![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Version
Table of Contents 1.2 What do you need to understand this book 7 3.1.1 Basic Concepts and Conventions 9 3.1.2 Permissions / Access Control 12 3.4 Security Settings of New Objects 16 3.6.1 Tomcat / Application Server Login 18 4.1.1 Create Users as Segment Administrator 21 4.1.2 Import Subjects and Application Login Principals 22 4.2 Disable/Deactivate Users 24 4.2.1 Disable Users at the level Tomcat /Application Server 24 4.2.2 Disable Users at the level openCRX 24 5.1 Typical Deployment Scenarios 25 5.2 Multi Entity Deployment Scenarios 26 5.2.1 Multiple Data Segments in a single DB 26 5.3 openCRX Custom Applications 27 6.1 Workflow Controller Configuration 30 6.1.1 Startup Configuration in web.xml 30 6.1.3 Handler pingrate and autostart 31 6.3 Servlet SubscriptionHandler 32 6.4 Servlet WorkflowHandler 33 6.5 Trouble Shooting Servlets 34 7 Subscribe / Notify Services 35 7.1 Example Subscription – Account Modifications 37 7.2 Example Subscription with Filtering 38 7.3 Trouble Shooting Notification Services 39 8.1 Install and Configure Mail Resource and E-Mail Services 41 8.1.1 Installation of JavaMail and JAF 41 8.1.2 Mail Resource for openCRX on Apache Tomcat 41 8.1.2.1 Add resource definition to opencrx-core-CRX.xml 41 8.1.2.2 Mail Resource in web.xml 42 8.1.3 Mail Resource for openCRX on JBoss 43 8.1.3.1 Create mail-service.xml 43 8.1.3.2 Mail Resource in web.xml and jboss-web.xml 44 8.2.1 Outbound E-mail Configuration 45 8.2.3 Send E-mails directly from openCRX 48 8.2.4 Send E-mails as Attachments to your Mail Client 49 8.4 Trouble Shooting E-mail Services 50 9.1 Directory Service / LDAP 51 9.1.1 Configuring the openCRX LDAP Port 52 9.1.2 LDAP Configuration of Thunderbird 52 9.1.3 LDAP Configuration of MS Outlook 53 9.2.1 Calendar as a Set of Activities 54 9.2.3 openCRX Activities mapped to Calendar Events 55 9.2.4 Calendaring / Free Busy 57 9.2.4.1 Free Busy Configuration of Thunderbird 57 9.2.4.2 Free Busy Configuration of MS Outlook 57 9.2.5 Calendaring / iCalendar (ICS) 58 9.2.5.1 ICS Configuration of Thunderbird/Lightning and Sunbird 58 9.2.5.2 ICS Configuration of MS Outlook 59 9.2.6.1 CalDAV Configuration of Thunderbird/Lightning and Sunbird 60 9.2.6.2 CalDAV Configuration of MS Outlook 60 9.2.6.3 CalDAV Configuration of Chandler Desktop 61 9.2.7 Calendaring / Timeline 62 9.3.1 Configuring the openCRX IMAP Port 64 9.3.2 Configuring the IMAP Maildir Cache 64 9.3.2.1 Maildir Configuration with Apache Tomcat 64 9.3.2.2 Maildir Configuration with JBoss 64 9.3.3 IMAP Configuration of Thunderbird 65 9.3.4 IMAP Configuration of MS Outlook 66 10.1 Importing Data into openCRX 68 10.2.1 Importing vCard Files ( openCRX Contacts) 71 10.3 Exporting Data from openCRX 72 10.3.2 Exporting openCRX Contacts ( vCard Files) 73 10.3.3 Exporting openCRX Contacts ( Outlook Contacts) 73 10.3.4 Exporting openCRX Meetings ( iCalendar Files) 74 12 Integration with Office Suites 78
List of Figures Figure 1: Security Realms, Principals and Subjects after Initial Setup 10 Figure 2: Segment Administration 11 Figure 3: Role Drop Down with list of available Segment Login Principals 11 Figure 4: openCRX UML Model – Class Diagram SecureObject 12 Figure 5: System attributes of an openCRX object as shown in the GUI 13 Figure 6: Table OOCKE1_SEGMENT after default installation (QuickStart) 15 Figure 7: Table OOCKE1_SEGMENT after modification 15 Figure 8: Result of Check Permissions 17 Figure 9: Role Drop Down with list of available Segment Login Principals 18 Figure 10: Operation Actions > Import Login Principals (admin-Root) 22 Figure 11: Operation Actions > Import Users (admin-Standard) 23 Figure 12: Disabling of Segment Login Principal guest by admin-Standard 24 Figure 13: 3-Tier with Apache Tomcat / LWC 25 Figure 14: 3-Tier with J2EE-compliant Application Server 25 Figure 15: 4-Tier with Clustered Application and DB Servers 25 Figure 16: Multiple Data Segments in a single DB 26 Figure 17: Dedicated DB for each Entity 27 Figure 18: Accessing the openCRX Workflow Controller 28 Figure 19: openCRX 2.0 Workflow Controller 28 Figure 20: Default Configuration of WorkflowController 29 Figure 21: openCRX Administration – WorkflowController 30 Figure 22: Workflow Controller Configuration – serverURL 31 Figure 23: Workflow Controller Configuration – pingrate and autostart 31 Figure 24: Default Workflow Processes created by WorkflowHandler 33 Figure 25: Event and Notification Service 35 Figure 26: Standard Topics included in the openCRX distribution 36 Figure 27: Create a new Subscription 37 Figure 28: Create a Subscription with Filters 38 Figure 29: Flow of e-mail messages between openCRX, MTA and mail client 40 Figure 30: Create a new E-Mail Account – step 1 45 Figure 31: Create a new E-Mail Account – step 2 45 Figure 32: Create a new E-Mail Account – step 3 46 Figure 33: E-mail subject prefix and Web access URL 46 Figure 34: Example of outbound E-mail Action Log Entries 47 Figure 35: Send E-Mail from openCRX – Overview 48 Figure 36: Send E-Mail from openCRX with Actions > Follow Up 48 Figure 37: Send E-Mail as Attachment from openCRX – Overview 49 Figure 38: Export E-Mail from openCRX with Actions > Follow Up 49 Figure 39: Thunderbird LDAP Configuration 52 Figure 40: MS Outlook LDAP Configuration 53 Figure 41: An openCRX activity's iCal representation 55 Figure 42: An openCRX activity in the standard GUI 56 Figure 43: An openCRX activity filtered to a user's homepage 56 Figure 44: Timeline visualizes time-based events 62 Figure 45: Thunderbird IMAP Configuration 65 Figure 46: Thunderbird IMAP Configuration 66 Figure 47: XML import from 3rd party system – overview 69 Figure 48: Interactive import of XML Files 69 Figure 49: Interactive import of XML Files 70 Figure 50: Operation vCard Import 71 Figure 51: Exporting SalesOrder as XML File 72 Figure 52: XML Exporter provides XML data file and code tables as ZIP file 72 Figure 53: Export Contact as vCard 73 Figure 54: Export Contact to MS Outlook 73 Figure 55: Exporting Meeting / Sales Visit as iCalendar File 74
List of Listings Listing 1: File Format Subjects and Application Login Principals 22 Listing 2: Example File Subjects and Application Login Principals 22 Listing 3: File Format Users 23 Listing 4: Example File Users 23 Listing 5: web.xml – auto startup of the Workflow Controller 30 Listing 6: Servlets managed by Workflow Controller log to server.log 34 Listing 7: File opencrx-core-CRX.xml 42 Listing 8: Uncomment mail resource definition in web.xml 42 Listing 9: Importing certificate into keystore cacerts 42 Listing 10: File mail-service.xml 43 Listing 11: Uncomment mail resource definition in web.xml 44 Listing 12: Uncomment mail resource definition in jboss-web.xml 44 Listing 13: Importing certificate into keystore cacerts 44 Listing 14: Importing Certificate 50 Listing 15: Set org.opencrx.maildir for Apache Tomcat 64 Listing 16: Set org.opencrx.maildir for Apache Tomcat 64 Listing 17: Locales in web.xml 75 Listing 18: Activating/Deactivating Locales in web.xml 75 Listing 19: Locales in web.xml 76 Listing 20: Activating/Deactivating Locales in web.xml 76
1 About this BookThis book describes various configuration settings and tasks an openCRX administrator should know about. openCRX is the leading enterprise-class open source CRM suite. openCRX is based on openMDX, an open source MDA framework based on the OMG's model driven architecture (MDA) standards. This guarantees total openness, standards compliance, a state-of-the-art component-based architecture, and virtually unlimited scalability. 1.1 Who this book is forThe intended audience are openCRX administrators. 1.2 What do you need to understand this bookThis book describes some of the settings and configurations an openCRX administrator can use to control the behavior of openCRX. 1.3 Tips, Warnings, etc.We make use the following pictograms:
2 PrerequisitesThis guide assumes that you have access to a
properly installed instance of openCRX 3 SecurityIn this chapter we will present a high-level overview of openCRX security and discuss a few select issues.
3.1 Introduction3.1.1 Basic Concepts and Conventions
The following figure shows the situation after the initial setup of openCRX (assuming you worked through the QuickStart guide):
Figure 1: Security Realms, Principals and Subjects after Initial Setup Summarizing the above:
The segment administrator (e.g. admin-Standard) creates principals and User Homepages with the operation createUser():
Figure 2: Segment Administration While each “real user” (typically) has 1 application login principal only, “real users” may have multiple segment login principals (e.g. because a “real user” is allowed to access multiple segments or because a “real user” is allowed to access a particular segment in different roles like Head of Sales or CFO). Available segment login principals are listed in the so-called Role Drop Down:
Figure 3: Role Drop Down with list of available Segment Login Principals 3.1.2 Permissions / Access ControlThe openCRX security framework makes a distinction between Ownership Permissions (i.e. permissions granted on a particular object are based on object ownership) and Model Permissions (i.e. permissions are granted on a particular model element). As Model Permissions are not yet implemented we only talk about Ownership Permissions in this guide. Ownership permissions are used to control browse/delete/update access to openCRX objects by Users and UserGroups (Ownership access control). Every openCRX object is a SecureObject. The following figure shows an extract from the UML model (if you are interested in all the details and the formally correct and complete specifications you should refer to the latest openCRX UML models):
Figure 4: openCRX UML Model – Class Diagram SecureObject
The most important security attributes of an object X are discussed below:
Figure 5: System attributes of an openCRX object as shown in the GUI The following access levels are available to control which users / user groups are granted permission to browse/delete/update a particular object X:
3.2 Default SettingsDefault access level settings for non-Root segments (e.g. segment Standard) after a clean install are as follows:
Figure 6: Table OOCKE1_SEGMENT after default installation (QuickStart) Due to the setting access_level_browse = 4 (global) any user with access to a particular segment is allowed to browse top level objects (i.e. browse all accounts, browse all activities, browse all documents, etc.). These default settings are suitable for test environments and deployments in smaller companies/teams with a liberal access policy; for most real-world applications, however, it is more appropriate to set access_level_browse = 3 (deep) for non-Root segments. You can do this by changing the values in the column access_level_browse from 4 to 3 (table kernel_Segment). After this change, the table kernel_Segment will look as shown in the following figure:
Figure 7: Table OOCKE1_SEGMENT after modification
3.3 Activating SecurityThe openCRX security provider manages all security data and provides access control services for all requests through the openCRX API. Hence, you can rely on openCRX access control even if you write you own clients or adapters for openCRX. Security (including Access Control) is not just an add-on, rather it is an integral part of openCRX; openCRX Access Control is always activated.
3.4 Security Settings of New ObjectsNew objects are by default created with the following security settings:
3.5 Checking PermissionsYou can check security permissions on any SecureObject with the operation Check Permissions. Provide the principal name as a parameter. The following figure shows the result of the operation on a Contact:
Figure 8: Result of Check Permissions The meaning of the above result is as follows:
3.6 Login ProcedureThe openCRX login procedure consists of 2 levels: 3.6.1 Tomcat / Application Server LoginThe Tomcat / application server login procedure depends on various parameters:
Please note that even though openCRX might be involved in managing some of the above-mentioned realms (e.g. DB-based realm) the Tomcat / application server login is not really under control of openCRX. Many login problems are related to incomplete/faulty configuration settings. 3.6.2 Segment LoginAccess to segments is managed/controlled by the ObjectInspectorServlet. The included DefaultRoleMapper identifies all Segment Login Principals of a given Subject and grants access to the respective segments through the Role Drop Down:
Figure 9: Role Drop Down with list of available Segment Login Principals It is possible to deploy user-specific implementations of the DefaultRoleMapper so that you can adapt the segment login procedure to your requirements. 3.6.3 Disabling LoginPlease refer to the chapter “Disable/Deactivate Users”. 3.7 Resetting Security
If you (or one of your users) managed to screw up the security settings in a major way you might be forced to reset all security settings to a well-defined state. Not an easy task – and it typically involves a lot of manual work.
4 Managing Users
4.1 Creating UsersEven though you can create users with a variety of methods, “behind the scenes” the following steps are always required to create a new openCRX user:
Depending on how you create a new user, some of the above steps might be taken care of by a wizard. If you want to have full control over the user creation process, however, then you can certainly create new users following the above instructions step by step. Have a look at Figure 1: Security Realms, Principals and Subjects after Initial Setup and Figure 2: Segment Administration to see how this all fits together. 4.1.1 Create Users as Segment AdministratorThe Segment administrator can create new users with the following steps:
4.1.2 Import Subjects and Application Login PrincipalsCreating large numbers of subjects/principals by hand can be quite a tedious job. If you prepare a text file containing the appropriate information in the file format as outlined below, the Root administrator (admin-Root) can use the operation Actions > Import Login Principals to create Subjects and Application Login Principals automatically.
Figure 10: Operation Actions > Import Login Principals (admin-Root) Listing 1: File Format Subjects and Application Login Principals Subject;<subject
name>;<subject description>
Listing 2: Example File Subjects and Application Login Principals Subject;joe;Doe,
Joe
4.1.3 Import UsersSimilarly to importing Subjects and Application Login Principals from a file you can also import Users from a file. If you prepare a text file containing the appropriate information in the file format as outlined below, the Segment administrator (admin-<SegmentName>) can use the operation Actions > Import Users to create Users automatically.
Figure 11: Operation Actions > Import Users (admin-Standard) Listing 3: File Format Users User;<principal>;<account alias>;<account full name>;<primary group>;<password>[;group [, group] ]
Please note that <password> is a clear-text value. The optional parameter group can be used to make the Segment Login Principal member of the respective Principal Groups of that segment. Listing 4: Example File Users User;joe;JD;Doe,
Joe;Users;2%jOd.IT
4.2 Disable/Deactivate UsersThere are various ways of disabling/deactivating users. To fully understand your options it is helpful if you are familiar with the openCRX Login Procedure. 4.2.1 Disable Users at the level Tomcat /Application ServerDepending on the configuration of your application server you can disable users at that level. For example, if you rely on file-based realms, you can simply remove users from the file tomcat-users.xml (with Tomcat) or users.properties (with JBoss) to prevent access to openCRX. If you block access at the level Tomcat / application Server such users are locked out from accessing any application and any openCRX segment. However, as the Tomcat/ application Server Login procedure is not entirely controlled by openCRX you might have to consult the documentation of your respective application server or ask your application server administrator for details. 4.2.2 Disable Users at the level openCRXThe segment administrator (e.g. admin-Standard) can prevent a user from accessing a particular openCRX segment by either disabling the respective Segment Login Principal or by deleting it altogether. Disabling is the preferred option to prevent access temporarily. If a user has multiple Segment Login Principals you must disable all of them to prevent access to the openCRX application.
Figure 12: Disabling of Segment Login Principal guest by admin-Standard
5 Deployment ScenariosopenCRX supports a multitude of deployment scenarios. 5.1 Typical Deployment ScenariosThe following table lists some of the pros and cons of the most common openCRX deployment scenarios. Please note that the list is by no means complete:
5.2 Multi Entity Deployment ScenariosThe open source MDA platform openMDX supports a multitude of deployment scenarios and persistency configurations. The most common multi entity deployment scenarios are discussed in the following sections. 5.2.1 Multiple Data Segments in a single DBThe setup “Multiple Data Segments in a single DB” provides adequate security for many use cases and is relatively easy to manage. As all the data is stored in a single database, however, security configuration mistakes (e.g. principals linked to the wrong subject, etc.) might lead to situations where a user is granted access to the data of a particular company/client that should not be accessible (please note that human error is the root cause here, not a malfunction of openCRX). Furthermore, this setup is not recommended if users can get direct access to the database, e.g. with third party reporting tools as those tools typically bypass the openCRX API.
Figure 16: Multiple Data Segments in a single DB 5.2.2 Multiple DBsThe highest level of security is provided by setting up a dedicated database for each entity so that data sets of the various entities are physically separated:
Figure 17: Dedicated DB for each Entity 5.3 openCRX Custom Applications<documentation pending> 6 Workflow ControllerWith the Workflow Controller the openCRX Root administrator (admin-Root) can enable/disable various servlets (configured in web.xml) included in the openCRX distribution. This chapter gives an overview over the currently available servlets and explains how to start/stop them. You can access the Workflow Controller by navigating to the URL http://127.0.0.1:8080/opencrx-core-CRX/WorkflowController or starting the Workflow Controller Wizard as shown in the figure below:
Figure 18: Accessing the openCRX Workflow Controller
The following
figure shows the Workflow Controller of openCRX
Figure 19: openCRX
You can manually start (stop) servlets that are managed by the Workflow Controller by clicking on “Turn On” (“Turn Off”). Please note that you can control servlets on a segment by segment basis. For example, if you created a segment “MySegment” in addition to the segment “Standard” you can start/stop servlets of the segment “MySegment” without interfering with the servlets of the segment “Standard”. 6.1 Workflow Controller ConfigurationIn addition to configuring the Startup option of the Workflow Controller you can also configure various options related to the servlets managed by the Workflow Controller. The configuration of the Workflow Controller is accessible to the openCRX Root administrator (admin-Root) by navigating to Administration and then clicking on the icon of the WorkflowController:
Figure 21: openCRX Administration – WorkflowController
6.1.1 Startup Configuration in web.xmlYou can start the Workflow Controller manually by navigating to the URL http://127.0.0.1:8080/opencrx-core-CRX/WorkflowController or starting the Workflow Controller Wizard. However, it is also possible to start the Workflow Controller automatically by activating the corresponding option in the file web.xml: Listing 5: web.xml – auto startup of the Workflow Controller <!--
WorkflowController -->
6.1.2 ServerURLAdapt the value of serverURL to your environment (e.g. http://127.0.0.1:8080/opencrx-core-CRX):
Figure 22: Workflow Controller Configuration – serverURL 6.1.3 Handler pingrate and autostartUse pingrate to define the interval (in minutes) between successive calls of the respective handler and autostart (true/false) to start the respective handler automatically:
Figure 23: Workflow Controller Configuration – pingrate and autostart 6.2 Servlet IndexerServletThe openCRX IndexerServlet updates index entries (used for keyword/index based search introduced with openCRX v2) by indexing all objects which do not have an IndexEntry newer than the modification date of the object. The IndexerServlet creates an index by invoking the operation updateIndex() on the object to be indexed.
6.3 Servlet SubscriptionHandlerThe openCRX SubscriptionHandler is the backbone of the openCRX Subscribe / Notify Services. The Subscription Handler does not require any configuration by the openCRX administrator other than setting the pingrate and autostart options, i.e. it is designed to work “out of the box”. Turning on the SubscriptionHandler of a particular segment is required if you want that segment to provide Alerts and E-mail Notifications to its Users. The polling frequency can be set by the Root administrator (see Figure 23: Workflow Controller Configuration – pingrate and autostart). The SubscriptionHandler checks openCRX audit entries on a regular basis and – if matching Subscriptions exist – executes the Workflow Process referenced by the Subscription using Userhome.executeWorkflow().
Userhome.executeWorkflow() – implemented by the openCRX plugin – creates an entry in Userhome.wfProcessInstance (accessible through the grid Workflow Process Instances). Synchronous workflows are executed immediately, asynchronous workflows are left alone (the Servlet WorkflowHandler is specialized in dealing with asynchronous workflows – see below for details).
6.4 Servlet WorkflowHandlerThe openCRX WorkflowHandler is responsible for executing WfProcessInstances based on asynchronous WfProcesses like:
The execution frequency can be set by the Root administrator (see Figure 23: Workflow Controller Configuration – pingrate and autostart). Please note that the WorkflowHandler is required for outbound E-Mail Services. The WorkflowHandler executes Workflow Process Instances that have not been executed yet.
6.5 Trouble Shooting ServletsAll the openCRX servlets controlled by the Workflow Controller log their actions to the server log file (e.g. D:\jboss-4.2.1.GA\server\default\log\server.log on JBoss). The following log file extract shows, for example, that the three Servlets IndexerServlet, SubscriptionHandler, and WorkflowHandler seem to be working fine: Listing 6: Servlets managed by Workflow Controller log to server.log 20:25:18,388
INFO [STDOUT] Tue Mar 04 20:25:18 CET 2008: Indexer
CRX/Standard openCRX Exceptions (like NullPointers, etc.), however, are still logged to the application log file as configured during the installation (see QuickStart guide). It is always worth checking whether the Workflow Handlers actually are active; they must be started by the Root administrator. You can find out by connecting to the Workflow Controller (see Figure 19: openCRX 2.0 Workflow Controller).
7 Subscribe / Notify ServicesopenCRX features a powerful event subscription and notification service:
Figure 25: Event and Notification Service Once a topic is created, openCRX users can subscribe to it. Users manage their subscriptions individually on their UserHomes (with the Wizard UserSettings or by editing their subscriptions manually). If a topic has subscribed users and a monitored event occurs then the predefined actions are performed. If the action is set to – for example – creating an alert for subscribed users, then each subscribed user will receive an alert on the UserHome.
The openCRX distribution includes quite a few default topics (see Figure 26: Standard Topics included in the openCRX distribution) to get you started:
Figure 26: Standard Topics included in the openCRX distribution Users can easily custom-tailor their subscriptions with filters and by selecting event types like Object Creation, Object Replacement, and Object Removal. 7.1 Example Subscription – Account ModificationsIn this example we will create a subscription to the standard Topic Account Modifications for the user “guest”.
Figure 27: Create a new Subscription
7.2 Example Subscription with FilteringIn combination with openCRX security the subscription filter feature enables you to provide highly specific subscriptions. Imagine the following situation: there are 2 Activity Trackers DivisionA:ProjectX and DivisionA:ProjectY and some of your users are interested in receiving notifications related to activities of ProjectX only, some users want to receive notifications related to activities of ProjectY only, and some users want to receive notifications from both projects. Such a situation could be handled as follows:
Figure 28: Create a Subscription with Filters Enter the name of the attribute (owner in our example) into the name field and then enter the value(s) to match into the value field (in our case Standard:DivisionA.ProjectX and Standard:DivisionA.ProjectY)
7.3 Trouble Shooting Notification ServicesThe following table lists some of the common issues and how to fix them:
8 E-mail ServicesPlease note that we have no intention to duplicate mail server (MTA) or mail client functionality in openCRX as there are lots of excellent products available (Open Source and commercial). It is our goal, however, that openCRX integrates with all the major products that adhere to the major standards and support standard protocols like SMTP, POP3, IMAP, etc. This ensures that you can continue to use your favorite mail server (Postfix, qmail, etc.) and your favorite mail client (Thunderbird, Outlook, etc.).
The following figure shows the flow of mail
messages between openCRX, mail server, and mail client as it is
supported with openCRX
Figure 29: Flow of e-mail messages between openCRX, MTA and mail client In this chapter we will first guide you through the required installation and configuration steps before we discuss various important use cases. 8.1 Install and Configure Mail Resource and E-Mail ServicesThe following chapters explain how to install JavaMail and how to configure the Java mail service and various in- and outbound E mail services.
8.1.1 Installation of JavaMail and JAFDetailed installation instructions are provided at the JavaMail home: http://java.sun.com/products/javamail/FAQ.html And here is the short version:
The following instructions are dependent on your deployment scenario as the steps for creating mail resources vary from application server to application server. We provide instructions for Apache Tomcat and JBoss. 8.1.2 Mail Resource for openCRX on Apache Tomcat8.1.2.1 Add resource definition to opencrx-core-CRX.xmlAdd the following resource definition to the file opencrx-core-CRX.xml in the directory <Tomcat Install Dir>\conf\Catalina\localhost (on Windows) <Tomcat Install Dir/conf/Catalina/localhost (on Linux) In the sample file below you must at least adapt the highlighted strings to your own environment: Listing 7: File opencrx-core-CRX.xml
...
Additional information about configuration options of JavaMail is available from the JavaMail home: http://java.sun.com/products/javamail/FAQ.html 8.1.2.2 Mail Resource in web.xmlIn the file web.xml in the directory <Tomcat Install Dir>\webapps\opencrx-core-CRX\WEB-INF you must uncomment the following section: Listing 8: Uncomment mail resource definition in web.xml
... Restart Tomcat for these changes to become active.
8.1.3 Mail Resource for openCRX on JBoss8.1.3.1 Create mail-service.xmlNext you need to create the file mail-service.xml in the directory d:\pgm\jboss-4.2.1.GA\server\default\deploy (JBoss on Windows) /opt/jboss/server/default/deploy (JBoss on Linux) In the sample file below you must at least adapt the highlighted strings to your own environment: Listing 10: File mail-service.xml
<?xml version="1.0" encoding="UTF-8"?> Additional information about configuration options of JavaMail is available from the JavaMail home: http://java.sun.com/products/javamail/FAQ.html
8.1.3.2 Mail Resource in web.xml and jboss-web.xmlIn the file web.xml in the directory (JBoss on Windows) d:\pgm\jboss-4.2.1.GA\server\default\deploy\opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\ or (JBoss on Linux) /opt/jboss/server/default/deploy/opencrx-core-CRX.ear/opencrx-core-CRX.war/WEB-INF/ you must uncomment the following section: Listing 11: Uncomment mail resource definition in web.xml
... Similarly, in the file jboss-web.xml in the directory (JBoss on Windows) d:\pgm\jboss-4.2.1.GA\server\default\deploy\opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\ or (JBoss on Linux) /opt/jboss/server/default/deploy/opencrx-core-CRX.ear/opencrx-core-CRX.war/WEB-INF/ you must uncomment the following section: Listing 12: Uncomment mail resource definition in jboss-web.xml
... Restart the application server for these changes to become active.
8.2 Outbound E-mail8.2.1 Outbound E-mail ConfigurationopenCRX users can configure e-mail accounts on their homepage indicating where they would like to receive e-mail notifications (e.g. generated by subscriptions):
Figure 30: Create a new E-Mail Account – step 1
Figure 31: Create a new E-Mail Account – step 2
The various fields have the following meanings:
Figure 32: Create a new E-Mail Account – step 3
Figure 33: E-mail subject prefix and Web access URL
The meaning of the two fields is as follows: You can easily test your e-mail settings if you create a subscription for Account Modifications (see Example Subscription – Account Modifications) and then work through the following steps:
Figure 34: Example of outbound E-mail Action Log Entries
8.2.2 Export E-mailsPlease refer to chapter 9.3 Mailstore / IMAP. 8.2.3 Send E-mails directly from openCRXAny openCRX E-Mail Activity can be sent as e-mail directly from openCRX:
Figure 35: Send E-Mail from openCRX – Overview The idea behind this functionality is less that you will use openCRX as a mail client, rather the SendMailWorkflow is an important element of the openCRX campaign management functionality. E-Mail Activities of type “E-Mails” are controlled by the Activity Process E-mail Process. Send E-Mail Activities to all recipients by executing the operation Actions > Follow Up and then selecting the Transition Send as mail as shown below:
Figure 36: Send E-Mail from openCRX with Actions > Follow Up
8.2.4 Send E-mails as Attachments to your Mail ClientAny openCRX E-Mail Activity can be sent to your mail client as an attachment. The idea behind this functionality is that you might want to put some finishing touches on an e-mail before you actually send it from your mail client:
Figure 37: Send E-Mail as Attachment from openCRX – Overview E-Mail Activities of type “E-Mails” are managed by the standard Activity Process E mail Process, i.e. they can be exported to the user's default mail account by executing the operation Actions > Follow Up and then selecting the Transition Export as mail attachment:
Figure 38: Export E-Mail from openCRX with Actions > Follow Up
8.3 Inbound E-mailPlease refer to chapter 9.3 Mailstore / IMAP. 8.3.1 Import E-mailsPlease refer to chapter 9.3 Mailstore / IMAP. 8.4 Trouble Shooting E-mail ServicesThe following table lists some of the common issues and how to fix them:
9 Groupware ServicesopenCRX features the following groupware services:
9.1 Directory Service / LDAPBased on Sun's OpenDS, an Open Source Directory Service, openCRX provides LDAP Server functionality (get more information about LDAP or read what Wikipedia is saying about LDAP). In a nutshell this means that you can use any LDAP client to connect to openCRX and view openCRX accounts. Furthermore, openCRX LDAP service supports SSL. The following information is required to connect to openCRX with an LDAP client:
9.1.1 Configuring the openCRX LDAP PortThe openCRX LDAP port is by default set to 1389
(to avoid conflicts with other LDAP daemons listening on the LDAP
standard port 389). You can change this configuration in the file
config.ldif
located
in Look for the entry ds-cfg-listen-port. If you build your own EARs you can change the openCRX LDAP port in your project's file build.properties (ldap.listenPort) or directly in your build.xml. 9.1.2 LDAP Configuration of ThunderbirdThe following steps are required to configure Thunderbird 2 for LDAP:
9.1.3 LDAP Configuration of MS OutlookThe following steps are required to configure MS Outlook 2007 for LDAP:
Figure 40: MS Outlook LDAP Configuration
9.2 Calendaring9.2.1 Calendar as a Set of ActivitiesopenCRX offers a multitude of mechanisms to structure, filter, and group activities:
9.2.2 Calendar SelectorsopenCRX openCRX can map each of the above-mentioned set of activities to a calendar. Depending on the mapping, the resulting calendar can be presented in various formats, e.g. CalDAV calendar, ICS calendar, Free Busy calendar, etc. Some typical calendar selectors are listed below:
Selector Examples: CRX/Standard/tracker/shared CRX/Standard/category/presales CRX/Standard/milestone/2.0 CRX/Standard/tracker/main/filter/open CRX/Standard/userhome/guest CRX/Standard/resource/jeff CRX/Standard/globalfilter/last18months
For the purpose of this guide we will mostly work with custom tracker called “shared”.
9.2.3 openCRX Activities mapped to Calendar EventsopenCRX activities correspond to calendar events (or tasks). An event's iCal representation is stored in the corresponding activity's iCal attribute:
Figure 41: An openCRX activity's iCal representation In the openCRX standard GUI the same activity is presented as follows:
Figure 42: An openCRX activity in the standard GUI As the above activity is assigned to “guest” it is automatically filtered to the homepage of the user guest:
Figure 43: An openCRX activity filtered to a user's homepage This activity is also assigned to the tracker “shared”. In various of this guide's examples we will make use of these facts by using the Calendar Selectors CRX/Standard/userhome/guest and CRX/Standard/tracker/shared. 9.2.4 Calendaring / Free BusyFree Busy is part of the iCalendar standard (RFC 2445) for calendar data exchange (see also Wikipedia). Many calendar clients rely on this information for group scheduling. openCRX can derive free busy information on-the-fly from the respective activities; two methods are supported, one without authentication (supported by most clients) and one with authentication: Free Busy URL (without authentication, requires openCRX principal guest): http://<crxServer>:<Port>/opencrx-ical-<Provider>/freebusy Example:
Free Busy URL (with authentication): http://<crxServer>:<Port>/opencrx-ical-<Provider>/ical Example:
Please note that free busy information is provided by the openCRX server in a read-only fashion (i.e. free busy clients cannot update such information). 9.2.4.1 Free Busy Configuration of ThunderbirdThunderbird 2.0 supports free busy if the following add-ons are installed:
Once the SOGo Connector is installed, Contact Cards of the Thunderbird Address Book will feature a tab CalDAV. This is where you can enter the URL:
9.2.4.2 Free Busy Configuration of MS OutlookSee http://support.microsoft.com/kb/291621. Please note that Outlook does not support SSL with free busy. 9.2.5 Calendaring / iCalendar (ICS)iCalendar is implemented/supported by a large number of products (see RFC 2445 or Wikipedia for information about the iCalendar standard, sometimes referred to as “iCal”). openCRX can derive iCalendar information on-the-fly from the respective activities. iCal clients must authenticate to read and/or write iCalendar data. ICS URL (with authentication): http://<crxServer>:<Port>/opencrx-ical-<Provider>/ical Example:
9.2.5.1 ICS Configuration of Thunderbird/Lightning and SunbirdThunderbird 2.0 with the Lightning add-on (at least version 0.7) is a fully-fledged calendar client and offers virtually the same calendaring functionality as the stand-alone calendar client Sunbird (at least version 0.7). Creating a remote calendar (hosted on your openCRX server) is rather straightforward:
Unfortunately, the version 0.7 of Thunderbird/Lightning and Sunbird requires a life connection to openCRX (i.e. no support for offline viewing/editing). 9.2.5.2 ICS Configuration of MS OutlookOut of the box Redmond's flagship MS Outlook 2007 does not offer you much choice with ICS calendars. You are stuck with one of the following 2 options:
Not to leave you out in the rain, we put together a bunch of VBA scripts that teach your Outlook a few new tricks. The scripts and detailed instructions for both MS Outlook 2003 and MS Outlook 2007 are available from http://www.opencrx.org/opencrx/2.0/Outlook_ICS_adapter.htm
9.2.6 Calendaring / CalDAVCalDAV is one of the newer standards (see http://www.caldav.org/ or Wikipedia for information about the CalDAV standard). openCRX can derive CalDAV information on-the-fly from the respective activities. CalDAV clients must authenticate to read and/or write CalDAV data. CalDAV URL (with authentication): http://<crxServer>:<Port>/opencrx-caldav-<Provider>/<Provider>/<Segment>/<Calendar Selector> Example:
9.2.6.1 CalDAV Configuration of Thunderbird/Lightning and SunbirdThunderbird 2.0 with the Lightning add-on (at least version 0.7) is a fully-fledged CalDAV client and offers virtually the same calendaring functionality as the stand-alone calendar client Sunbird (at least version 0.7). Creating a remote calendar (hosted on your openCRX server) is rather straightforward:
Unfortunately, the version 0.7 of Thunderbird/Lightning and Sunbird requires a life connection to openCRX (i.e. no support for offline viewing/editing). Furthermore, CalDAV remote calendars are awfully slow (not because of Bedework or openCRX, it's a Lightning/Sunbird-internal issue).
9.2.6.2 CalDAV Configuration of MS OutlookRedmond, are you listening? How about adding CalDAV support to MS Outlook? Unfortunately, we are not aware of an affordable third-party plugin/add-on that could fill the gap. You are not out of luck, however: try our Open Source ICS Adapter for Outlook, available from http://www.opencrx.org/opencrx/2.0/Outlook_ICS_adapter.htm
9.2.6.3 CalDAV Configuration of Chandler DesktopWe connected Chandler Desktop v0.7.4.1 as follows with openCRX:
The tested version of Chandler Desktop (v0.7.4.1) was very talkative and generated a lot of requests on the openCXR Server. Select the option “Suspend Syncing shared” on subscribed collections to stop the chatter. You can still sync on demand. It also seems that there are some timezone issues with Chandler. As Chandler is very much work in progress you must decide yourself whether this works for you or not. 9.2.7 Calendaring / TimelineTimeline is an extremely interesting DHTML-based AJAX widget for visualizing time-based events. It is like Google Maps for time-based information. A live example is available at http://simile.mit.edu/timeline/ Figure 44: Timeline visualizes time-based events CrxObjects with sets of activities typically feature the wizard Timeline. Simply call that wizard to construct a timeline to visualize activities right in your browser:
9.3 Mailstore / IMAPInstead of offering platform specific plugins for a multitude of mail clients like MS Outlook, MS Outlook Express, Thunderbird, Evolution, Eudora, Elm, etc. openCRX features a platform neutral IMAP adapter (get more information about IMAP or read what Wikipedia is saying about IMAP). The advantages of such a standardized IMAP adapter are:
In a nutshell this means that you can use any IMAP client to connect to openCRX and view openCRX EMailActivities. openCRX activity groups are mapped to IMAP folders. The folders contain openCRX EMailActivities. Viewing/exporting of EmailActivities is always possible, creating/updating of EmailActivities requires that an E-Mail Activity Creator is defined for the respective Activity Group, and deleting of EmailActivities is not supported.
The following information is required to connect an IMAP client to openCRX:
9.3.1 Configuring the openCRX IMAP PortThe openCRX IMAP port is by default set to 1143
(to avoid conflicts with other IMAP daemons listening on the IMAP
standard port 143). You can change this configuration in the file
web.xml
located in Look for the the param-name port. If you build your own EARs you can change the openCRX LDAP port in your project's file build.properties (imap.listenPort) or directly in your build.xml. 9.3.2 Configuring the IMAP Maildir CacheFor increased performance the openCRX IMAP Adapter works with a cache. The location of this cache, the so-called Maildir, can be set as a JAVA_OPTS.
9.3.2.1 Maildir Configuration with Apache TomcatAdd the following line to your JAVA_OPTS in your Tomcat start batch file (e.g. tomcat.bat, run.bat, run.sh, etc.): Listing 15: Set org.opencrx.maildir for Apache Tomcat
... 9.3.2.2 Maildir Configuration with JBossAAdd the following line to your JAVA_OPTS in your JBoss start batch file (e.g. run.bat, run.sh, etc.): Listing 16: Set org.opencrx.maildir for Apache Tomcat ...
9.3.3 IMAP Configuration of ThunderbirdThe following information is required to configure an IMAP account:
Figure 45: Thunderbird IMAP Configuration
9.3.4 IMAP Configuration of MS OutlookThe following steps are required to configure MS Outlook 2007 for LDAP:
Figure 46: Thunderbird IMAP Configuration
9.4 Collaboration / WikiopenCRX v2.0 features seamless integration with XWiki thereby offering all the features that you can find in a typical wiki. XWiki is a second generation wiki (a.k.a an application wiki), ideally suited for developing collaborative web applications. Each openCRX segment can have its own wiki (multi-entity enabled). Wiki pages are stored as openCRX documents or openCRX media attachments (org.opencrx.groupware.xwiki.spi.StoreImpl implements the XWiki document backend) The following steps prepare an openCRX segment for XWiki:
That's it for the setup. It is worthwhile, however, to browse the information available from the XWiki site at http://www.xwiki.org/. 10 Data Import/ExportThere are many ways of importing data (from other systems into openCRX) and exporting data (from openCRX to other systems). Generally speaking, there is no best way of doing imports/exports because depending on how much weight you put on the pros and cons of the various methods you may come to a different conclusion. Some issues to consider are:
In this chapter we will cover some of the basic options you can choose from, but there are obviously other (and sometimes better) options to consider.
10.1 Importing Data into openCRXThe task of importing data is handled by importers. In principle, you can import almost anything into openCRX, it’s really only a matter of writing an appropriate importer.
The Open Source distribution of openCRX includes importers for vCard (see Importing vCard Files)and iCalendar files (see ) in addition to the XML importer. 10.2 Importing XML FilesYou can import virtually any data into openCRX as long as you provide it in the form of schema-compliant XML files. The openCRX schema files can be found in the file opencrx-kernel.jar (unzip and look for xmi subdirectories). Alternatively, you can export example objects as XML files and look at the produced XML files (although the generated XML file also contains all the derived and optional attributes; hence, you will have to prune the generated XML file before you can use it as a template). Some of the configuration information and data provided with openCRX are also provided in the form of XML files and imported during system setup (e.g. units of measurement are loaded from opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\config\data\ Root\uom_SI_and_Paper.xml). An XML import from a third party system might typically involve the following steps:
Figure 47: XML import from 3rd party system – overview You can import schema-compliant XML files with the following methods:
10.2.1 Importing vCard Files ( openCRX Contacts)vCard is file format standard for personal data interchange, specifically electronic business cards (additional information is for example available from http://en.wikipedia.org/wiki/VCard). These are the steps to import a vCard file:
Figure 50: Operation vCard Import
10.2.2 Importing E-MailsPlease refer to the Chapter 8 E-mail Services, in particular chapter 8.3.1 Import E-mails. 10.2.3 Other OptionsThere are various other options to consider. You could for example develop a custom-tailored JSP Wizard to import data on demand or on a regular basis (e.g. controlled by the openCRX WorkflowController). Sometimes it is more appropriate to develop a specific openCRX client to handle imports, and in a typical enterprise class environment you will probably consider developing adapters to connect/integrate openCRX with 3rd party systems on a real-time basis.
10.3 Exporting Data from openCRXThe task of exporting data is handled by exporters. The Open Source distribution of openCRX includes exporters for vCard and iCalendar files in addition to the XML exporter. This allows you to export contacts and meetings/sales visits or any other object from openCRX. vCard and iCalendar files can be imported by a large variety of other applications, including Microsoft Outlook. This chapter shows how to export data. 10.3.1 Exporting XML FilesNavigate to the object to be exported as XML file and execute the operation File > Export XML as shown below:
Figure 51: Exporting SalesOrder as XML File In order to better control which additional objects (composites, referenced objects, ...) the XLM exporter should export together with the object loaded in the Inspector, you can (optionally) provide a reference filter. The default reference filter is :*/:* meaning that all composites up to 2 levels deep will be exported together with the main object (this should be sufficient for most use cases). You can also provide a reference filter to dereference and export referenced objects like the customer or the salesRep of a sales order. If the export is successful the exporter will terminate with status OK and you will be provided with a link to a zip file containing the raw data and all the referenced code tables:
Figure 52: XML Exporter provides XML data file and code tables as ZIP file 10.3.2 Exporting openCRX Contacts ( vCard Files)These are the steps to export a contact to a vCard file:
Figure 53: Export Contact as vCard If the export operation was successful the result will contain a link to the vCard file. Click on that link to download the vCard file from the openCRX server. 10.3.3 Exporting openCRX Contacts ( Outlook Contacts)Navigate to the contact you want to export to MS Outlook and execute the Wizard Export to MS Outlook:
Figure 54: Export Contact to MS Outlook
The Wizard creates a new MS Outlook Contact from the openCRX Contact. If you want to add it permanently to your MS Outlook file, simply click the button [Save and Close], otherwise close the Contact window to discard An animation is available at http://www.opencrx.org/opencrx/1.9/new.htm#ops
10.3.4 Exporting openCRX Meetings ( iCalendar Files)These are the steps to export a meeting (or a sales visit) to an iCalendar file:
Figure 55: Exporting Meeting / Sales Visit as iCalendar File 10.3.5 Exporting E-MailsPlease refer to the Chapter 8 E-mail Services, in particular chapter 8.2.2 Export E-mails. 10.3.6 Other OptionsThere are various other options to consider. You could for example develop a custom-tailored JSP Wizard to export data on demand or on a regular basis (e.g. controlled by the openCRX WorkflowController). Sometimes it is more appropriate to develop a specific openCRX client to handle exports, and in a typical enterprise class environment you will probably consider developing adapters to connect/integrate openCRX with 3rd party systems on a real-time basis. 11 Customizing openCRXPlease refer to the guides available at http://www.opencrx.org/documents.htm for detailed information regarding UI customization and localization. 11.1 Managing LocalesThe default installation of openCRX activates all locales that are included in the Open Source distribution. The openCRX administrator may wish to deactivate certain locales from the locale list. This chapter shows how you can achieve this. The locale list is contained in the file opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\web.xml Look for the section <!-- locales --> to find a list of available locales: Listing 17: Locales in web.xml <!-- locales
-->
You can deactivate locales by simply commenting them out. The following example shows how to deactivate the locale de_CH. Listing 18: Activating/Deactivating Locales in web.xml <!-- locales
-->
11.2 Managing PackagesThe default installation of openCRX activates all packages that are included in the Open Source distribution. The openCRX administrator may wish to deactivate certain packages if they are not used. This chapter shows how you can achieve this. The package list is contained in the file opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\web.xml Look for the section <!-- Admin --> to find a list of available packages: Listing 19: Locales in web.xml <!-- Admin
-->
You can deactivate packages by simply commenting them out. The following example shows how to deactivate the package depot1: Listing 20: Activating/Deactivating Locales in web.xml
...
11.3 Role-based UIRequires Model Permissions (which are not implemented yet). The same goal can easily be achieved with multiple web applications, however. 11.3.1 Model PermissionsModel permissions are not implemented yet. 11.3.2 Custom Layout JSPsopenCRX is distributed with 2 default layout JSPs located in the directory opencrx-core-CRX.ear\opencrx-core-CRX.war\WEB-INF\config\layout\en_US:
This layout JSP renders all pages that show information (typically an Inspector containing information about the current object and all the grids containing associated information). This layout JSP is generic (it is provided by openMDX/portal) and it can handle any object.
Similarly, this layout JSP renders all pages that are used to edit objects. If you have a need for specialized screens for a particular object in edit and/or show mode, you can write your own layout JSP and deploy it to the above-mentioned directory. The file name of your custom layout JSP determines which objects (or rather: objects of which class) will be handled by your custom layout JSP. Example: Let's assume you want to replace the default edit screen for openCRX Contacts (i.e. class org.opencrx.kernel.account1.Contact) with a custom layout JSP. Name your file edit-org.opencrx.kernel.account1.Contact.jsp and deploy it to the directory ...\WEB-INF\config\layout\en_US. After restarting Tomcat or your application server your new layout JSP will be active.
12 Integration with Office SuitesopenCRX provides various technologies that enable you to easily integrate common office suites like Open Office or Microsoft Office. 12.1 MS Office12.1.1 MS WordSee information published
at 12.1.2 MS ExcelSee information published
at 12.1.3 MS OutlookSee chapter 9 Groupware Services. 12.2 Open Office12.2.1 OpenOffice WriterSee information published
at 12.2.2 OpenOffice CalcSee information published
at 12.3 Mozilla Thunderbird / SunbirdSee chapter 9 Groupware Services. 13 Next StepsYou might want to have a look at some of the additional documentation published at http://www.opencrx.org/documents.htm. License
The contents of this file are
subject to a BSD license (the "License"); you may not use
this file except in compliance with the License. You may obtain a
copy of the License at http://
Copyright 2008 ©
CRIXP Corp. All rights reserved. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||