Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc



Some people think that Open-Xchange is a GPL'd version of SLOX (SuSE's Groupware Server). The story is more complex than this. Netline Internet Service GmbH, Martinstr. 41, D-57462 Olpe, Germany, an independent german company, had already developed the basic functionality of Open-Xchange when it put together a deal with SuSE to combine it with its Linux distribution and sell it under the brand SuSE Linux Open Xchange (SLOX). A few years later, when Novell acquired SuSE, SLOX became the third groupware tool that was in its portfolio (the other 2 being Netmail and Groupwise). In order to clarify its groupware story, Novell decided to give back to Netline the full rights of the component that made SLOX (including development made by SuSE) without the underlying OS (at the same time Novell made an open-source version of Netmail, called Hula). Part of the deal included that OX should be available in a GPL version. Netline has now changed its name to Open-Xchange Inc. based in the state of New-York (with offices in Germany) and is now developing two versions from the same trunk: one GPL and one commercial with a much simpler installation interface and a web administration module, for RedHat and SuSE Linux. Open-Xchange allows for much of the functionality of MS Exchange but the connector for Outlook is only licensed with the commercial version.

From their website: The OPEN-XCHANGE™ Collaboration and Integration Server Environment allows you to store appointments, contacts, tasks, emails, bookmarks, documents and many more elements and share them with other users. This environment can be accessed via any modern web browser and multiple fat clients like KDE Kontact, Apples iCAL, Konqueror, Mozilla Calendar and many more.

There is an online demo that you should try out to get a feel for the polish and functionality of this app.


NOTICE: this HOWTO assumes you have a working mailserver, and database. Once we have this doc complete (can install OX via the ebuild), we'll complete this HOWTO and cover all of the steps to have a fully functional document.

OX installation script

I've created an install script that does all the hard work and should provide you with a usable open-xchange server after a few steps. You can get it from [1]


There are some requirements for OX, we will try to discover them and write the gentoo-specific information.


OpenLDAP is required for managing all the acounts, addresses and so on. UPDATE: OpenLDAP 2.2.20 is now stable in portage.

If you've got OpenLDAP 2.2.* or greater just skip this section it is enabled default by the ebuild, if you have to use OpenLDAP 2.1.* go on reading with this section.

You need the feature ACI(Access Control Instructions) for Open-Xchange E.g. there are personal addresses and global addresses. Your addresses should be manageable by you, global addresses should just manageable by your boss or a small group of users. For restricting the usage you need this aci-feature.

Enable ACI-support in OpenLDAP-2.1.*

At first create your overlay-directory. Just do the steps of this one section.

equery list net-nds/openldap

Now you've got the exact version of your current OpenLDAP copy it into your overlay-directory

mkdir /usr/local/portage/net-nds
mkdir /usr/local/portage/net-nds/openldap
cp /usr/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild /usr/local/portage/net-nds/openldap/
cp -r /usr/portage/net-nds/openldap/files  /usr/local/portage/net-nds/openldap/

just edit that file with the editor of your choice

nano /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild

now scroll down to the following line:

File: /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild
src_compile() {
   local myconf

and insert following line after it:

File: /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild
myconf="${myconf} --enable-aci"

save and close the file.

The last step, making this ebuild valid:

ebuild /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild manifest

Now you can emerge ldap again:

emerge =net-nds/openldap-2.MY_EXACT_VERSION

And now you're finished. You should restart openldap.

Please be carefull, if a newer version of openldap-2.1.* apears in the portage you have to do these steps again for the new version

Unmask the ebuilds

Unmask and emerge Open-Xchange

mkdir -p /etc/portage/
echo '=www-apps/open-xchange-0.8.*' >> /etc/portage/package.unmask
echo 'www-apps/open-xchange ~x86' >> /etc/portage/package.keywords
echo 'dev-java/jdbc3-postgresql ~x86' >> /etc/portage/package.keywords
emerge open-xchange

If the build fails you might have to alter one line in the ebuild file (/usr/portage/www-apps/open-xchange/open-xchange-0.8.2.ebuild).
Find the line starting with "myconf="${myconf} --with-jsdkjar=" and edit it so that it points to the correct jar file (eg. /usr/share/servletapi-2.3/lib/servlet.jar or /usr/share/servletapi-2.4/lib/servlet-api.jar) and not the symlink.

USE flags used by Open-Xchange

SSL Enables secure communications between backend components. This does not secure communication between browser and web server. Currently SSL is working with OX 0.8.0.* and development version since
WEBDAV Enables webdav support for Open-Xchange, this means you can use fat-clients which support webdav to update your calendar (e.g. KDEs Kontact, Evolution, ...)
POSTGRES enables PostgreSQL as database backend (if MYSQL is also used. Open-Xchange is just build with PostgreSQL support)
Warning: This is currently not supported. Some of the features that are required by Open-Xchange are not provided by MySQL. Update:With MySQL 5.* this is reported to work
enables MySQL as database backend (if POSTGRES is also used, Open-Xchange is just build with PostgreSQL support)

Check install

Test your installation by pointing your browser at http://ox-domain.tld/cgi-bin/ You should recieve the Open-Xchange login screen. If you do not see this login screen, something is probably wrong with your Apache and/or PERL installation.


Launch Open-Xchange

Code: /etc/init.d/open-xchange start
Starting all

Starting SESSIOND                                                         [ done ]

Starting OX                                                               [ done ]

Starting OXWebmail                                                        [ done ]


If you compiled Open-Xchange with SSL-flag turned on your server-components will communicate in a secure way.

Attention. This has nothing to do with the encryption between your browser and the web-server (e.g. apache).

The problem is, you have to provide the key-files and a certificate-files which are used for communication of the components and a ca-file.

A Certificate Authority (CA) signes your certificate-file this is usefull for authentication purposes. CAs are independend, they check your idendity and sign your certificate. Third parties can now check whether you are you or not by using the ca-certificate to check against your certificate.

  1. The problem is you have to pay for this service.
  2. Or join the community, which is movement for the freedom of privacy/security and get free certificates there
  3. But you can also be your own CA.

The key-file for the session-server: /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondkey.pem

The certificate-file session-server: /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondcert.pem

The key-file for the groupware: /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarekey.pem

The certificate-file groupware: /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarecert.pem

The groupware keys are also used for webmail.

and at last the ca-certificate: /etc/open-xchange/groupware/sslcerts/oxCA/cacert.pem

HowTo Create Certs and Keys

create a directory of your choice

mkdir /tmp/ox_ssl

cd /tmp/ox_ssl

At first we create our CA:

/etc/ssl/misc/ -newca

Enter the password (1) for your CA. Answer the informations like you want or just press enter using the defaults.

Now we will create the request for our Open-Xchange itself.

/etc/ssl/misc/ -newreq

Remember the password (2) for this key we need it later.

/etc/ssl/misc/ -sign

You will be asked for password, enter the password (1) of the CA.

Now, we need to remove password from the keyfile, or Open-Xchange wont work, because it can not enter the password.

openssl rsa -in newreq.pem -out newkey.pem

You will be asked for password, enter the password (2) of the key.

Now after we have generated everything, we will put the files into the right place.

cp demoCA/cacert.pem /etc/open-xchange/groupware/sslcerts/oxCA/cacert.pem
cp newkey.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarekey.pem
cp newkey.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondkey.pem
cp newcert.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarecert.pem
cp newcert.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondcert.pem

Now you should remove the temporary directory. After that restart Open-Xchange - it should work.

(Re)Configure Open Xchange

The first time you have to configure Open Xchange.

Code: execute config
emerge --config www-apps/open-xchange

Configure webmail

Pre install webmail assumes you've got IMAP installed and access per localhost and IMAP protocol not IMAPS.

Note: Username and password you use to log into Open Xchange must be the same like authenticating against IMAP(S) and SMPT(with TLS) servers.

But sometimes and with some security in mind you want to change this.

You've to edit your /etc/open-xchange/webmail/ file.

File: /etc/open-xchange/webmail/
#decomment those lines to enable IMAPS support mail.imap.socketFactory.port=993 mail.imap.socketFactory.fallback=false # #or your host of choice# decomment those lines to enable SMTP with TLS support mail.smtp.starttls.enable=true mail.smtp.socketFactory.port=465 mail.smtp.socketFactory.fallback=false # #or your host of choice

This should be all.

Debugging Open Xchange

There are often problems getting the system running. To help you searching for the failure the logging level should be increased.

Open Xchange


File: /etc/open-xchange/groupware/


File: /etc/open-xchange/webmail/

A have to restart Open-Xchange to apply these changes.


Append a -w to the first line:

File: /var/www/localhost/cgi-bin/
#!/usr/bin/perl -w

The information are stored in the apache logfile.


File: /etc/openldap/slapd.conf
loglevel 16

This was taken from man slapd.conf

loglevel <integer>
              Specify  the  level  at  which  debugging statements and operation statistics should be syslogged
             (currently logged to the syslogd(8) LOG_LOCAL4 facility).  Log levels are additive, and available
             levels are:
                    1      trace function calls
                    2      debug packet handling
                    4      heavy trace debugging
                    8      connection management
                    16     print out packets sent and received
                    32     search filter processing
                    64     configuration file processing
                    128    access control list processing
                    256    stats log connections/operations/results
                    512    stats log entries sent
                    1024   print communication with shell backends
                    2048   entry parsing


to reset your postgres db:

/etc/init.d/postgresql stop   << VERY IMPORTANT if you forget to do this, you will definitely run into problems stopping postgres later.
su - postgres
rm -R data
mkdir data
initdb data
/etc/init.d/postgresql start
then run the command under HOWTO: Setup database (following commands) which should have appeared after you emerged, and ran the ebuild command.

to reset your ldap tables:

/etc/init.d/slapd stop
rm /var/lib/openldap-data/*
slapadd -l /usr/share/open-xchange/init_ldap.ldif
chown ldap:ldap /var/lib/openldap-data/*  << if you get ldap_bind: Can't contact LDAP server (-1) error after you adduser, this could be the problem
/etc/init.d/slapd restart

to create your matching imap user after you created your ox user

cyradm -user cyrus
cm user.<user>
cm user.<user>.Sent << creates sent folder you could do the same if you wanted a Draft or Spam folder.

if you set unixhierarchysep: yes in /etc/imapd.conf the separator is / so to create a mailbox you should use:

cyradm -user cyrus
cm user/<user>
cm user/<user>/Sent << creates sent folder you could do the same if you wanted a Draft or Spam folder.

if the cyradm login fail try cyradm --user cyrus --auth login <domain>

you would have to manually go to the email acct options, subscribe to the new sent folder and set it to save your sent mail to the sent folder. might be wise to set permanently delete deleted mail in the options there as well. though in my setup, i managed to somehow get default.folder.autocreate=true so i dont need to create the individual folders, just the main mailbox (user.<acct>). check your /var/log/open-xchange/webmail.log

to delete an errorneous mailbox you created

cyradm -user cyrus
dm badmailbox

if that doesnt work...

sam badmailbox cyrus lrswipcda
dm badmailbox

saving settings at logout

chown -R tomcat:tomcat /var/open-xchange/settings

can't receive mail? If in your /var/log/mail.log and/or /var/log/mail.err files you see reference to the the LMTP socket and permission denied, make sure that the postfix user is a member of the mail group.

id postfix

if user postfix is not a member of mail...

usermod -g postfix -G mail postfix

also, check permissions of /var/imap is cyrus:mail 750


Until then have a look at

Retrieved from ""

Last modified: Fri, 05 Sep 2008 22:37:00 +0000 Hits: 53,256