Open XChange Appliance Installation

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

Open XChange Appliance Installation


• 1 General Information
• 2 Download
• 3 Installation
• 4 Logging in for the first time
• 5 Activating Open-Xchange Repository to install software updates
• 6 Administration
• 6.1 Logging into UDM
• 6.2 Changing the default settings
• 6.3 Creating and modifying users
• 6.4 Creating and modifying groups
• 6.5 Mail configuration
• 6.6 additional configuration
• 6.6.1 Packages
• standard OX packages
• additional packages
• 6.6.2 Passwords
• 6.6.3 oxadmin-tools
• 6.6.4 Listener log
• 7 User GUI
• 7.1 Login
• 7.2 Changing the password as a user

General Information

The Open-Xchange Appliance Edition (OXAE) is based on the Open-Xchange Server Edition and the Linux operating system 'Univention Corporate Server' (UCS)
of the company Univention, which is based in Bremen/Germany. UCS offers comprehensive tools for managing the IT infrastructure based on LDAP directory
services. OXAE integrates the OX servers administrative functions into the administration frontend of the UCS and offers an easy installation of both parts from
one installation medium.


The installation comprises both OXAE and a linux operating system from one DVD.

Follow this link to download the Installation package. (The LDB credentials have to be provided)

To get an evaluation key for OX AE, please register here.

Follow this link to download the Release Notes and User Manuals in different languages.

The target system should have at least 8 GB of free disk space on the boot disk. OXAE may also be installed into a virtual system like VMWare or XEN. For XEN
in particular OXAE comes with a paravirtualised Kernel, see also: [1]


Important: During the installation you will often need to press F12 on your keyboard. Please make sure that you never accidentally press the "print" button, which is
inconveniently located right next to it. The installation can not be completed if you hit the wrong button.

1. Boot from the installation DVD

2. Choose "Univention Installer" from the boot menu
3. Choose your language
4. Choose the source and destination medium for the installation: Usually you do not need to change anything here. Sometimes it is useful to deselect some modules, if
issues turn up during the installation (say the computer freezes).
5. Source medium: Usually the installation DVD will be discovered in this step. If you have more than one DVD drive, you may have to select the correct installation
6. Choose a timezone. (This will also be used as the default timezone later when you add users to the OX installation)
7. Choose a keyboard layout
8. Choose system languages: In this step you choose all languages that the UCS system should support, eg. when logging into a shell. Note that your choice here does
not have any effect on languages available in the OX GUI.
9. Choose a standard language: This setting controls the default-locales for the UCS. The language chosen here will also be the default language of OX users added
10. System role: Choose 'Domain Controller Master'
11. The fully qualified domain name (FQDN) of the OXAE system under which the computer should be accessible in the network should be entered under Fully qualified
domain name (e.g., The primary mail domain for the OXAE system is entered under Mail domain. If th field is empty, a mail domain is suggested,
which is derived from the complete host name. The primary mail domain is automatically adopted in a template for creating users during the installation. Once the
mail domain has been set, a derived value appears automatically in the Windows domain field. The name of the Windows domain may contain a maximum of 15
characters and only be composed of letters, figures and hyphens. Root password is the password for the user 'root'. This password is also set for the user
'Administrator'. The user 'Administrator' is used for joining Windows clients into the UCS domain. In subsequent operation, the passwords of the users 'root' and
'Administrator' can be managed independently. The password is entered for a second time in the final entry field.
12. Create partitions following the steps in the installation wizard. Please note that the OX filestore, the OX database and all emails will be stored below /var. Make sure
enough disk space is available, you could, for example, create a partition exclusively for /var.
13. Installation of the bootloader
14. Network configuration
1. Enter the IP address and network mask
2. Enter the address of the default gateway and the DNS server. Choose your networks nameserver as the nameserver and enter your networks nameserver as
a DNS forwarder. If (for software updates) the machine can only reach the internet via a proxy, you can enter all relevant data here as well.
15. Enter information about the ssl root certificate
16. Choose local firewall settings
17. Choose software: For an OXAE installation the default selection is enough. As a minimum selection you need the packages "Services/Open-Xchange",
"Administration/Univention Directory Manager" and "Administration/Univention Management Console".

For the samba integration you need to select the package "Services/Samba" as well. For XEN paravirtualisation the package "Services/Xen-Kernel-Images" is

1. System options: It is not possible to creat a local repository in OXAE at installation time. If you are using Samba, the home directories should be shared.
2. After the installation: Please read the notes at the end of the installation before the server is rebooted.

Logging in for the first time

After the installation you can reach the server via HTTPS under the following URLs:

• Start page:
• https://<the servers IP address>/


• https://<the servers FQDN>/

You may only use the FQDN of the server if the client can resolve it. This can be accomplished by using the server as the clients DNS server.

• Administration frontend for user management etc. ('Univention Directory Manager'):

• https://<the servers IP address>/univention-directory-manager/index.php
• https://<the servers FQDN>/univention-directory-manager/index.php

• User login for the open xchange server:

• https://<the servers IP address>/ox6/
• https://<the servers IP address>/ox6/

Activating Open-Xchange Repository to install software updates

After installation and registration please make an online update of your system. Due to your maintenance you can get the newest security updates and
functionalities for the Open-Xchange Appliance Edition with the online update.

In order to install the latest Open-Xchange Server 6 packages, the following steps have to be done:

• Buy Open-Xchange Appliance Edition

• Download the installation packages from the Open-Xchange software repository. You will get your link at your order confirmation mail (LDB credentials are required)
• Installation of Open-Xchange Appliance Edition
• The Online update module allows the installation of release updates and security updates. Additionally, it also offers the possibility of installing licensed components
at a later date.
• The overview page of the module is divided into three segments. The currently configured Open-Xchange account and the selected licence key for this OXAE system
are displayed in the upper segment of the dialogue under Open-Xchange account. Following a subsequent licensing, the licence can also be updated in this field and,
in so far as this is necessary, confirmation of the current end user licence agreement is requested.
• It is necessary to enter an Open-Xchange account in order to be able to retrieve release and security updates from the online repositories, as they request
authentication. In this case, the same user name and password are required which were also used for the online licence database (
Once the account has been added via the Add acount button, the OXAE is configured automatically for a subsequent online update. The account can be altered
subsequently via the Change account button.
• When adding/changing an account, the username and password entered are automatically valiated. The reset of a password for an account can be initiated through
the Reset password button in the dialogue. The user name must be entered in the dialogue which opens; the password must be entered twice. On con rmation, an
e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser of your choice to complete the
• Alongside specifcation of an Open-Xchange account, it is also possible to select a licence key at this stage, which was saved automatically on the Open-Xchange
account on its activation. The licence key is selected using the Change license key button.
• A variety of licence information is stored in the licence database for a licence key (e.g., primary mail domain or the number of licensed users). The Update license
button can be used to request this licence information online initially after the installation or after subsequent licensing and adopt it in OXAE.
• The middle segment of the module displays the version of UCS currently in use on the OXAE system. Should updates (release updates or security updates) be
available online, this will be shown here via the Install updates button. If this button is actuated, all available version and security updates will be installed on the
system automatically. During the update, the progress can be followed using the output update information.


With the Univention Directory Manager you can comfortably manage objects in an LDAP directory with a web frontend. Objects are users, groups, computers or
DHCP entries. Apart from the afore mentioned web interface also exists a command line interface.

Logging into UDM

Use the username "Administrator" and the password you entered during the installation of the OXAE to log into the UDM. Please note that username and
password are case sensitive, meaning you must spell "Administrator" with a capital "A". The password you entered during the installation is also the password for
the unix user 'root'.

Changing the default settings

To change the default settings like the default language, timezone and so forth do the following:

Below "Navigation" -> "Univention" -> "custom attributes" -> "Open-Xchange" you will see various subsections that you can change. In the corresponding sections
you will find a tab called "LDAP Mapping" containing the default values.

For example, if you would like to have new users created with french as their default language, just change the default value under "Open-Xchange" -> "OX
Settings" -> "oxLanguage" -> "LDAP Mapping" to "fr_FR" and confirm the change by clicking "OK". Afterwards every new user will default to french as his or her
standard language.

The users may change the language setting in the OX-GUI. Those changes will not be reflected in the UDM though.

Additional default values and their meanings can be found in the Open-Xchange provisioning document.

All 'custom attributes' are currently always labeled in german, even when the system language is english.

Creating and modifying users

To create a new user, click "Users" -> "Add". It is important that you choose "Open-Xchange Groupware Account" as the template, only then will the user get an
Open-Xchange account. All mandatory fields are marked with an asterisk (*). The settings specific to Open-Xchange can be found in the following tabs:

• OX Settings: This is where you can set access permissions for the OX, language, timezone and whether the user may access the server via SyncML.
• OX Contact (Business): Business information pertaining to the user can be entered here.
• OX Contact (private): Private information about the user can be entered here.

Entering a "primary e-mail address" is mandatory. Should this field be removed afterwards, the user will be removed as well. The primary e-mail address is also
the standard e-mail address from which emails will be sent. The primary e-mail address will also be added to the global addressbook in the Open-Xchange server.

If you would like to use e-mail aliases, you may enter them in "add alternative e-mail addresses". These can then also be declared as the standard e-mail address
in the OX.

Note: You have a limit of 5 Users, 5 Groupware Accounts, 5 Clients, 5 Desktops unless you upgrade your UDM license.

Creating and modifying groups

To create a new group, click "Groups -> Add". To have the new group available in the Open-Xchange server, you must choose "Group in OX" in the tab "OX". If
you want to add many members to this group, it is advisable to add them all at the same time. You may do this, by choosing the menu item "Users" when creating
the group and the choosing "edit" in the roll up bar at the end of the page. This way you may edit settings for all chosen users in one simple action.

Like users, groups may have e-mail addresses as well. Enter the e-mal address for this group in the field "mail address". Please note that the e-mail address of
groups is not added to the global addressbook.

Mail configuration

You can create additional IMAP folders, mail domains and mailing lists in the menu item "mail".

1. IMAP folders: Enter the name of the IMAP folder and the mail domain it is to belong to. Under "permissions" you can choose which users may access this IMAP
folder. You can subscribe to the folder in the Open-Xchange GUI. If you specify a mail address for the IMAP folder, all incoming emails for this address will be added
to this IMAP folder by the mail server. These email addresses will not be added to the global addressbook. All IMAP folders can be seen / subscribed in the OX GUI
below "Email" as a subfolder of the standard folder "shared".
2. Mail domain: Enter the mail domain, and, if different, enter the IMAP server and the OX context in the server settings.
3. Mailing lists: Enter a name for the mailing list and add the respective members of this list. As with IMAP folders, email addresses used here are not added to the
global addressbook.

additional configuration

Log onto the system via SSH as root. The root password is the same as the administrators password you entered during the installation.


standard OX packages

root@oxae:~# dpkg -l | grep open-xchange

ii open-xchange 6.6.0-10 Open-Xchange server scripts and
ii open-xchange-admin 6.6.0-9 Open Xchange Admin Daemon containing
ii open-xchange-admin-client 6.6.0-9 The Open Xchange Admin Daemon RMI
client lib
ii open-xchange-admin-doc 6.6.0-9 Documentation for the Open Xchange
RMI clien
ii open-xchange-admin-plugin-hosting 6.6.0-9 Open Xchange Admin Hosting Plugin
ii open-xchange-admin-plugin-hosting-doc 6.6.0-9 Documentation for the Open Xchange
RMI clien
ii open-xchange-authentication-ucs 6.6.0-5 The Open-Xchange Univention Corporate
ii open-xchange-cache 6.6.0-10 The Open-Xchange Server Caching
ii open-xchange-charset 6.6.0-10 charset bundle
ii open-xchange-common 6.6.0-9 jar files and OSGi bundles commonly
used by
ii open-xchange-configjump-generic 6.6.0-10 The Open-Xchange generic ConfigJump
ii open-xchange-configread 6.6.0-10 The Open-Xchange Server Config Bundle
ii open-xchange-control 6.6.0-10 The Open-Xchange Server Control
ii open-xchange-data-conversion-ical4j 6.6.0-10 The Open-Xchange data conversion
iCal4j impl
ii open-xchange-global 6.6.0-10 global bundle
ii open-xchange-group-managerequest 6.6.0-10 The Open-Xchange Server Group
Management Req
ii open-xchange-gui 6.6.0-11 Package containing the AJAX gui
ii open-xchange-i18n 6.6.0-10 The Open-Xchange i18n Bundle
ii open-xchange-imap 6.6.0-10 The Open-Xchange Server IMAP Bundle
ii open-xchange-jcharset 1.3.0-31 jcharset bundle
ii open-xchange-mailfilter 6.6.0-10 Open Xchange Mailfilter Plugin
ii open-xchange-management 6.6.0-10 The Open-Xchange Management Bundle
ii open-xchange-monitoring 6.6.0-10 The Open-Xchange Monitoring Bundle
ii open-xchange-online-help-he-de 6.6.0-7 Package containing german OX online
ii open-xchange-online-help-he-en 6.6.0-7 Package containing english OX online
ii open-xchange-online-help-he-fr 6.6.0-7 Package containing french OX online
ii open-xchange-passwordchange-database 6.6.0-8 The Open-Xchange Password Change
Database Bu
ii open-xchange-passwordchange-servlet 6.6.0-8 The Open-Xchange Password Change
ii open-xchange-push-udp 6.6.0-10 The Open-Xchange Server Push UDP
ii open-xchange-resource-managerequest 6.6.0-10 The Open-Xchange Server Resource
Manage Requ
ii open-xchange-server 6.6.0-10 The Open-Xchange Server Bundle
ii open-xchange-sessiond 6.6.0-10 The Open-Xchange Server Session
ii open-xchange-settings-extensions 6.6.0-10 The Open-Xchange Settings Extensions
ii open-xchange-smtp 6.6.0-10 The Open-Xchange Server SMTP Bundle
ii open-xchange-spamhandler-spamassassin 6.6.0-10 The Open-Xchange SpamAssassin Handler

additional packages

root@oxae:~# dpkg -l | grep ox

ii univention-mail-cyrus-ox 1.0.0-1 UCS - imap configuration
ii univention-mail-postfix-ox 1.0.0-1 UCS - postfix Open-Xchange
ii univention-ox 1.0.0-1 UCS meta package for Open-Xchange
ii univention-ox-common 1.0.0-1 UCS - Open-Xchange directory
ii univention-ox-directory-integration 1.0.0-1 UCS - Open-Xchange directory
ii univention-ox-framework 1.0.0-1 UCS - postfix Open-Xchange framework
ii univention-oxae 1.0.0-2 UCS - Open-Xchange oxae integration


During the installation a total of three passwords are generated:

1. context10.secret - ox admins password for this context

2. dbuser.secret - password for the mysql connection
3. master.secret - master password spanning all contexts

These can be found in the directory


Attention: If you change the context admins password in UDM it will not be written to context10.secret. The original password will still be in there.


In the directory /opt/open-xchange/sbin you can find a number of tools to check the configuration. Keep in mind the difference between the context admin and the
master admin. To make changes to settings in a particular context, you need the context admin credentials, for general settings spanning contexts, you need the
master admins credentials.

Note: All commands starting with "list" can be used without doubts, as they do not change aynthing

All commands starting with "create" or "change" should not be used at this point in time. All changes made this way would be overwritten with data from the LDAP
tree once the listener keeping the LDAP and OX Data in sync runs again.

/opt/open-xchange/sbin/listuser -A oxadmin -P $(cat /etc/ox-secrets/context10.secret) -c 10

All users of context 10 are listed. The file '/etc/ox-secrets/context10.secret' contains the password for the admin 'oxadmin-context10'. Using '$(cat /etc/...' the
password never shows up in the shell commands.

/opt/open-xchange/sbin/listcontext -A oxadminmaster -P $(cat /etc/ox-secrets/master.secret)

Using this command a list of all contexts is shown. Simlar to the context admins password, the master password can be found in the file '/etc/ox-

To get information about the commands call the commands in the following way:

/opt/open-xchange/sbin/listgroup --help

Listener log

In the log file '/var/log/univention/listener.log' changes made to the LDAP, for which a listener is active, are logged.

User GUI


Users may log into the GUI with the username and password that was entered in the Univention Directory Manager. Important: Contrary to other OX versions you
must _not_ use the e-mail address of the user but his or her login name.

Attention: During the installation a password will be generated for the OXAdmin-user. To log into the OX GUI as the OXAdmin, you must either read the password
from the file /etc/ox-secrets/context10.secret using less / cat or something similar, or you can change the administrators password directly in the UDM.

Changing the password as a user

Every user may change his or her password in the menu item "Extras". A new window will be opened that contains the login to the UCS. The user can log in with
the old password and change the password to a new one. Important: This link contains the FQDN of the OXAE server. The client pc must be able to resolve that
host name!

Retrieved from ""

Category: OX6

You might also like