New OX Connector: connecting an external Open-Xchange Installation

The new OX Connector app synchronizes selected users and groups between Univention Corporate Server and a remote Open-Xchange system. Our app uses the OX SOAP API for communication. In this blog article I would like to introduce you to the new OX Connector. I’ll also talk about the prerequisites for your environment.

Open-Xchange in our App Center

Open-Xchange is a modular communication and collaboration platform. It has been available in the Univention App Center for some time now. In addition to a mail client, the OX App Suite also includes applications for managing contacts and appointments, extensions for managing and synchronizing documents, pictures, photos and films (OX Drive), for encrypting e-mails and files (OX Guard) as well as the text editing and spreadsheet application OX Documents.

You can access Open-Xchange via your favourite web browser, which works well on the desktop, tablet or smartphone. If you have installed the OX apps via the Univention App Center, they automatically use the UCS identity management. But what if you operate Open-Xchange independently of UCS? Thanks to the new OX Connector, you can also connect external and stand-alone OX installations with our identity management, which then takes over the administration of the OX user accounts and groups, the OX access profiles and the shared folders.

Prerequisites

The new OX Connector is available for UCS 5.0 and its predecessor UCS 4.4. Please note that the Connector does not work together with the OX App Suite from the Univention App Center, but requires an independent Open-Xchange installation. This must allow SOAP requests so that the UCS system on which the OX Connector is running can access /webservices.

Apart from that, a valid SSL certificate is required, because the communication between the app and the OX system runs via HTTPS. In the OX App Suite, an administrator account that can create OX contexts is required. In Open-Xchange, a context is a closed user group with its own unique domain name. To set up the OX Connector, you need the user name and password of this administrator account.

In the LDAP directory service of the UCS domain, activate the RefInt (referential integrity) overlay. This extension ensures that the UDM objects provided by the OX Connector always correctly refer to user objects in the LDAP directory. If you install the OX Connector on the Primary Directory Node, the app takes care of this step. If you want to run the OX Connector on a system with a different UCS system role, set the UCR variable ldap/refint=true and restart the LDAP directory service.

Installation and Usage

The OX Connector app consists of a Docker image which contains all the software components to provide the user identities from UCS’ Identity Management. The OX Connector connects to the SOAP API of the OX App Suite and creates, updates or deletes object entries in the OX App Suite—depending on what has changed in the UCS LDAP directory and is relevant for the OX App Suite.

The UCS identity management takes over the central administration of OX users, groups, access profiles and shared folders. Thus, the provisioning of the data happens in this way:

• With each change, the Listener writes the entry UUID of the changed LDAP object in JSON format. Each change creates a new file.
• The Listener Converter processes the JSON files, ordered by timestamp in the file name.
• The OX Connector receives data about changes in the LDAP directory. A script then processes the data and sends it to the SOAP API of the OX App Suite.

All these steps as well as further information are described in more detail in the comprehensive documentation. Do you have any questions or other feedback? Then feel free to leave a comment below this article.