Affected version(s): OXAppSuite 7.10.0 and above, also OXGuard 2.10.0 and above
Problem:
You are unable to set the default value for users under "Security > domain.com OXGuard" which would allow your users to send encrypted emails by default when composing new mail. You are using the following documentation, which is not working:
https://oxpedia.org/wiki/index.php?title=AppSuite:User_management#changeuser
http://oxpedia.org/wiki/index.php?title=OX6:Gui_path
How can this be configured for a select group of users, who have not yet set up OX Guard? What exactly is the correct syntax for "changeuser --addguipreferences"?
Root Cause:
The documentation above applies only for the OX6 version of Appsuite. The -addguipreferences parameter will not work for later versions of the product. If you try to set the flag for a certain user, the command will appear to be successful:
"2019-08-13T12:25:11,331+0200 INFO [RMI TCP Connection(2492)-10.192.0.110] com.openexchange.admin.storage.mysqlStorage.OXUserMySQLStorage.change(OXUserMySQLStorage.java:648) User 3 in context 1 changed! Changed attributes: password-mechanism, gui, username"
This is because the property is successfully set, but it does not provide the needed function in versions later than OX6 Appsuite.
Solution:
The following solution can be used for OX Appsuite 7.10.0 and later.
We recommend that you test this in a staging or QA environment first.
Take care that your spacing is correct in yml files, or OX Appsuite may not start correctly.
In your /opt/open-xchange/etc/meta/guard.yml
, add the following, to map a middleware configuration value to the UI value:
com.openexchange.guard.defaultEncrypted: preferencePath: oxguard//defaultEncrypted
IMPORTANT
You MUST add a default value for com.openexchange.guard.defaultEncrypted
in a properties file. We recommend adding it to guard-api.properties, but any configuration file in the middleware will work. If you are running Guard on the middleware servers (not separate servers), then you could also put this in the guard-core.properties file.
com.openexchange.guard.defaultEncrypted=false
If you do not set a default value in a properties file, it will trigger OX Guard to upgrade from 2.8 to 2.10 (when this value was added), and users will lose their default settings for signing, encryption, and inline.
Once the above is in place, you can set the default encryption option for composing an new mail with the changeuser
command as follows:
/opt/open-xchange/sbin/changeuser -A oxadmin -P secret -c 1 -i 5 --config/com.openexchange.guard.defaultEncrypted=true
-A = the oxadmin user, -P = the oxadmin password, -c = the context, -i = the user ID
This can also be set at context level with changecontext
, if desired. This will set the value to true for the user, but they will be able to uncheck it if they choose.