2. Usage

The OX Connector centrally manages users, groups, OX contexts, OX access profiles and functional accounts with the web based management system in UCS. This section shows how.

To follow the tasks, you need to sign-in to Univention Management Console (UMC) with a user account with domain administration rights. For more information, see Delegated administration for UMC modules in UCS 5.2 Manual [2].

2.1. Contexts

OX App Suite uses contexts to collect users, groups, and resources for collaboration in a virtual space. Data from one context isn’t visible to other contexts. For more information about contexts, see App Suite Context management [5].

To view, add, update, or delete a context, you navigate to Domain ‣ OX Contexts in UMC.

Note

If you don’t want the OX Connector to manage contexts, you can manually manage them in OX App Suite, as long as you maintain the context configuration for the OX Connector in the /var/lib/univention-appcenter/apps/ox-connector/data/secrets/contexts.json.

This approach doesn’t require to share the credentials for the OX context administrator.

2.2. Users

To enable users for OX App Suite, administrators can either create user accounts or update existing ones.

To enable a user account for OX App Suite, run the following steps:

1. Navigate to Users ‣ Users in UMC and click to open.

Add user account

To create a user account:

2. Click Add to create a user account and select the User template open-xchange groupware account.

3. Click Next.

4. Fill out the required fields. To fill out more attributes, click Advanced.

5. When finished, click Create user.

Update user account

To update a user account:

2. Click the username for the user you want to update.

3. Go to the Apps tab and activate the Open-Xchange checkbox. The tab Open-Xchange appears.

4. Define an email address for the user at General ‣ Primary e-mail address (mailbox).

5. Click Save.

See also

User management in UCS 5.2 Manual [2].

2.3. Groups

The OX Connector app adds a group to the same context as the group members. When the last group member leaves the group, the connector removes the group from OX App Suite.

To enable a group for OX App suite, run the following steps:

1. Navigate to Users ‣ Groups in UMC and click to open.

Add group

To create a group:

2. Click Add to create a group.

3. On the General tab, fill out the required fields and add users as group members.

4. Go to the OX App Suite tab and activate the Activate Group in OX.

5. Click Create group.

Update group

To update a group:

2. Click a group to edit.

3. The UDM module Groups automatically enables Activate Group in OX, when you edit a group. UMC displays a notification.

   If you don’t want to enable the group, clear the checkbox Activate Group in OX on the OX App Suite tab.

4. Click Save.

Warning

When you as administrator update a group, that already is a group in OX App Suite, and you clear the checkbox Activate Group in OX on the OX App Suite tab, the connector removes this group from OX App Suite.

To update a group from the command-line, run the following command:

$ udm groups/group modify --dn $dn_of_group --set isOxGroup=OK

Remove group

To remove a group from OX App Suite:

2. Click a group to edit.

3. Go to the OX App Suite tab and clear the checkbox Activate Group in OX.

4. Click Save.

To remove the group from OX App Suite through command-line, run the following command:

$ udm groups/group modify --dn $dn_of_group --set isOxGroup=Not

See also

Group management in UCS 5.2 Manual [2].

2.4. Access profiles

The OX Connector already provides ready-to-use access profiles for OX App Suite users. Administrators can create custom access profiles in UMC in the LDAP directory module at Domain ‣ LDAP directory at the directory location open-xchange/accessprofiles/.

For limitations about plausibility verification, see No plausibility validation in access profile rights.

2.5. Functional accounts

Added in version 2.0.0.

OX App Suite shares functional mailboxes among other users in the same context.

With the UDM module oxmail/functional_account administrators can add, update or delete objects for functional accounts. OX App Suite users with the same functional account share the read status. Emails to addresses of functional accounts show up in the OX Mail view for every user where administrators granted the permission.

Warning

Open-Xchange marked this feature as deprecated in favor of Shared accounts.

2.5.1. Default LDAP position for functional accounts

Added in version 2.2.12.

When you create a new oxmail/functional_account object in UMC the default position for these new objects in the directory tree is cn=functional_accounts,cn=open-xchange,$LDAP_BASE.

However, you can add additional default containers for the oxmail/functional_account so that UMC will ask for a position before creating the new object.

In the UMC module LDAP directory open the container univention in the tree view (left) and then open the object default containers in the object list (right). Click on OX App suite and add additional default containers to the list of Default container for OX functional accounts. The values are LDAP DNs of existing container objects in your LDAP directory, which must include the LDAP base DN.

2.6. Resources

OX App Suite uses OX Resources to manage resources like rooms or equipment that users can book for appointments. For more information about resource management, see App Suite Resource management [6].

To view, add, update, or delete a resource, you navigate to Domain ‣ OX Resources in UMC.

2.7. Shared accounts

Added in version 3.2.0.

OX App Suite lets users and groups access shared accounts. Users with a shared account can read its email and calendar entries. As an administrator, you can configure fine-grained permissions for users and groups. The OX Connector app provides UDM modules to manage shared accounts and the permissions of users and groups.

Important

The Shared accounts feature requires OX App Suite version 8.49 or later. A runtime check deactivates the feature when OX App Suite doesn’t support shared accounts.

See also

Shared accounts

2.7.1. UDM module for shared accounts

As an administrator, you can use the UDM module oxmail/shared_account to add, update, or delete objects for shared accounts and manage their permissions. You can find the UDM module in the Management UI under LDAP directory at the directory location open-xchange/shared_account.

Every oxmail/shared_account object contains a list of users and groups with their respective permissions. Each user and group entry in the list links to an oxmail/shared_account_permissions object.

See also

LDAP directory module

for information about the LDAP directory management module.

2.7.2. UDM module for permissions

OX App Suite uses permission objects to control user and group access to shared accounts. OX Connector provides ready-to-use permissions for OX App Suite shared accounts, including Full Calendar Access, Full Mail Access, Full Mail and Calendar Access, and Read-Only Mail Access. You can also create permissions to meet your requirements.

As an administrator, you can use the UDM module oxmail/shared_account_permissions to create, update, or delete permissions for shared accounts. You can find the UDM module in the Management UI under LDAP directory at the directory location open-xchange/shared_account_permissions.

When you create an oxmail/shared_account object, you can grant permissions to users and groups in UMC.