En/3.4/OpenChange (Microsoft(R) Exchange native replacement)
Introduction to OpenChange Technology
Zentyal integrates OpenChange the first and only native drop-in replacement for Microsoft® Exchange Server technologies. With OpenChange, Microsoft Outlook® clients continue to work unchanged, without needing any plug-ins, reconfiguration or migration.
OpenChange achieves complete compatibility because it implements the same MAPI (1) protocols as existing mail and groupware clients: the MAPI protocol, and optionally ActiveSync®. This protocols manage, not just the electronic mail, but also contact lists and calendars.
In addition to being a MAPI server, OpenChange is a bridge between MAPI and these Internet-standard protocols (IMAP, SMTP, CalDAV, etc), keeping both sides synchronised. A message in the Microsoft Outlook® inbox is visible in Mozilla Thunderbird's view of the same account via IMAP, and when deleted the message disappears from both sides. Similarly, a calendar entry made in Mozilla Lightning over the CalDAV protocol is visible and modifiable from Microsoft Outlook®.
To get an overview of where is OpenChange located in relation to the other Zentyal Components and the basics of its interactions and protocols you can review the next diagram:
OpenChange itself is a Samba4 plugin, using Samba4 for user information, authentication and the Global Address List directory service, which contains the user accounts of the organization. As previously mentioned the Microsoft Outlook® client can communicate natively with this component, there is no need to re-join the client to a domain or to install any external software.
OpenChange features an abstraction layer that makes it possible to communicate with different Storage backends. This backend will be in charge of storing and serving the different databases needed to enable groupware collaboration, using a MySQL database and to bridge the mail system, talking with the standard mail components in their native protocols (typically IMAPS and SMTPS).
Apart from the connections established within the organization's network, your Microsoft Outlook® clients can connect from any point of the Internet thanks to the MAPI Proxy component, able to encapsulate the protocol using HTTP/RPC.
Zentyal offers a Webmail platform integrated with OpenChange (not to be confused with the generic webmail Webmail service). Using this platform, you can offer a HTTP/HTTPS gateway to interact with all the mentioned mail and groupware features.
Configuring a stand-alone OpenChange server
OpenChange depends on the Users and Computers (Samba4) and Electronic Mail Service (SMTP/POP3-IMAP4) components, as derived by the diagram. This means that your Zentyal server already has a Microsoft® Server-compatible domain and a Virtual Mail domain that will be used to provide the OpenChange services.
After installing and enabling the module, you need to provision OpenChange. Go to OpenChange ‣ Setup where you can see the following page:
In the stand-alone scenario this will be the first exchange server, so in the drop down menu you will select New One and choose the Organization Name. This name will become a node in Samba4's Active Directory tree that will contain all the attributes related with the Microsoft®Exchange environment.
Once you click on Setup OpenChange will be provisioned, modifying Samba4 Active Directory schema. This modification makes the new schema compatible with a Microsoft® Windows Server that also features a Microsoft® Exchange Server, making it possible to become its additional controller.
As you see in the capture, an OpenChange account can be automatically supplied to all the existing users of this Zentyal Server.
OpenChange accounts are disabled by default for the new users, if you wish to automatically supply an OpenChange account to the new users, you need to modify the User Template from Users and Computers ‣ User Template.
Configuring the OpenChange Server as an additional exchange server
In order to configure our OpenChange module in additional mode, first you need to have Zentyal Server inside the Windows Domain, as specified in the chapter File sharing and Domain Services. Your server can act as an additional exchange both if you are the main domain controller or just an additional domain controller.
With your Zentyal Server already joined to the domain, you will access OpenChange configuration and choose the existing organization from the drop down list
From our Microsoft® Exchange server, you can check the list of available exchange servers creating a new mailbox
Configuring the Microsoft® Outlook Client
There are basically three different configuration scenarios:
- The client is inside the organization's network and joined to the domain
- The client is inside the organization's network but not joined to the domain
- The client wants to use Microsoft® Outlook from an external network (over the Internet)
The first case is fairly straightforward, since the user's credentials are already loaded at login.
Zentyal OpenChange enables autodiscovery protocol for Microsoft® Outlook and makes it possible to automatically create the account using just the information provided at login.
It is possible that you receive a warning related with the server's certificate if you have not signed this certificate with a valid CA. To learn more about certificate validation, please read the Certification authority (CA) chapter. It is safe to continue despite this warning.
Once the configuration wizard is complete, your Microsoft® Outlook client will be ready to use:
If the client is located inside the network but not joined to the domain, the only difference will be setting the user credentials.
You will have to login again at the end of the process
In the third case, connecting a Microsoft Outlook® client from any point of the Internet, you will have to enable the MAPI Proxy described in the architecture first. You can do this from the Zentyal OpenChange configuration page. The MAPI Proxy interface options will only appear if the external IP addresses are correctly configured in the DNS and associated to the hostname.
In order to communicate to this Proxy from the Internet, you will need to enable the access from external interfaces in the firewall to the protocols you configured HTTP and/or HTTPS.
In the client, you will need to import the certificate displayed in the image above, specially if you plan to connect using HTTPS. For the client configuration, you will need to use the FQDN of the server host, not the IP address, so if you don't have this name configured in a public DNS that can be queried from any point of the Internet, you will need to add the equivalent configuration line to the hosts file in the client.
Once you have met all the mentioned requisites, you can launch the client.
You will select Manually configure additional server types
Microsoft® Exchange Account:
You will configure the server name using FQDN and our user name, before clicking on next, you will click on More Settings...:
From the Security tab, you will check the Always prompt for logon credentials:
From the Connection tab, you will enable the HTTPS access (Outlook Anywhere)
You will click on the button named Exchange Proxy Settings. From this screen, you will configure your server's FQDN again:
After setting up all this parameters, you will apply changes and check the name and credentials of the selected user. If the name appears with an underline, it means that you were able to contact the Proxy and the user credentials are valid.
From this point on, the configuration is identical to the other use cases.
Configuring 'Out Of Office' notifications from the Microsoft Outlook® client
One of the most common mail filters that your users may want to configure is the automatic response in case of not being available at the office for an extended period, so their partners will be aware that their messages will not be replied in the short term.
From your Microsoft Outlook® client, you can use the assistant to configure Out Of Office
Where you will be able to configure the following options
From this interface, you can configure the time period and the desired message to be replied. You can even configure different messages whether the message comes from an internal user (internal mail domain) or any other external user. It is important to check the current limitations present in this feature, described at the end of this document.
The ActiveSync® protocol is widely used to synchronize mobile devices and also the most recent versions of Microsoft® Outlook.
There are two different software packages which provide this functionality on top of OpenChange (z-push and sogo-activesync), it is recommended to test both of them in order to analyse which one produces the best results for your deployment.
You will need to have the zentyal-openchange (>=3.4.2) and zentyal-webserver modules. For the sogo-activesync you will need also to have zentyal-sogo (OpenChange Webmail) installed and enabled.
Using the command line:
sudo apt-get install z-push
OR (packages are configured to raise a conflict between them):
sudo apt-get install sogo-activesync
Once you have installed one of the packages, you will be able to enable or disable the ActiveSync option from the OpenChange configuration on the Zentyal interface.
Devices will access ActiveSync® through Zentyal's webserver, ports 80 and 443 (SSL enabled) by default.
Apart from the described functionality using native clients, it could be very useful to deploy a web based clientto access our e-mail, calendars and contacts. It is important to differentiate between the OpenChange Webmail module with the Webmail module, which is based on the standard mail protocols and does not provide any groupware functionality besides electronic mail.
To use this module, you just need to install it and enable it. You will need to have an SSL port configured in the Webserver module in order to use the secure version (HTTPS).
Once you have enabled the module, you can access the web platform accessing the URL [https:/ https:/]/<server_FQDN>/SOGo/ or just clicking on the link shown in the OpenChange configuration:
Accessing this URL, you can see the main login screen, where you can also choose the desired language for the user:
You will first be shown the email interface
Using the drop down menu that you have available in the top part of the interface, you can access the calendars:
And also the address book, where you can view the Global Address List (GAL), which contains all the users registered in your domain, the personal address books of the user and custom distribution lists that can be used for mailing,
It is important to note that the set of features provided by the Microsoft® Outlook client is large, in this document we are considering the typical set of features that the average user will require to complete his/her daily tasks.
The following features are not available on the common Microsofty® Outlook versions (2003, 2007, 2010):
- Sending a mail with an embedded mail attached
- Using special characters for the mail user (like áéíóúñÑ)
- Deleting a mail folder
- Sending a contact via mail using Outlook format (vCard format is working)
- Assigning a task to a contact
- Opening a calendar that was shared with you
- The 'Out of Office' functionality is only available for Microsoft® Outlook
2007 and 2010
- If the 'Out of Office' notification is enabled, only the date is applied,
time is ignored
- 'Out of Office' does not work if the username has capital letters
- It is not currently supported to unconfigure OpenChange once it has been configured for and Organization