Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Confirmed: still relevant

Affected version(s): OXAppSuite 7.10.0 and above, also OXGuard 2.10.0 and above

Problem:

Info

You are unable to set the default value for users under "Security > domain.com OXGuard" which would allow your users to send encrypted emails by default when composing new mail. You are using the following documentation, which is not working:

https://oxpedia.org/wiki/index.php?title=AppSuite:User_management#changeuser
http://oxpedia.org/wiki/index.php?title=OX6:Gui_path

How can this be configured for a select group of users, who have not yet set up OX Guard? What exactly is the correct syntax for "changeuser --addguipreferences"?

Root Cause:

Info

The documentation above applies only for the OX6 version of Appsuite. The -addguipreferences parameter will not work for later versions of the product. If you try to set the flag for a certain user, the command will appear to be successful:

Code Block
titlechangeuser --addguipreferences command result
"2019-08-13T12:25:11,331+0200 INFO  [RMI TCP Connection(2492)-10.192.0.110] com.openexchange.admin.storage.mysqlStorage.OXUserMySQLStorage.change(OXUserMySQLStorage.java:648)
User 3 in context 1 changed! Changed attributes: password-mechanism, gui, username"

(warning) This is because the property is successfully set, but it does not provide the needed function in versions later than OX6 Appsuite.

Solution:

Info

The following solution can be used for OX Appsuite 7.10.0 and later.

(info) We recommend that you test this in a staging or QA environment first.
(info) Take care that your spacing is correct in yml files, or OX Appsuite may not start correctly.


In your /opt/open-xchange/etc/meta/guard.yml, add the following, to map a middleware configuration value to the UI value:

Code Block
languageyml
title/opt/open-xchange/etc/meta/guard.yml
com.openexchange.guard.defaultEncrypted:
    preferencePath: oxguard//defaultEncrypted


(warning) IMPORTANT (warning)
You MUST add a default value for com.openexchange.guard.defaultEncrypted in a properties file. We recommend adding it to guard-api.properties, but any configuration file in the middleware will work. If you are running Guard on the middleware servers (not separate servers), then you could also put this in the guard-core.properties file.

Code Block
title/opt/open-xchange/etc/guard-core.properties
com.openexchange.guard.defaultEncrypted=false


(warning) If you do not set a default value in a properties file, it will trigger OX Guard to upgrade from 2.8 to 2.10 (when this value was added), and users will lose their default settings for signing, encryption, and inline.


Once the above is in place, you can set the default encryption option for composing an new mail with the changeuser command as follows:

Code Block
titlecom.openexchange.guard.defaultEncrypted
/opt/open-xchange/sbin/changeuser -A oxadmin -P secret -c 1 -i 5 --config/com.openexchange.guard.defaultEncrypted=true

(info) -A = the oxadmin user, -P = the oxadmin password, -c = the context, -i = the user ID

This can also be set at context level with changecontext, if desired. This will set the value to true for the user, but they will be able to uncheck it if they choose.