OpenChange (Microsoft® Exchange native replacement)¶
Introduction to OpenChange Technology¶
Zentyal integrates OpenChange the first and only native drop-in replacement for Microsoft® Exchange Server technologies. With OpenChange, Microsoft® Outlook clients continue to work unchanged, without plugins, reconfiguration or migration.
OpenChange achieves complete compatibility because it implements the same MAPI [1] protocols as existing groupware clients. The MAPI protocol is able to transport shared calendars, contact lists and tasks as well as email, with account and group-level security. This makes MAPI the equivalent of all the relevant Internet-standard protocols combined: IMAP, SMTP, CalDAV and LDAP.
In addition to being a MAPI server, OpenChange is a bridge between MAPI and these Internet-standard protocols, keeping both sides synchronised. A message in the Microsoft® Outlook inbox is visible in Mozilla Thunderbird’s view of the same account via IMAP, and when deleted the message disappears from both sides. Similarly, a calendar entry made in Mozilla Lightning over the CalDAV protocol is visible and changeable from Microsoft® Outlook.
To get an overview of where is OpenChange located in relation to the other Zentyal Components and the basics of its interactions and protocols you can review the next diagram:
[1] | http://en.wikipedia.org/wiki/MAPI |
OpenChange is a Samba4 plugin, using Samba4 for user information, authentication and the Global Address List directory service. As previously mentioned the Microsoft® Outlook client can communicate natively with this component, there is no need to re-join the client to a domain or to install any external plugins.
OpenChange features an abstraction layer that makes it possible to communicate with different Storage backends. This backend will be in charge of storing and serving the different databases needed to enable groupware collaboration, using a MySQL database and to bridge the mail system, talking with the standard mail components in their native protocols (typically IMAPS and SMTPS).
The Webmail service component will also integrate with OpenChange automatically, providing a convenient HTTPS interface for all the mentioned mail/groupware features.
Configuring a stand-alone OpenChange server¶
OpenChange depends on the Users and Computers (Samba4) and Electronic Mail Service (SMTP/POP3-IMAP4) components, as derived by the diagram. This means that your Zentyal server already has a Microsoft® Server-compatible domain and a Virtual Mail domain that will be used to provide the mentioned services.
Warning
It’s not possible to install both the Zarafa and OpenChange components in the same server. This is due to Zarafa taking over one of the Virtual Mail Domains users’ inboxes and using different versions of some system libraries.
After installing and enabling the module, you need to provision OpenChange. Go to OpenChange ‣ Setup where you can see the following page:
In the stand-alone scenario this will be the first exchange server, so in the drop down menu you will select New One and choose the Organization Name. This name will become a node in Samba4’s Active Directory tree that will contain all the attributes related with the Microsoft®Exchange environment.
Once you click on Setup OpenChange will be provisioned, modifying Samba4 Active Directory schema. This modification makes the new schema compatible with a Microsoft® Windows Server that also features a Microsoft® Exchange Server, making it possible to become its additional controller.
As you see in the capture, an OpenChange account can be automatically supplied to all the existing users of this Zentyal Server.
Configuring the Microsoft® Outlook Client¶
There are basically three different configuration scenarios:
- The client is inside the organization’s network and joined to the domain
- The client is inside the organization’s network but not joined to the domain
- The client wants to use Microsoft® Outlook from an external network (over the Internet)
The first case is fairly straightforward, since the user’s credentials are already loaded at login.
Zentyal OpenChange enables autodiscovery protocol for Microsoft® Outlook and makes it possible to automatically create the account using just the information provided at login.
It is possible that you receive a warning related with the server’s certificate if you have not signed this certificate with a valid CA. To learn more about certificate validation, please read the Certification authority (CA) chapter. It is safe to continue despite this warning.
Once the configuration wizard is complete, your Microsoft® Outlook client will be ready to use:
If the client is located inside the network but not joined to the domain, you have to follow the next steps:
Make sure the Windows client is perfectly time-synced with the server, and that Windows is using Zentyal’s DNS server.
When launching Outlook’s wizard, you have to select the option Manually configure server settings or additional server types.
Select Microsoft® Exchange account on the next screen
You will then fill the server name using Zentyal’s FQDN and the user name (without domain), before clicking on the Next button, click on More Settings
From the tab Security check the option Always prompt for logon credentials
You will be asked for the logon credentials of the user
If the account setup was successful, the fully qualified domain name of the openchange server will show up underlined along with the full name of the user.
Then, you just need to follow the wizard and your mail client will be ready to use.