the server that has OX App Suite installed. Provide the protocol and the FQDN, for example
https://ox-app-suite.example.com
.OX_SOAP_SERVER
instructs the OX Connector app in the Docker container, where it must look for the OX App Suite system. The Docker container must resolve the FQDN.Required
Type
Initial value
Yes
String
https://$hostname.$domainname
For secure connections with HTTPS the Docker container needs to validate the certificate.
Note
If the OX App Suite instance uses a self-signed certificate or a certificate it can’t validate, the OX Connector Docker container needs the root certificate for validation.
For example, to add a custom certificate, run the following commands on the UCS system, where OX Connector is installed:
$ univention-app shell ox-connector /oxp # wget --no-check-certificate \ https://ox-app-suite.example.com/root-ca.crt \ -O /usr/local/share/ca-certificates/ox-app-suite.crt /oxp # update-ca-certificates "WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping"
Administrators can ignore the warning.
- OX_IMAP_SERVER#
Defines the default IMAP server for new users, if not explicitly set at the user object.
Required
Type
Initial value
Yes
String
imap://$hostname.$domainname:143
- OX_SMTP_SERVER#
Defines the SMTP server for new users, if not explicitly set at the user object.
Required
Type
Initial value
Yes
String
smtp://$hostname.$domainname:587
- DEFAULT_CONTEXT#
Defines the default context for users. The OX Connector doesn’t create the
DEFAULT_CONTEXT
automatically. You as administrator must ensure, the default context exists before the OX Connector provisions the first user. To create a context, see Contexts.Required
Type
Initial value
Yes
Integer
10
- OX_LANGUAGE#
Defines the default language for new users
Required
Type
Initial value
Yes
String
de_DE
- LOCAL_TIMEZONE#
Defines the default timezone for new users
Required
Type
Initial value
Yes
String
Europe/Berlin
- OX_MASTER_ADMIN#
Defines the user for the OX App Suite administrator user, also called OX Admin user. This user can create, modify, and delete contexts. The user must already exist. The administrator defines the username for the OX Admin user during the installation of OX App Suite.
Required
Type
Initial value
Yes
String
oxadminmaster
- OX_MASTER_PASSWORD#
Defines the password for the OX Admin user.
Required
Type
Initial value
No
Password
N/A
- OX_IMAP_LOGIN#
Defines the value that is used by OX to log in to the user’s inbox. If this value is empty it is set to the user’s mail address.
Required
Type
Initial value
No
String
N/A
Note
In cases where SSO is to be used, this variable has to be appended with an asterisk and the mail server’s master user. For Dovecot this would be *dovecotadmin. In this case
OX_IMAP_LOGIN
can be set to'{}*dovecotadmin'
. The curly braces are used as a template for the primary mail address. The resulting imaplogin value would then look like this:myuser@maildomain.de*dovecotadmin
- OX_FUNCTIONAL_ACCOUNT_LOGIN_TEMPLATE#
A template that defines the value which is used by OX to log in to the functional account inbox. If this value is empty it is set to a concatenation of the functional account LDAP entry UUID and the user LDAP uid.
This template can include the functional account entry UUID (fa_entry_uuid), the functional account email address (fa_email_address) and any OX user UDM property (including the user’s entry_uuid and dn). Every UDM property used in this template must be enclosed by
{{ }}
e.g{{fa_entry_uuid}}{{username}}
. Multiple values can optionally be separated by other text.Required
Type
Initial value
No
String
N/A
Note
If the UCS OX App Suite is used, this app setting can be left empty, which is equivalent to using the value
{{fa_entry_uuid}}{{username}}
.OX-Connector installations that previously only used the functional account entry UUID should configure this app setting to
{{fa_entry_uuid}}
.Some examples:
"{{fa_entry_uuid}}::{{entry_uuid}}" # Functional account entry UUID and user UUID separated by two colons. "{{username}}+{{fa_entry_uuid}}+{{dn}}" # username, functional account entry UUID and user dn separated by a '+' "{{fa_email_address}}*dovecotadmin" # Concatenation of functional account's mail address and the string *\*dovecotadmin
Note
In cases where SSO is to be used, this variable has to be appended with an asterisk and the mail server’s master user. For Dovecot this would be *dovecotadmin. In this case
OX_FUNCTIONAL_ACCOUNT_LOGIN_TEMPLATE
can be set to'{{fa_email_address}}*dovecotadmin'
. The resulting login value for the functional account would then look like this:myfunctional_account@maildomain.de*dovecotadmin
- OX_USER_IDENTIFIER#
Defines which UDM user property is used as the unique user identifier for OX. If this app setting is not set the OX Connector will use the
username
property by default.Required
Type
Initial value
No
String
N/A
Note
Only a UDM user property that contains a single value which is not None is a valid option. In case a UDM user property that contains an empty value or a list of values is specified, the OX Connector will enter an error state which needs to be resolved manually by simply setting a valid value.
- OX_GROUP_IDENTIFIER#
Defines which UDM group property is used as the unique group identifier for OX. If this app setting is not set the OX Connector will use the
name
property by default.Required
Type
Initial value
No
String
N/A
Note
Only a UDM group property that contains a single value which is not None is a valid option. In case a UDM group property that contains an empty value or a list of values is specified, the OX Connector will enter an error state which needs to be resolved manually by simply setting a valid value.
3.2. Univention Configuration Registry variables#
- ox/context/id#
The app setting
DEFAULT_CONTEXT
sets the value of the Univention Configuration Registry variableox/context/id
.Upon installation of the app OX Connector, the OX Connector creates the extended attribute
oxContext
and uses the value fromox/context/id
as initial value for the extended attributeoxContext
.When an administrator creates a new user account that the OX Connector synchronizes, UDM sets the OX context for the user account to value of the extended attribute
oxContext
.Caution
The UCR variable
ox/context/id
isn’t for manual usage.Changing the variable doesn’t change the OX context on existing user accounts.
Changing the value of the app setting
DEFAULT_CONTEXT
does neither changeox/context/id
nor the extended attributeoxContext
.