Problem: OX Groups invisible in Open-Xchange Frontend due to missing Mail Address

Knowledge Base Community
, , ,
1

Problem:

New groups in UCS, although defined as an OX Group, cannot be selected within the Open-Xchange (OX) frontend. The specific example group mentioned by the customer was not present in the OX Context, indicating it was not provisioned correctly.

Root Cause

The groups were not assigned a mail address, which is a prerequisite for them to be displayed in the Open-Xchange frontend. Once a mail address was entered for the groups, they became visible.

Reference: https://forge.univention.org/bugzilla/show_bug.cgi?id=58580

Reproduce

Full notes from my tests:

Issue:
Existing groups and newly created groups are not synchronized to Open-Xchange, even though these groups are members in Context 10 and have isOxGroup=OK. (Note: The user objects are members in Context 10 with isOxUser=OK).

Environment:

root@ucs5primary:~# univention-app info
UCS: 5.2-2 errata180
Installed: dhcp-server=16.0 fetchmail=6.4.37 mailserver=16.0 oxseforucs=7.10.6-ucs11 samba4=4.21 self-service=7.0 self-service-backend=7.0 ucsschool=5.2v3 5.0/keycloak=25.0.6-ucs4 5.0/ox-connector=2.3.4
Upgradable: keycloak ox-connector

Steps to Reproduce:

  1. Create a new group via UMC: cn=Test-Gruppe-01

    • Set isOxGroup=Ok.
    • Do not add any users to the group initially.

    Listener Logs (Group Creation):

    ==> /var/log/univention/listener.log <==
02.09.25 11:27:07.442  LDAP        ( PROCESS ) : connecting to ldap://ucs5primary.miro.intranet:7389
02.09.25 11:27:07.499  LISTENER    ( PROCESS ) : updating 'cn=Test-Gruppe-01,cn=groups,dc=miro,dc=intranet' command a
02.09.25 11:27:08.260  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-5-21-3450543618-4260802429-757627796-11185

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 11:27:08 INFO    create of cn=Test-Gruppe-01,cn=groups,dc=miro,dc=intranet (id: b'bd4081a4-1c2a-1040-8369-877d70335bf4', file: /var/lib/univention-appcenter/listener//ox-connector/2025-09-02-11-27-08-270731.json)

==> /var/log/univention/listener.log <==
02.09.25 11:27:08.406  LISTENER    ( PROCESS ) : ox-connector: create of cn=Test-Gruppe-01,cn=groups,dc=miro,dc=intranet (id: b'bd4081a4-1c2a-1040-8369-877d70335bf4', file: /var/lib/univention-appcenter/listener//ox-connector/2025-09-02-11-27-08-270731.json)
02.09.25 11:27:08.425  LISTENER    ( PROCESS ) : updating 'cn=gidNumber,cn=temporary,cn=univention,dc=miro,dc=intranet' command m

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 11:27:14 INFO    Using App account connection
2025-09-02 11:27:14 INFO    conversion of cn=Test-Gruppe-01,cn=groups,dc=miro,dc=intranet (id: bd4081a4-1c2a-1040-8369-877d70335bf4, file: /var/lib/univention-appcenter/apps/ox-connector/data/listener/2025-09-02-11-27-08-270731.json)
2025-09-02 11:27:16 INFO    Handling PosixPath('/var/lib/univention-appcenter/apps/ox-connector/data/listener/2025-09-02-11-27-08-270731.json')
2025-09-02 11:27:16 INFO    Group Test-Gruppe-01 will be OX Group
2025-09-02 11:27:16 INFO    mv /var/lib/univention-appcenter/apps/ox-connector/data/listener/2025-09-02-11-27-08-270731.json -> /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/bd4081a4-1c2a-1040-8369-877d70335bf4.json
2025-09-02 11:27:16 INFO    Successfully processed 1 files during this run
2025-09-02 11:27:16 INFO    Successfully processed 0 files during this run
2025-09-02 11:27:16 INFO    Success! Removing consumed files

==> /var/log/univention/listener.log <==
Updating default
Portal data updated in 0.03s
Updating selfservice
Portal data untouched
Updating umc
Portal data untouched


==> /var/log/open-xchange/open-xchange.log.0 <==
2025-09-02T11:29:47,060+0200 INFO  [OXTimer-0000433] com.openexchange.monitoring.impl.internal.memory.MemoryMonitoring.run(MemoryMonitoring.java:137)

        Garbage collection consumed 0.0% of uptime within 5 minutes. All fine.

2025-09-02T11:29:51,445+0200 INFO  [com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker] com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker.prepareCleanUp(MessageAlarmDeliveryWorker.java:129)
Started alarm delivery worker run...
2025-09-02T11:29:51,455+0200 INFO  [com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker] com.openexchange.database.internal.GlobalDbInit.getGroupsByPool(GlobalDbInit.java:261)
No pool identifier defined at section "default", ignoring global database section
 com.openexchange.database.schema=localhost_5
2025-09-02T11:29:51,469+0200 INFO  [com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker] com.openexchange.database.cleanup.impl.CleanUpJobRunnable.cleanUp(CleanUpJobRunnable.java:204)
Clean-up by job 'com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker' took 24ms (24ms)
 com.openexchange.database.schema=localhost_5
2025-09-02T11:29:51,469+0200 INFO  [com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker] com.openexchange.chronos.alarm.message.impl.MessageAlarmDeliveryWorker.finishCleanUp(MessageAlarmDeliveryWorker.java:135)
Alarm delivery worker run finished!
 com.openexchange.database.schema=localhost_5

  2. Create user Test OX-01 (This user is required to be a member of the group later).

    Listener Logs (User Creation):

    ==> /var/log/univention/listener.log <==
02.09.25 11:34:38.428  LDAP        ( PROCESS ) : connecting to ldap://ucs5primary.miro.intranet:7389
02.09.25 11:34:38.449  LISTENER    ( PROCESS ) : updating 'uid=test.ox-01,cn=users,dc=miro,dc=intranet' command a
02.09.25 11:34:38.458  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-5-21-3450543618-4260802429-757627796-5088

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 11:34:38 INFO    create of uid=test.ox-01,cn=users,dc=miro,dc=intranet (id: b'ca15f39a-1c2b-1040-8372-877d70335bf4', file: /var/lib/univention-appcenter/listener//ox-connector/2025-09-02-11-34-38-458868.json)

==> /var/log/univention/listener.log <==
02.09.25 11:34:38.459  LISTENER    ( PROCESS ) : ox-connector: create of uid=test.ox-01,cn=users,dc=miro,dc=intranet (id: b'ca15f39a-1c2b-1040-8372-877d70335bf4', file: /var/lib/univention-appcenter/listener//ox-connector/2025-09-02-11-34-38-458868.json)
... (omitted logs for Domain Users group update and connection details)

==> /var/log/open-xchange/open-xchange.log.0 <==
... (omitted logs)
2025-09-02T11:34:45,736+0200 INFO  [OXWorker-0000445] com.openexchange.tools.oxfolder.OXFolderAdminHelper.addUserToOXFolders(OXFolderAdminHelper.java:1735)
User 5 successfully created in context 10
... (omitted logs)
2025-09-02T11:34:45,747+0200 INFO  [OXWorker-0000445] com.openexchange.admin.storage.mysqlStorage.OXUserMySQLStorage.create(OXUserMySQLStorage.java:1788)
User 5 created!
... (omitted logs)
 
==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 11:34:45 INFO    univention.ox.soap.backend_base.SoapUser: Created user 'test.ox-01' in context 10 (id=5).
2025-09-02 11:34:45 INFO    Changing user 5 to profile premium
... (omitted logs)

  3. Add user test.ox-01 to group Test-Gruppe-01 (via UMC).

    • No changes were made in the logs, indicating the listener event was probably ignored as the group wasn’t a fully registered OX group yet.

    LDAP Search (Group Test-Gruppe-01):

    root@ucs5primary:~# univention-ldapsearch cn=Test-Gruppe-01
# extended LDIF
#
# LDAPv3
# base <dc=miro,dc=intranet> (default) with scope subtree
# filter: cn=Test-Gruppe-01
# requesting: ALL
#

# Test-Gruppe-01, groups, miro.intranet
dn: cn=Test-Gruppe-01,cn=groups,dc=miro,dc=intranet
cn: Test-Gruppe-01
gidNumber: 5092
sambaGroupType: 2
univentionGroupType: -2147483646
description: OX-Test-Gruppe
univentionObjectIdentifier: 371219d8-929a-45e0-91a9-da7b4e1e5ab1
isOxGroup: OK
sambaSID: S-1-5-21-3450543618-4260802429-757627796-11185
objectClass: top
objectClass: sambaGroupMapping
objectClass: oxGroup
objectClass: posixGroup
objectClass: univentionObject
objectClass: univentionGroup
univentionObjectType: groups/group
uniqueMember: uid=test.ox-01,cn=users,dc=miro,dc=intranet
memberUid: test.ox-01

  4. Create a new group called Test-Gruppe-02 via UMC and add two users (test.ox-01 and test.ox-02) directly upon creation, as described in the documentation:
    https://docs.software-univention.de/ox-connector-app/latest/usage.html#groups

    Listener Logs (Group Test-Gruppe-02 Creation):

    02.09.25 12:43:25.894  LDAP        ( PROCESS ) : connecting to ldap://ucs5primary.miro.intranet:7389
02.09.25 12:43:25.914  LISTENER    ( PROCESS ) : updating 'cn=Test-Gruppe-02,cn=groups,dc=miro,dc=intranet' command a
... (omitted logs)

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 12:43:25 INFO    create of cn=Test-Gruppe-02,cn=groups,dc=miro,dc=intranet (id: b'66406544-1c35-1040-8387-877d70335bf4', file: /var/lib/univention-appcenter/listener//ox-connector/2025-09-02-12-43-25-930144.json)
... (omitted logs)
2025-09-02 12:43:29 INFO    Group Test-Gruppe-02 will be OX Group
...
2025-09-02 12:43:29 INFO    Creating Object('groups/group', 'cn=Test-Gruppe-02,cn=groups,dc=miro,dc=intranet')

==> /var/log/open-xchange/open-xchange.log.0 <==
... (omitted logs)
2025-09-02T12:43:29,992+0200 ERROR [OXWorker-0000539] com.openexchange.admin.rmi.impl.OXCommonImpl.logAndReturnException(OXCommonImpl.java:336)


 com.openexchange.database.schema=localhost_5
...
com.openexchange.admin.rmi.exceptions.NoSuchGroupException: com.openexchange.admin.rmi.exceptions.NoSuchObjectException: com.openexchange.admin.rmi.exceptions.NoSuchGroupException: No such group Test-Gruppe-02 in context 10; exceptionId -989672406-14; exceptionId -989672406-16; exceptionId -989672406-18
        at com.openexchange.admin.rmi.impl.OXGroup.getData(OXGroup.java:568)
...
Caused by: com.openexchange.admin.rmi.exceptions.NoSuchGroupException: No such group Test-Gruppe-02 in context 10; exceptionId -989672406-14
        at com.openexchange.admin.storage.mysqlStorage.OXToolMySQLStorage.getGroupIDByGroupname(OXToolMySQLStorage.java:1263)
...

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 12:43:30 INFO    Retrieving members...
2025-09-02 12:43:30 INFO    Loading old object from /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/ca15f39a-1c2b-1040-8372-877d70335bf4.json
2025-09-02 12:43:30 INFO    ... found 5
2025-09-02 12:43:30 INFO    Loading old object from /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/f504c440-1c31-1040-837e-877d70335bf4.json
2025-09-02 12:43:30 INFO    ... found 7

==> /var/log/open-xchange/open-xchange.log.0 <==
2025-09-02T12:43:30,095+0200 INFO  [OXWorker-0000539] com.openexchange.admin.storage.mysqlStorage.OXGroupMySQLStorage.create(OXGroupMySQLStorage.java:350)
Group 8 created!
...
 
==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 12:43:30 INFO    univention.ox.soap.backend_base.SoapGroup: Created group 'Test-Gruppe-02' in context 10 (id=8).
... (omitted logs)

The logs show that even a freshly created group (Test-Gruppe-02) with the required isOxGroup=OK attribute, even if configured as per documentation to include users, throws a NoSuchGroupException during the group synchronization process before ultimately being created in the Open-Xchange database (Group 8 created!). Despite being created in the database, the group is still not selectable in the OX frontend because it lacks the required mail address.

Solution:

It should be ensured that groups have a mail address configured so that they are visible in the Open-Xchange frontend.

The groups themselves are synced to the Open-Xchange database by the OX-Connector even without a mail address as demonstrated by the final logs:

==> /var/log/univention/listener_modules/ox-connector.log <==
2025-09-02 17:14:23 INFO    univention.ox.soap.backend_base.SoapGroup: Created group 'Test-OX-Group03' in context 10 (id=9).
2025-09-02 17:14:23 INFO    mv /var/lib/univention-appcenter/apps/ox-connector/data/listener/2025-09-02-17-14-21-836535.json -> /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/576b7c28-1c5a-1040-9b7d-3981634d120f.json
2025-09-02 17:14:23 INFO    ... not done yet; enriching object by rewriting JSON file...
2025-09-02 17:14:23 INFO    Successfully processed 1 files during this run
2025-09-02 17:14:23 INFO    Successfully processed 0 files during this run
2025-09-02 17:14:23 INFO    Success! Removing consumed files

==> /var/log/univention/listener.log <==
Updating default
Portal data updated in 0.01s
Updating umc
Portal data untouched    


root@ucs5primary:~# /opt/open-xchange/sbin/listgroup -c 10 -A oxadmin -P $(< /etc/ox-secrets/context10.secret)
Id Name            Displayname     Members
 1 users           Standard group  2,3,4,5
 7 Test-OX-Group01 Test-OX-Group01 4,5    
 8 Test-OX-Group02 Test-OX-Group02 4,5    
 9 Test-OX-Group03 Test-OX-Group03 4,5