Simple guide to OX Cloud provisioning with code snippets (first Perl, Java can be added later).
General
How do I set up admin credentials?
For all examples on this page the provisioning needs admin credentials to be set up.
Required parameters
## Admin name (Sub admin)
$oxaasadmname = "<brand>.<environment>.xion.oxcs.net" e.g: testbrand.staging.xion.oxcs.net
## Admin password
$oxaasadmpw = <sub_admin_password_plain>
Code snippet
my $oxaascreds = SOAP::Data->type("Credentials")->value( \SOAP::Data->value( SOAP::Data->name( "login" => "$oxaasadmname" ), SOAP::Data->name( "password" => "$oxaasadmpw" ) ) );
How do I retrieve the service definitions?
To be able to use the webservices, you may need to set up the service definitions.
my $OXResellerContextService = SOAP::Lite->ns("http://soap.reseller.admin.openexchange.com") ->proxy( "https://$oxaashost" . "/webservices/OXResellerContextService", ssl_opts => [ SSL_verify_mode => 1 ] ); my $OXResellerUserService = SOAP::Lite->ns("http://soap.reseller.admin.openexchange.com") ->proxy( "https://$oxaashost" . "/webservices/OXResellerUserService", ssl_opts => [ SSL_verify_mode => 1 ] ); my $OXaaSService = SOAP::Lite->ns("http://soap.oxaas.admin.openexchange.com/") ->proxy( "https://$oxaashost" . "/webservices/OXaaSService", ssl_opts => [ SSL_verify_mode => 1 ] );
Context
How do I provision a new context?
When you provision a new context, you will always have to specify a context admin for the new context as well as a maximum amount of quota that will be shared among the users of your context. This quota will be used for attachments of calendar appointments and contacts, e.g. and will not affect the user's unified quota. If you want to learn more about data managed in this storage, please check Data managed in file storage.
Required parameters
## Context name
$ctxname = "<context_name>" e.g. testbrand.staging.xion.oxcs.net_context1.com
## Admin credentials
How do I set up admin credentials?
## Quota
$quota = <quota_MB> (-1 = unlimited)
## Admin user
User object with at least the following properties:
- Name (<admname>)
- Password (<admpass>)
- Display name (<adm_display_name>)
- Surname (<adm_sur_name>)
- Given name (<adm_given_name>)
- Primary email address (<adm_primaryEmail>)
- Email address (<adm_email>)
Code snippet
my $context = SOAP::Data->type("Context")->value( \SOAP::Data->value( SOAP::Data->name( "name" => $ctxname ), SOAP::Data->name( "maxQuota" => $quota ), SOAP::Data->name( "userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => @uattrs ) ) ) ) ); my $result = $OXResellerContextService->create( $context, SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->name( "name" => "<admname>" ), SOAP::Data->name( "password" => "<admpass>" ), SOAP::Data->name( "display_name" => "<adm_display_name>" ), SOAP::Data->name( "sur_name" => "<adm_sur_name>"), SOAP::Data->name( "given_name" => "<adm_given_name>" ), SOAP::Data->name( "primaryEmail" => "<adm_primaryEmail>" ), SOAP::Data->name( "email1" => "<adm_email>" ) ) ), $oxaascreds );
How do I change the Module Access Combination for a context?
Required parameters
## Context object
$context = How do I get a context object for my context?
## Mod access definition
$modaccess = cloud_pim | cloud_productivity | cloud_security | cloud_productivity_security
## Admin credentials
How do I set up admin credentials?
Code snippet
## This part is necessary if you are switching to or from a Module Access Combination ## that offers security features (cloud_security and cloud_productivity_security) my $security_features = SOAP::Data->name( "entries" => \SOAP::Data->value( SOAP::Data->name( "key" => "com.openexchange.capability.guard-mail" ), SOAP::Data->name( "value" => "true" ) ), "entries" => \SOAP::Data->value( SOAP::Data->name( "key" => "com.openexchange.capability.guard-drive" ), SOAP::Data->name( "value" => "false" ) ) ); my $context = SOAP::Data->type("Context")->value( \SOAP::Data->value( SOAP::Data->name("id" => $cid), ## Add this if you are switching to or from a Module Access Combination that offers security features SOAP::Data->name("userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => \SOAP::Data->value( SOAP::Data->name( "key" => "config" ), SOAP::Data->name( "value" => \SOAP::Data->value($security_features)) ) ) ) ) ) ); my $result = $OXResellerContextService->changeModuleAccessByName( $context, $modaccess, $oxaascreds ); if ( $result->fault() ) { print STDERR "Error: ".$result->faultstring()."\n"; next; } ## You will have to execute this call only if you're switching to or from a Module Access Combination that offers security features my $result = $OXResellerContextService->change( $context, $oxaascreds ); if ( $result->fault() ) { print STDERR "Error: ".$result->faultstring()."\n"; next; }
How do I allow users in a context to change their password?
This is usually not enabled for users because OX is considering password management to be handled by the partner's provisioning or IDM system. Especially flows like 'forgot password' cannot be covered within the OX Cloud solution. The password change offered here is technically only feasible in non-SSO setups and w/o very specific password policies. If the application internal solution turns out not to be sufficient this option must not be given to the users.
Required parameters
## Context object
$context = How do I get a context object for my context?
## Admin credentials
How do I set up admin credentials?
Code snippet
## Retrieve current module access for the context my $modaccess = $OXResellerContextService->getModuleAccess( $context, $oxaascreds ); my $modaccessperms = $modaccess->paramsall; ## Change editPassword permission $modaccessperms->{'editPassword'} = "true | false"; ## Create soap structure my @newModuleAccess; foreach my $key (keys %$modaccessperms) { push @newModuleAccess, SOAP::Data->name( $key => $modaccessperms->{$key} )->type('boolean'); } ## Provision new module access for the context my $result = $OXResellerContextService->changeModuleAccess( $context, SOAP::Data->type("UserModuleAccess")->value( \SOAP::Data->value(@newModuleAccess) ), $oxaascreds );
How do I delete a context?
Required parameters
## Context name
$ctxname = "<context_name>" e.g. testbrand.staging.xion.oxcs.net_context1.com
## Admin credentials
How do I set up admin credentials?
Code snippet
my $context = SOAP::Data->type("Context")->value( \SOAP::Data->value( SOAP::Data->name( "name" => $ctxname ), ) ); my $result = $OXResellerContextService->delete( $context, $oxaascreds );
How do I provision settings for a context?
Settings can be provisioned when you provision a context or afterwards by calling the change method for a context as described here. On OX Cloud there is only a limited amount of settings available that you can set for your context. You can find a detailed example on how to configure theming here: OX Cloud hands-on theming.
Required parameters
## Context object
$context = How do I get a context object for my context?
## Admin credentials
How do I set up admin credentials?
my %config = ( <settings_name> => <settings_value> ); my @attrs; push @attrs, \SOAP::Data->value( SOAP::Data->name("key" => "config"), SOAP::Data->name("value" => \SOAP::Data->value( map { SOAP::Data->name("entries" => \SOAP::Data->value( SOAP::Data->name("key" => $_), SOAP::Data->name("value" => $config{$_}) )) } keys %config )) ); my $context = SOAP::Data->type("Context")->value( \SOAP::Data->value( SOAP::Data->name("id" => $cid), SOAP::Data->name( "userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => @attrs ) ) ) ) ); my $result = $OXResellerContextService->change($context, $oxaascreds);
How do I find my context id?
Required parameters
## Context name
$ctxname = "<context_name>" e.g. testbrand.staging.xion.oxcs.net_context1.com
## Admin credentials
How do I set up admin credentials?
Code snippet
# get context id my $context = $OXResellerContextService->list( $ctxname, $oxaascreds ); if ( $result->fault() ) { print STDERR "Error geting context id with name $ctxname: ".$context->faultstring()."\n"; next; } my @context = $context->paramsall; my $cid = $context[0]->{'id'};
How do I get a context object for my context?
For most provisioning calls you will need a context object for the request.
Required parameters
## Context ID
$cid = How do I find my context id?
Code snippet
my $context = SOAP::Data->type("Context")->value( \SOAP::Data->value( SOAP::Data->name( "id" => $cid ) ) );
User
How do I provision a new user?
Required parameters
## Admin credentials
How do I set up admin credentials?
## Context object
$context = How do I get a context object for my context?
## User object
User object with at least the following properties. Those are mandatory but not in every case reported as such if missing. Please be careful.
- User name (<username>)
- Display name (<displayname>)
- Sur name for the user (<surname>)
- Given name for the user (<givenname>)
- Password for the user (<password>)
- Primary mail address (<email>)
- Mail address (<email>)
- Language (e.g. en_US) (<language>)
- Timezone (e.g. Europe/Berlin) (<timezone>)
- Max filestorage quota in MB (<maxQuota>) (For Unified Quota this value MUST be defined during user creation and it must be identical with the quota defined for mail.)
# Mod access definition
$modaccess = cloud_pim | cloud_productivity | cloud_security | cloud_productivity_security
## Service Class
$serviceclass = Has to match $modaccess unless adviced differently
Code snippet
my @soapdata; push @soapdata, SOAP::Data->name( "name" => <username> )->type('string'); push @soapdata, SOAP::Data->name( "password" => <password> ); push @soapdata, SOAP::Data->name( "display_name" => <displayname> )->type('string'); push @soapdata, SOAP::Data->name( "sur_name" => <surname> )->type('string'); push @soapdata, SOAP::Data->name( "given_name" => <givenname> )->type('string'); push @soapdata, SOAP::Data->name( "primaryEmail" => <email> ); push @soapdata, SOAP::Data->name( "email1" => <email> ); push @soapdata, SOAP::Data->name( "language" => <language> ); push @soapdata, SOAP::Data->name( "timezone" => <timezone> ); push @soapdata, SOAP::Data->name( "maxQuota" => <maxquota> ); my $qunified = SOAP::Data->name( "entries" => \SOAP::Data->value( SOAP::Data->name( "key" => "com.openexchange.unifiedquota.enabled" ), SOAP::Data->name( "value" => "true" ) ) ); my @classofservice; push @classofservice, \SOAP::Data->value( SOAP::Data->name("key" => "cloud"), SOAP::Data->name("value" => \SOAP::Data->value( SOAP::Data->name("entries" => \SOAP::Data->value( SOAP::Data->name("key" => "service"), SOAP::Data->name("value" => $serviceclass) )) )) ); push @soapdata, SOAP::Data->name( "userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => \SOAP::Data->value( SOAP::Data->name( "key" => "config" ), SOAP::Data->name( "value" => \SOAP::Data->value($qunified)) ), @classofservice ) ) ); my $user = SOAP::Data->value("User")->value( \SOAP::Data->value(@soapdata) ); my $result = $OXResellerUserService->createByModuleAccessName( $context, $user, $modaccess, $oxaascreds ); if( $result->fault() ) { print $cid; print $result->faultstring()."\n"; exit(1); } my @results = $result->paramsall; # set email quota for the new user or, if unified quota is enabled, activate # unified quota valid for mail and filestorage $result = $OXaaSService->setMailQuota( SOAP::Data->name( "ctxid" => $cid ), SOAP::Data->name( "usrid" => $results[0]->{'id'} ), SOAP::Data->name( "quota" => $maxQuota ), $oxaascreds );
How do I change the Module Access Combination for a user?
Required parameters
## Admin credentials
How do I set up admin credentials?
## Context object
$context = How do I get a context object for my context?
## Mod access definition
$modaccess = cloud_pim | cloud_productivity | cloud_security | cloud_productivity_security
## Service Class
$serviceclass = Has to match $modaccess
## User
$user = Object containing the user's login (<user_login>)
my @soapdata; push @soapdata, SOAP::Data->name( "name" => <user_login> )->type('string'); my @classofservice; push @classofservice, \SOAP::Data->value( SOAP::Data->name("key" => "cloud"), SOAP::Data->name("value" => \SOAP::Data->value( SOAP::Data->name("entries" => \SOAP::Data->value( SOAP::Data->name("key" => "service"), SOAP::Data->name("value" => $serviceclass) )) )) ); push @soapdata, SOAP::Data->name( "userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => @classofservice ) ) ); my $user = SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->value(@soapdata) ) ); my $result = $OXResellerUserService->changeByModuleAccessName( $context, $user, $modaccess, $oxaascreds ); if ( $result->fault() ) { print STDERR "Error: ".$result->faultstring()."\n"; next; } ## You will have to execute this call only if you're switching to or from a Module Access Combination that offers security features my $result = $OXResellerUserService->change( $context, $user, $oxaascreds ); if ( $result->fault() ) { print STDERR "Error: ".$result->faultstring()."\n"; next; }
How do I enable user permissions?
Required parameters
## Admin credentials
How do I set up admin credentials?
## Context id
$cid = How do I find my context id?
## User id
$uid = How do I get my user id?
## Permissions to enable
@disablePerms = array of permissions that should be enabled
Code snippet
my @enablePerms; push(@enablePerms, SOAP::Data->name( perms => "SEND" )); push(@enablePerms, SOAP::Data->name( perms => "RECEIVE" )); push(@enablePerms, SOAP::Data->name( perms => "MAILLOGIN" )); push(@enablePerms, SOAP::Data->name( perms => "WEBLOGIN" )); my $result = $OXaaSService->enablePermissions( SOAP::Data->name( "ctxid" => $cid ), SOAP::Data->name( "usrid" => $uid ), SOAP::Data->name( "perms" => @enablePerms ), $oxaascreds );
How do I disable user permissions?
Before permanently deleting a user you may want to consider to just disable some or all of his permissions. This would not delete the user's data and so it could be reactivated without data loss afterwards.
Required parameters
## Admin credentials
How do I set up admin credentials?
## Context id
$cid = How do I find my context id?
## User id
$uid = How do I get my user id?
## Permissions to disable
@disablePerms = array of permissions that should be disabled
Code snippet
my @disablePerms; push(@disablePerms, SOAP::Data->name( perms => "SEND" )); push(@disablePerms, SOAP::Data->name( perms => "RECEIVE" )); push(@disablePerms, SOAP::Data->name( perms => "MAILLOGIN" )); push(@disablePerms, SOAP::Data->name( perms => "WEBLOGIN" )); my $result = $OXaaSService->disablePermissions( SOAP::Data->name( "ctxid" => $cid ), SOAP::Data->name( "usrid" => $uid ), SOAP::Data->name( "perms" => @disablePerms ), $oxaascreds );
How do I delete a user?
Before permanently deleting a user you may want to consider to just disable some or all of his permissions. This would not delete the user's data and so the user could be reactivated without data loss afterwards.
Required parameters
## Context object
$context = How do I get a context object for my context?
## User
$user = Object containing the user's login (<user_login>)
## Admin credentials
How do I set up admin credentials?
Code snippet
my $user = SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->name( "name" => <user_login> ) ) ); my $result = $OXResellerUserService->delete( $context, $user, $oxaascreds );
How do I provision a setting for a user?
Required parameters
## Context object
$context = How do I get a context object for my context?
## User
$user = Object containing the user's login (<user_login>)
## Admin credentials
How do I set up admin credentials?
Code snippet
my %config = ( <settings_name> => <settings_value> ); my @attrs; push @attrs, \SOAP::Data->value( SOAP::Data->name("key" => "config"), SOAP::Data->name("value" => \SOAP::Data->value( map { SOAP::Data->name("entries" => \SOAP::Data->value( SOAP::Data->name("key" => $_), SOAP::Data->name("value" => $config{$_}) )) } keys %config )) ); my $user = SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->name("name" => <user_login>), SOAP::Data->name( "userAttributes" => \SOAP::Data->value( SOAP::Data->name( "entries" => @attrs ) ) ) ) ); my $result = $OXResellerUserService->change( $context, $user, $oxaascreds );
How do I change a user password?
Required parameters
## Context object
$context = How do I get a context object for my context?
## User
$user = Object containing the user's login (<user_login>) and the new password (<user_password>)
## Admin credentials
How do I set up admin credentials?
Code snippet
my $user = SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->name( "name" => <user_login> ); SOAP::Data->name( "password" => <user_password> ) ) ); my $result = $OXResellerUserService->change( $context, $user, $oxaascreds );
How do I get my user id?
Required parameters
## Context object
$context = How do I get a context object for my context?
## User
$user = Object containing the user's login (<user_login>)
## Admin credentials
How do I set up admin credentials?
my $user = $OXResellerUserService->getData( $context, SOAP::Data->value("User")->value( \SOAP::Data->value( SOAP::Data->name( "name" => <user_login> ) ) ), $oxaascreds ); my @user = $user->paramsall; my $uid = $user[0]->{'id'};
Own Brand configuration
Beginning with version 7.10.5, it is possible to define some settings that used to be applied to every context before also into the own brand. You can now define all so called Configuration Cascade settings or userAttributes
globally in your own brand entry.
Retrieve own brand configuration
The following example shows how to retrieve that data using the new SOAP API call getSelfData
:
#!/usr/bin/perl -w BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0 } use strict; use SOAP::Lite; use Data::Dumper; my $soap = SOAP::Lite->ns("http://soap.reseller.admin.openexchange.com")->proxy("https://$oxaashost/webservices/OXResellerService", ssl_opts => [ SSL_verify_mode => 0 ]); my $oxaasadmname = "example.com"; my $oxaasadmpw = "secret"; my $creds = SOAP::Data->type("Credentials")->value( \SOAP::Data->value( SOAP::Data->name("login" => $oxaasadmname), SOAP::Data->name("password" => $oxaasadmpw))); my $ret = $soap->getSelfData($adminName, $adminId, $creds); if( $ret->fault() ) { print $ret->faultstring()."\n"; } else { print Dumper($ret->paramsall); }
Change own brand configuration
See the example below on how to add or remove settings from your own brand using the new SOAP API method changeSelf
:
There's currently one caveat, that you have to know the Id of your own brand, but that cannot yet programmatically retrieved, so you have to ask us for it.
#!/usr/bin/perl -w BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0 } use strict; use SOAP::Lite; use Data::Dumper; my $soap = SOAP::Lite->ns("http://soap.reseller.admin.openexchange.com")->proxy("https://$oxaashost/webservices/OXResellerService", ssl_opts => [ SSL_verify_mode => 0 ]); my $oxaasadmname = "example.com"; my $oxaasadmpw = "secret"; my $oxaasadmid = "83"; my $configName = "com.openexchange.appsuite.servercontact"; my $configValue = "This server is operated by me"; my $add = 1; my $creds = SOAP::Data->type("Credentials")->value( \SOAP::Data->value( SOAP::Data->name("login" => $oxaasadmname), SOAP::Data->name("password" => $oxaasadmpw))); my $config = SOAP::Data->name("entries" => \SOAP::Data->value( SOAP::Data->name( "key" => $configName ), SOAP::Data->name( "value" => $configValue))); my $resellerAdm; if ($add) { $resellerAdm = SOAP::Data->type("ResellerAdmin")->value( \SOAP::Data->value( SOAP::Data->name("name" => $oxaasadmname), SOAP::Data->name("id" => $oxaasadmid), SOAP::Data->name("configurationToAdd" => \SOAP::Data->value($config)) )); } else { $resellerAdm = SOAP::Data->type("ResellerAdmin")->value( \SOAP::Data->value( SOAP::Data->name("name" => $oxaasadmname), SOAP::Data->name("id" => $oxaasadmid), SOAP::Data->name("configurationToRemove" => $configName) )); } my $ret = $soap->changeSelf($resellerAdm, $creds); if( $ret->fault() ) { print $ret->faultstring()."\n"; } else { print Dumper($ret->paramsall); }