Converting Data with Cyrus2Dovecot and IMAP
In a first step, we converted the data with Cyrus2Dovecot (while the users were still using the old system); this rsync-based command line tool transforms mails from the Cyrus format into Dovecot maildir folders. Since the tool doesn’t compare the data itself, the migration is quite fast. It’s important to run the command only once, otherwise you’ll have duplicated data. After that, we created OX user accounts in LDAP and integrated them into the OX user management. In a third step, we used imapsync to synchronize the Cyrus and OX mailboxes. The tool uses the IMAP protocol, so it’s not very fast. On the plus side: It only syncs the data that has been changed since step 1 (delta sync), so it didn’t take us too long.
The migration of the pilot schools, the teacher and staff accounts went smoothly. We encountered only minor problems, like a different naming scheme for the mail folders in different mail clients. For example, the web mailer uses the German word for “sent” (“Gesendet”) whereas Thunderbird uses the English term “Sent”. As a result, the sent messages ended up in two different folders, so the support hotline was a bit busier in the days that followed. The migration of the student accounts had to be postponed at relatively short notice, since it turned out that the migration scripts took a bit longer than intended. Especially, the snchronization of the user accounts between LDAP and OX was affected, so we had to optimize the operation.
During the whole time, we made sure to avoid downtimes and other inconveniences. The timing was crucial: Working on the old system had to continue, and we could only test the productive environment during school holidays. We made sure to involve all schools in the organization. All dates were announced well in advance and we responded to change requests as well. Thanks to Adfinis SyGroup things went as planned, and the whole migration process was finished in January, 2018.
Hello, first you write
“Open-Xchange contexts have a so-called global address list (GAL) for all their users. This list is technically necessary for the groupware features like free/busy, shares, etc. Data protection law says that the GAL must not be readable or exportable, so the Adfinis SyGroup developed a highly complex plug-in that disables this list.”
and then
“Open-Xchange is being developed by a German company – a real advantage in our opinion, since the software follows all EU guidelines.”
So is it GDPR-compliant out of the box or not? Seems like no?
It definitely is, it just depends on the case. Basically, Open Exchange is capable of multitenancy, that’s what OX’s contexts are for. All contexts are completely separated, the GAL is only existing within a single context. This is GDPR-compliant, as you would usually use one single context for e.g. your company. The GAL within your company is of course GDPR-compliant.
When you use an OX account on a shared Hoster (big Hosters are the main customers for OX) your account will live within one separate context, the GAL basically will consist of your sole account/address.
In case of Basel, for specific reasons each context spans multiple schools (not all schools), so there may be issues if all users from all schools can see all other school’s contact data (though in such cases, mail addresses as well as work addresses can usually be simply guessed), that’s why special measures had to be taken in this specific case.