The new OX Connector app synchronizes selected users and groups between Univention Corporate Server and a remote Open-Xchange system. Our app uses the OX SOAP API for communication. In this blog article I would like to introduce you to the new OX Connector. I’ll also talk about the prerequisites for your environment.
Table of Contents
Open-Xchange in our App Center
Open-Xchange is a modular communication and collaboration platform. It has been available in the Univention App Center for some time now. In addition to a mail client, the OX App Suite also includes applications for managing contacts and appointments, extensions for managing and synchronizing documents, pictures, photos and films (OX Drive), for encrypting e-mails and files (OX Guard) as well as the text editing and spreadsheet application OX Documents.
You can access Open-Xchange via your favourite web browser, which works well on the desktop, tablet or smartphone. If you have installed the OX apps via the Univention App Center, they automatically use the UCS identity management. But what if you operate Open-Xchange independently of UCS? Thanks to the new OX Connector, you can also connect external and stand-alone OX installations with our identity management, which then takes over the administration of the OX user accounts and groups, the OX access profiles and the shared folders.
The new OX Connector is available for UCS 5.0 and its predecessor UCS 4.4. Please note that the Connector does not work together with the OX App Suite from the Univention App Center, but requires an independent Open-Xchange installation. This must allow SOAP requests so that the UCS system on which the OX Connector is running can access /webservices.
Apart from that, a valid SSL certificate is required, because the communication between the app and the OX system runs via HTTPS. In the OX App Suite, an administrator account that can create OX contexts is required. In Open-Xchange, a context is a closed user group with its own unique domain name. To set up the OX Connector, you need the user name and password of this administrator account.
In the LDAP directory service of the UCS domain, activate the RefInt (referential integrity) overlay. This extension ensures that the UDM objects provided by the OX Connector always correctly refer to user objects in the LDAP directory. If you install the OX Connector on the Primary Directory Node, the app takes care of this step. If you want to run the OX Connector on a system with a different UCS system role, set the UCR variable ldap/refint=true and restart the LDAP directory service.
Installation and Usage
The OX Connector app consists of a Docker image which contains all the software components to provide the user identities from UCS’ Identity Management. The OX Connector connects to the SOAP API of the OX App Suite and creates, updates or deletes object entries in the OX App Suite—depending on what has changed in the UCS LDAP directory and is relevant for the OX App Suite.