Difference between revisions of "TB/TB-2007-04-MNHOST"
Gauhar.kazi (Talk | contribs) (→Upgrade to Scalix 11.4.3) |
(removed broken file link) |
||
| Line 152: | Line 152: | ||
=== Add/modify/delete company user via SAC (mailnode filter) === | === Add/modify/delete company user via SAC (mailnode filter) === | ||
| − | + | ||
Each hosted company is associated with a different mailnode (OU1). The Users screen in SAC allows filtering of users based on mailnode. Therefore to view the users of a particular hosted company enable filtering by mailnode (''Edit Filter'') and then select the company name from the drop-down Mailnode list. | Each hosted company is associated with a different mailnode (OU1). The Users screen in SAC allows filtering of users based on mailnode. Therefore to view the users of a particular hosted company enable filtering by mailnode (''Edit Filter'') and then select the company name from the drop-down Mailnode list. | ||
Revision as of 16:25, 29 September 2016
TB -> TB-2007-04-MNHOST
Contents
- 1 Overview
- 2 Features
- 3 Administration
- 3.1 Installation - Setup script/SAC plug-in: sxhostcfg
- 3.2 Mailnode hosting administration via SAC
- 3.3 Add hosted company via SAC plug-in (sxhostadd)
- 3.4 Delete hosted company via SAC plug-in (sxhostdel)
- 3.5 Add/modify/delete company user via SAC (mailnode filter)
- 3.6 Add/modify/delete company 'internet' directory entry (mailnode filter)
- 3.7 Sending Emails to a Hosted Public Folder
- 3.8 Company relocation - moving to a different server
- 4 Restrictions
- 4.1 A hosted company cannot span multiple servers
- 4.2 No directory sync between multiple servers
- 4.3 No global cross-server single-console SAC management capability
- 4.4 3rd-party client LDAP access requires authenticated bind
- 4.5 Internet directory entries cannot be shared by hosted companies
- 4.6 Upgrading existing Scalix servers is not supported
- 4.7 Administrators home to the primary mailnode can not create public folders
Overview
The Hosting feature requires a MAILNODE_HOSTING license and is enabled via SAC or command-line command.
The Hosting feature allows a single Scalix server to support the mailboxes of more than one separate company. Each company has:
- Its own domain
- Its own set of user mailboxes (not visible to other hosted companies)
- Its own view of the directory (not visible to other hosted companies)
- Its own Public folder area (not visible to other hosted companies)
Each hosted company is associated with a different mailnode (OU1). The Public Folder associated with the hosted company has the same name as the mailnode.
For example, for the ACME company
Mailnode: acme
Domain: acme.com
Public Folder: acme
The Scalix server primary mailnode is reserved for 'super-admin' users (who do not have a restricted view of the system). Administration of hosted companies is via SAC extensions and plug-ins. Three mailnode hosting plug-ins are provided: sxhostcfg, sxhostadd and sxhostdel.
Features
Hosted company linked to mailnode (OU1)
Each hosted company is associated with a different mailnode (OU1).
Associating each hosted company with a different mailnode allows the users of those companies to see a filtered view of the system that is comprised of only the data associated with their company (mailnode).
The primary mailnode is reserved for administration users (who do not have a restricted view of the system). Administration of hosted companies is via SAC extensions and plug-ins.
Full Scalix functionality for users within hosted company
Full support of Scalix features is provided for users of a hosted company for Outlook and SWA clients. Additionally the there is full feature support (eg. Calendaring) between users with the same hosted company.
Each company has its own domain name
The hosted company mailnode (OU1) can be associated with a domain name appropriate to the hosted company. This is the externally visible domain name and is used to construct the internet address of the mailboxes of the hosted company. Note that this requires licenses for the hosted mailnode domain (example: acme.net or nova.net) to be installed on the Scalix server.
Alternatively, the hosted mailnodes can all be associated with one domain (example: mydomain.net) and each user can manually be given an email address specific to their hosted mailnode and domain:
Fred.Allen@acme.mydomain.net
Mary.Newman@nova.mydomain.net
Each company has its own directory view
Each hosted company has its own view of the Scalix system directory. Any entries in the directory that have the same mailnode (OU1) of the hosted company are visible to the users of the company. By default these entries will be all users of the hosted company.
Directory entries can also be added for non-company recipients. These non-company recipients must be mail addresses external to the system. Additionally, these external recipients can be configured as internet (MIME) users, or 'rich text' (TNEF) users. Generally speaking, most external recipients will be MIME users, and external recipients on an Exchange/Outlook system will be TNEF users.
Each company has its own Public Folder view
Each hosted company has its own view of the Scalix Public Folders (Bulletin Board Area).
Before Scalix 11.4.3
When a hosted company is added a Public Folder for that company is added as a top-level Public Folder. The permissions set on this Public Folder ensure that this is only folder visible to the hosted company. This Public Folder could have any name, the name being setup using the 'sxhostadd' plugin within SAC.
By default any user of a hosted company can create a Public sub-folder under their top-level Public folder and add items to any Public folder within their view.
The is called the '2-tier Public Folder' scheme.
Scalix 11.4.3 and later
Starting with Scalix 11.4.3 the company top-level Public Folder is no longer visible to users, but folders are displayed directly under "Public Folders". This user-invisible top-level Public Folder has a name that matches the mailnode of the hosted company. The is called the 'single-tier Public Folder' scheme.
Upgrade to Scalix 12
For upgrading systems to Scalix 12.X, you first need to upgrade to Scalix 11.4.3 For systems running the hosting environment prior to the 11.4.3 release an automatic upgrade procedure takes place the first time the 11.4.3 Scalix system is started. This upgrade procedure does the following:
- For each top-level company BB the ACL address entry will be checked and the mailnode extracted. If this mailnode does not match the primary mailnode then the BB name will be changed to match the company mailnode.
- If any messages have been filed directly under the company BB then these will no longer be visible in the 11.4.3 'single-tier' view of hosted company Public Folders. In this case a sub-folder is automatically created under the company BB that has the same name as the original (pre-11.4.3) company BB and the messages are moved to this sub-folder.
So if the old structure for a hosted company is:
Mailnode (OU1) = "Jaeger"
Compny-BB name = "Jäger"
Old 2-tier structure New 1-tier structure User-view: (1-tier)
-------------------- -------------------- -------------------
Public Folders Public Folders Public Folders
Jäger Jaeger (*r) Folder: Dev
Msg-1 Folder: Dev Folder: Jäger
Msg-2 Folder: Mktg Msg-1
Folder: Sales Msg-2
Folder: Dev Folder: Jäger (*c)
Folder: Mktg Msg-1 (*m) Folder: Mktg
Folder: Sales Msg-2 (*m) Folder: Sales
where:
(*r) is BB renamed to be company OU1 as part of upgrade
(*c) is sub-folder (optionally) created as part of upgrade
(*m) are messages moved to sub-folder as part of upgrade
Administration
Installation - Setup script/SAC plug-in: sxhostcfg
To enable the hosting feature the 'sxhostcfg' script must be run on a Scalix server.
This script is available as a SAC plug-in on any Scalix server that has the MAILNODE_HOSTING license installed. This SAC plug-in can only be run by 'sxadmin'.
The 'switch on' option does the following:
- Checks that an appropriate MAILNODE_HOSTING license is present on the server
- Adjusts the folder permissions for the Public folders (Bullentin Board Area)
- Deploys the sxhostadd and sxhostdel plug-ins for use with SAC
- Configures ldapmapper to user authenticated bind (user=sxqueryadmin)
There is also a 'restart Scalix' option that should be used to ensure that all Scalix processes pick up the new configuration.
After running sxhostcfg, the authid must be used to log in to IMAP clients, including the SWA. The full user name cannot be used to access IMAP on a system with mailnode hosting configured.
This plug-in can also be used to disable the hosting feature on a server, the 'switch off' option will undo all of the changes desrcibed above.
Please note: great care must be taken not to switch off the hosting feature if the server contains multiple hosted companies and their data should still remain restricted. Turning the hosting feature off will allow any user to see the complete directory and also the contents of all Public Folders.
Mailnode hosting administration via SAC
SAC plug-ins are provided to add (sxhostadd) and delete (sxhostdel) hosted companies. These plug-ins can be run by the 'sxadmin' user and anyone in the ScalixAdmins group.
(All three mailnode hosting plug-ins (sxhostcfg, sxhostadd, sxhostdel) can be run as command-line scripts and have associated MAN pages.)
Add hosted company via SAC plug-in (sxhostadd)
After the 'sxhostcfg' setup script has been run the 'sxhostadd' plug-in is visible within SAC. This plug-in is run to add a new hosted company, and the following information needs to be supplied:
The company name (mandatory)
- This is restricted to 64 alphanumeric characters (this becomes the mailnode)
The associated domain name (optional)
- if not supplied then the domain name is set to <company-name>.com
You must have licenses for the domain name installed on your Scalix server. In other words, if you want the acme mailnode to have a domain of acme.com and the nova mailnode to have a domain of nova.com, you must have licenses for both acme.com and nova.com installed on your server.
Alternatively, you can use one domain for all hosted mailnodes and as you add users you can manually configure their email addresses. For example, you use "mydomain.net" as the domain for all your hosted mailnodes, and you manually edit the users' email addresses to be me@acme.mydomain.net and you@nova.mydomain.net.
Regardless of how you choose to handle your licensing and domains, you should edit ~scalix/sys/smtpd.cfg so that the new domain is listed in LOCAL_NAMES.
LOCAL_NAMES=mydomain.net, acme.mydomain.net, nova.mydomain.net
When the 'sxhostadd' plug-in is run the following 'back-end' Scalix commands are executed:
/opt/scalix/bin/omaddmn -m <company-name> -D <domain-name> -N /opt/scalix/bin/omaddrt -m <company-name>,mime -q unix -i mime /opt/scalix/bin/omaddrt -m <company-name>,tnef -q unix -i tnef /opt/scalix/bin/omaddbb -s <company-name> /opt/scalix/bin/omdelacln -t b -l :<company-name> -g admin /opt/scalix/bin/omdelacln -t b -l :<company-name> -g local /opt/scalix/bin/omdelacln -t b -l :<company-name> -g default /opt/scalix/bin/omaddacln -t b -l :<company-name> -g admin -c visible /opt/scalix/bin/omaddacln -t b -l :<company-name> \ -n */<company-name>,*,*,* -c create read subfolder editown deleteall contact visible
Delete hosted company via SAC plug-in (sxhostdel)
After the 'sxhostcfg' setup script has been run the 'sxhostdel' plug-in is visible within SAC. This plug-in is run to remove a hosted company, and the following information needs to be supplied to run the plug-in:
The company name (mandatory)
- This is restricted to 64 printable string characters
Auto-delete users/group
- tick this box if the hosted company users and group are to be removed
When the plug-in is run the following 'back-end' Scalix commands are executed:
/opt/scalix/bin/omdelpdl -l <company-pdls> # if auto-delete selected /opt/scalix/bin/omdelu -n <company-users> # if auto-delete selected /opt/scalix/bin/omdelbb -m <company-name> /opt/scalix/bin/omdelrt -m <company-name>,mime /opt/scalix/bin/omdelrt -m <company-name>,tnef /opt/scalix/bin/omdelmn -m <company-name>
Add/modify/delete company user via SAC (mailnode filter)
Each hosted company is associated with a different mailnode (OU1). The Users screen in SAC allows filtering of users based on mailnode. Therefore to view the users of a particular hosted company enable filtering by mailnode (Edit Filter) and then select the company name from the drop-down Mailnode list.
Selecting an existing user from the company user list will allow modification/deletion of the selected user.
To create a new user of a hosted company the Create User(s) button in the Users screen will launch the Create New User screen. The company mailnode must be selected from the drop-down Mailnode list to associate the new user with the correct company.
Add/modify/delete company 'internet' directory entry (mailnode filter)
To add the names of external recipients (i.e. recipients who are not users in the hosted company) user the Create User(s) screen and select the Internet mail user button.
Then in a similar fashion to added a hosted Company user use the Mailnode drop-down list to select either the 'mime' or 'tnef' version of the company mailnode. The 'mime' version will produce a MIME format message for the user added, whereas the 'tnef' version will produce Outlook 'rich text' format message for the user added. (TNEF is the format used to carry Outlook 'Rich text' data and retains all the Outlook attributes, flags, categories, calendaring info, task info, etc., and would be used if the recipient is another Outlook user.)
For example, for the 'Acme' company the mailnode used for an company user, an (external) MIME internet user and an (external) Outlook Rich Text user would be:
Acme # company user Acme,mime # internet user (MIME) Acme,tnef # internet user (TNEF Outlook 'rich text')
The OU1 of 'Acme' means that all these user will be visible in the Acme view of the system directory (address book).
Sending Emails to a Hosted Public Folder
First, create an entry in the system directory that maps to the hosted bulletin board (public folder). This procedure is well documented in HowTos/Public_Folders; please refer to it for more thorough information.
In a hosted mailnode environment with a default mailnode of "mail,node", an example command for adding a directory entry allowing emails to be sent to a bulletin board created under the 'acme' company BB entitled "Acme Notices" would be:
omaddent -e "S=+BB/OU1=mail/OU2=node/DDT1=BB-NAME/ \ DDV1=acme>Acme Notices/IA=acme.notices@acme.mydomain.net/ \ CN=Acme Notices/EX-CDA-DIRECTORY=1"
Note that the compound mailnode of "mail,node" is entered as OU1 and OU2 values. Note that the invisible top-level BB 'acme' must be specified as the top-level hierarchy part of the DDV1 field.
Now if a person sends email to "acme.notices@acme.mydomain.net" the email will appear as an entry in the Acme Notices bulletin board.
Next, if you want any non-Scalix users to be able to send messages to the bulletin board from the internet, they must be associated with the hosted mailnode.
- In the Administration Console (SAC) click the Users icon at the top of the window. Then click the "Create User(s)" button at the bottom of the window on the left.
- Click the Internet mail user button.
- Fill in the name and the email address they will be sending mail from.
- For the mailnode, select the hosted mailnode that corresponds to the BB to which they're allowed to send emails. This will probably be Acme,mime unless they're sending from an Outlook/Exchange system, in which case it would be Acme,tnef.
- Click save.
Now that particular sender's email address is associated with the Acme hosted mailnode. Whenever they send emails from the email address you configured to "acme.notices@acme.mydomain.com" the email will go into the folder and the Acme accounts can see it.
The reason for configuring the internet user is so that when messages come in to the Scalix server from the configured email address, they will come in through the acme,mime route. Thus, the messages will be associated with the Acme mailnode and the bulletin board will accept them.
Non-configured internet senders' messages will come in through the system default route, which does not have an OU1 of acme. Thus, they are rejected by the Acme public folder and its subfolders.
For information on sending emails to nested bulletin boards and sub-folders, refer to HowTos/Public_Folders.
Company relocation - moving to a different server
sxmboxexp -u for each user...
sxmboxexp -p -f -s for Public Folders...
Restrictions
A hosted company cannot span multiple servers
A hosted company must be configured entirely on a single Scalix server - there is no support for the mailboxes of a individual hosted company being split over 2 or more Scalix servers.
No directory sync between multiple servers
Directory synchronization between Scalix servers running mailbox hosting is not supported.
No global cross-server single-console SAC management capability
Each Scalix running mailnode hosting must be administered by SAC running on that server. The ability to manage a Scalix hosting server from SAC running on a different Scalix server is not supported.
3rd-party client LDAP access requires authenticated bind
When mailnode hosting is enabled for a Scalix server LDAP access to the Scalix directory requires an authenticated bind.
Therefore 3rd-party IMAP clients will need to be configured to perform an authenticated bind on behalf of the mail user (username, password) if directory access is required.
The Internet Address of a user must be unique in the Scalix directory. This has 2 consequences:
- If an external internet user has been added for one hosted company it cannot be added again for a 2nd hosted company (because the Internet Address has been used in the 1st external internet user entry).
- An internet user cannot be added for a user in a different hosted company on the same Scalix server (because the Interet Address is already present associated with that user).
There are several workarounds for this restriction:
- Use personal Contacts
- Use a company Contacts Public Folder
- Use SAC (or command-line) to 'wrap' the entry in a company visible PDL
Upgrading existing Scalix servers is not supported
Although it is possible to enable mailnode hosting on a server that has been upgraded to the hosting release this is not recommended as existing mailboxes will not have the correct hosting environment set-up.
Administrators home to the primary mailnode can not create public folders
When activating Mailnode Hosting, Administrators residing on the primary mailnode can not create public folders due to insufficient access rights.
It is possible to change these access rights through ommodacln. Please refer to the Admin Guide on how to do this.
