This documentation describes a product preview for packaged integrations in Nubus for Kubernetes.

5. User provisioning#

User provisioning is the unidirectional synchronization of selected directory objects, such as user accounts, user groups, and resources, from the Directory Service in Nubus to a remote OX App Suite installation through the OX SOAP API. The OX Consumer is the responsible component. In particular, the OX Consumer enables users created in Nubus to appear in the OX App Suite’s address book, and resources, such as meeting rooms, created in Nubus so that users can book them in OX App Suite. The OX Consumer provides the same functionality to OX App Suite in connection with Nubus for Kubernetes, as the OX Connector app provides to OX App Suite in connection with the UCS appliance. Both use the same business logic.

This section addresses operators and describes how to install and configure the OX Consumer in the same Kubernetes cluster as Nubus using Helm.

Important

The OX Consumer requires the packaged integration for the OX App Suite which installs the necessary LDAP schema to the Directory Service, and customizations to the Management UI in Nubus for the management of user accounts, user groups, and resources.

For information about installing the packaged integration, see Install packaged integration.

This section guides you through the setup of the OX Consumer:

  1. Create subscription

  2. Prepare configuration

  3. Install consumer

5.1. Create subscription#

Before the OX Consumer can use the Provisioning Service in Nubus for Kubernetes, you must create a subscription that provides access to the Provisioning API. The Provisioning Service notifies interested services about updates to directory objects. It’s the source for the data that you want to provision. In the case of OX App Suite, the directory objects of interest are user accounts, user groups, and resources such as meeting rooms and functional mailboxes related to Open-Xchange.

To create a subscription for the OX Consumer, use the following steps:

  1. Read the example in Create subscription in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [1]. The section describes the steps for the subscription configuration. It also contains information about the parameter constraints, such as naming conventions.

  2. Create a text file in JSON format for the subscription configuration with the filename provisioning-api.json for the OX Consumer with the content in Listing 5.1.

    You can define any value for the password. The credentials for the OX Consumer are the name and the password.

    Listing 5.1 Subscription configuration for the OX Consumer#
    {
      "name": "ox-consumer",
      "realms_topics": [
        {
          "realm": "udm",
          "topic": "groups/group"
        },
        {
          "realm": "udm",
          "topic": "oxmail/accessprofile"
        },
        {
          "realm": "udm",
          "topic": "oxmail/functional_account"
        },
        {
          "realm": "udm",
          "topic": "oxmail/oxcontext"
        },
        {
          "realm": "udm",
          "topic": "oxresources/oxresources"
        },
        {
          "realm": "udm",
          "topic": "users/user"
        }
      ],
      "request_prefill": true,
      "password": "<your desired password>"
    }
    
  3. Create the subscription by following the steps outlined in Create subscription.

See also

Create subscription

in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [1] for information about how to create a subscription in the Provisioning Service using the Provisioning API.

5.2. Prepare configuration#

Before you can install the OX Consumer in a Kubernetes cluster, you need to prepare the configuration. The configuration defines the location of the data source, the Provisioning API, and the data target, your OX App Suite instance.

To prepare the configuration for the OX Consumer, use the following steps:

  1. Create the ox-consumer-values.yaml values file with the structure in Listing 5.2.

    Listing 5.2 Configuration for OX Consumer in values file#
    ---
    # Configuration for OX CONNECTOR
    oxConnector:
      # -- OX-Mail-Domain to generate OX-email-addresses
      domainName: null
      # -- OX Admin username (the OX Admin can create, modify, delete contexts; has to exist)
      oxMasterAdmin: "oxadminmaster"
      # -- OX Admin password
      oxMasterPassword: null
      # -- Default timezone for new users
      oxLocalTimezone: "Europe/Berlin"
      # -- Default language for new users
      oxLanguage: "de_DE"
      # -- Default context for users (has to exist)
      oxDefaultContext: "10"
      # -- Default SMTP server for new users (if not set explicitely there)
      oxSmtpServer: null
      # -- Default IMAP server for new users (if not set explicitely there)
      oxImapServer: null
      # -- The server where Open-Xchange is installed
      oxSoapServer: null
      # -- OX Connector log level
      # Chose from "DEBUG", "INFO", "WARNING" and "ERROR".
      logLevel: "INFO"
    
    # Configuration for the communication with the provisioning API.
    provisioningApi:
      # -- Connection parameters
      connection:
        # -- The base URL the provisioning API is reachable at. (e.g. "https://provisioning-api")
        baseUrl: ""
      # -- Authentication parameters
      auth:
        # -- The username to authenticate with.
        username: "ox-consumer"
        # -- The password to authenticate with.
        password: ""
    ...
    
  2. Fill in the mandatory values for the following settings.

    For the optional settings with their default values, see README file of the OX Consumer.

    Section oxConnector

    For information about their meaning, see the references to OX Connector app [2].

    domainName:

    OX mail to domain to generate email addresses.

    oxMasterPassword:

    OX_MASTER_PASSWORD

    oxSmtpServer:

    OX_SMTP_SERVER

    oxImapServer:

    OX_IMAP_SERVER

    oxSoapServer:

    OX_SOAP_SERVER

    Section provisioningApi
    auth.username:

    The value from the name attribute in Listing 5.1.

    auth.password:

    The value from the password attribute in Listing 5.1.

    connection.baseUrl:

    The base URL to the Provisioning API in the Provisioning Service.

    The URL points to the Kubernetes service for the Provisioning API.

    Example:

    http://release-name-provisioning-api

    Replace release-name with the value that you use in your Helm command in Listing 5.3.

    Important

    Nubus for Kubernetes doesn’t expose the Provisioning API to the outside of the cluster for security reasons.

See also

README file of the OX Consumer

for information about the available Helm Chart values and their default settings.

Access to Provisioning API endpoint

in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [1] for information about how to access the Provisioning API where it locates.

5.3. Install consumer#

To install OX Consumer with the configuration in Prepare configuration, use the command in Listing 5.3. For the version of the OX Consumer, look at project repository for the value in the Version badge.

Listing 5.3 Install the OX Consumer through Helm#
$ export NAMESPACE_FOR_CONSUMER="Set to your Kubernetes namespace"
$ export RELEASE_NAME="The Helm Chart release name"
$ export VERSION="Your version of the OX Consumer"

$ helm upgrade \
   "$RELEASE_NAME" \
   --namespace "$NAMESPACE_FOR_CONSUMER" \
   oci://artifacts.software-univention.de/nubus/charts/ox-connector \
   --values ox-consumer-values.yaml \
   --version "$VERSION"