3. Configuration#

The following reference shows the available settings for the OX Connector app.

3.1. App Settings#

OX_SOAP_SERVER#

Defines the server that has OX App Suite installed. Provide the protocol and the FQDN, for example https://ox-app-suite.example.com.

OX_SOAP_SERVER instructs the OX Connector app in the Docker container, where it must look for the OX App Suite system. The Docker container must resolve the FQDN.

Required

Type

Initial value

Yes

String

https://$hostname.$domainname

For secure connections with HTTPS the Docker container needs to validate the certificate.

Note

If the OX App Suite instance uses a self-signed certificate or a certificate it can’t validate, the OX Connector Docker container needs the root certificate for validation.

For example, to add a custom certificate, run the following commands on the UCS system, where OX Connector is installed:

$ univention-app shell ox-connector
/oxp # wget --no-check-certificate \
  https://ox-app-suite.example.com/root-ca.crt \
  -O /usr/local/share/ca-certificates/ox-app-suite.crt
/oxp # update-ca-certificates
"WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping"

Administrators can ignore the warning.

OX_IMAP_SERVER#

Defines the default IMAP server for new users, if not explicitly set at the user object.

Required

Type

Initial value

Yes

String

imap://$hostname.$domainname:143

OX_SMTP_SERVER#

Defines the SMTP server for new users, if not explicitly set at the user object.

Required

Type

Initial value

Yes

String

smtp://$hostname.$domainname:587

DEFAULT_CONTEXT#

Defines the default context for users. The OX Connector doesn’t create the DEFAULT_CONTEXT automatically. You as administrator must ensure, the default context exists before the OX Connector provisions the first user. To create a context, see Contexts.

Required

Type

Initial value

Yes

Integer

10

OX_LANGUAGE#

Defines the default language for new users

Required

Type

Initial value

Yes

String

de_DE

LOCAL_TIMEZONE#

Defines the default timezone for new users

Required

Type

Initial value

Yes

String

Europe/Berlin

OX_MASTER_ADMIN#

Defines the user for the OX App Suite administrator user, also called OX Admin user. This user can create, modify, and delete contexts. The user must already exist. The administrator defines the username for the OX Admin user during the installation of OX App Suite.

Required

Type

Initial value

Yes

String

oxadminmaster

OX_MASTER_PASSWORD#

Defines the password for the OX Admin user.

Required

Type

Initial value

No

Password

N/A

OX_IMAP_LOGIN#

Defines the value that is used by OX to log in to the user’s inbox. If this value is empty it is set to the user’s mail address.

Required

Type

Initial value

No

String

N/A

Note

In cases where SSO is to be used, this variable has to be appended with an asterisk and the mail server’s master user. For Dovecot this would be *dovecotadmin. In this case OX_IMAP_LOGIN can be set to '{}*dovecotadmin'. The curly braces are used as a template for the primary mail address. The resulting imaplogin value would then look like this:

myuser@maildomain.de*dovecotadmin
OX_FUNCTIONAL_ACCOUNT_LOGIN_TEMPLATE#

A template that defines the value which is used by OX to log in to the functional account inbox. If this value is empty it is set to a concatenation of the functional account LDAP entry UUID and the user LDAP uid.

This template can include the functional account entry UUID (fa_entry_uuid), the functional account email address (fa_email_address) and any OX user UDM property (including the user’s entry_uuid and dn). Every UDM property used in this template must be enclosed by {{ }} e.g {{fa_entry_uuid}}{{username}}. Multiple values can optionally be separated by other text.

Required

Type

Initial value

No

String

N/A

Note

If the UCS OX App Suite is used, this app setting can be left empty, which is equivalent to using the value {{fa_entry_uuid}}{{username}}.

OX-Connector installations that previously only used the functional account entry UUID should configure this app setting to {{fa_entry_uuid}}.

Some examples:

"{{fa_entry_uuid}}::{{entry_uuid}}" # Functional account entry UUID and user UUID separated by two colons.
"{{username}}+{{fa_entry_uuid}}+{{dn}}" # username, functional account entry UUID and user dn separated by a '+'
"{{fa_email_address}}*dovecotadmin" # Concatenation of functional account's mail address and the string *\*dovecotadmin

Note

In cases where SSO is to be used, this variable has to be appended with an asterisk and the mail server’s master user. For Dovecot this would be *dovecotadmin. In this case OX_FUNCTIONAL_ACCOUNT_LOGIN_TEMPLATE can be set to '{{fa_email_address}}*dovecotadmin'. The resulting login value for the functional account would then look like this:

myfunctional_account@maildomain.de*dovecotadmin
OX_USER_IDENTIFIER#

Defines which UDM user property is used as the unique user identifier for OX. If this app setting is not set the OX Connector will use the username property by default.

Required

Type

Initial value

No

String

N/A

Note

Only a UDM user property that contains a single value which is not None is a valid option. In case a UDM user property that contains an empty value or a list of values is specified, the OX Connector will enter an error state which needs to be resolved manually by simply setting a valid value.

OX_GROUP_IDENTIFIER#

Defines which UDM group property is used as the unique group identifier for OX. If this app setting is not set the OX Connector will use the name property by default.

Required

Type

Initial value

No

String

N/A

Note

Only a UDM group property that contains a single value which is not None is a valid option. In case a UDM group property that contains an empty value or a list of values is specified, the OX Connector will enter an error state which needs to be resolved manually by simply setting a valid value.

3.2. Univention Configuration Registry variables#

ox/context/id#

The app setting DEFAULT_CONTEXT sets the value of the Univention Configuration Registry variable ox/context/id.

Upon installation of the app OX Connector, the OX Connector creates the extended attribute oxContext and uses the value from ox/context/id as initial value for the extended attribute oxContext.

When an administrator creates a new user account that the OX Connector synchronizes, UDM sets the OX context for the user account to value of the extended attribute oxContext.

Caution

The UCR variable ox/context/id isn’t for manual usage.

Changing the variable doesn’t change the OX context on existing user accounts.

Changing the value of the app setting DEFAULT_CONTEXT does neither change ox/context/id nor the extended attribute oxContext.