UCS 4.4 - Problems with a Zentyal Takeover + Questions regarding firewall & OX App Suite

Hi,

I’ve tested the UCS Core 4.4 locally and was satisfied with the results. Therefore, I’d like to move my systems over to UCS.

A few words regarding the network configuration:
I run UCS in a subnet of several VMs that are managed via a Linux host.
There is one “routing VM” over which the entire traffic from/to the outside runs - all VMs in the subnet use this as gateway.

I installed UCS using the ISO image 4.4 and the installation went smooth and (most important) without any problems.

Unfortunately, there is a small problem with the Zentyal takeover and I have a question about the firewall configuration and possibly one for the OX App Suite experts here as well.

Let’s start with the takeover-problem :wink:

I would like to perform an AD takeover from a Zentyal Server 6.0.1 to the UCS server.
I have already read through a few of the posts here regarding this topic and in principle the takeover seems to work great - Unfortunately not on my end.

The servers are in the same LAN subnet and the domain is configured as follows:

UCS:

  • FQDN - machinename1.domain.local
  • LDAP Base - dc = domain, dc = local

Zentyal:

  • FQDN - machinename2.domain.local
  • LDAP Base - dc = domain, dc = local

However, if I try to perform an AD takeover using the domain-admin credentials and the correct address of the Zentyal server, it connects forever and after a while I get a message that no AD services could be detected at the given address.

The UCS server has been allowed access to everything via the Zentyal firewall - so as far as I am concerned it can not be a network error…

If you have any hints and/or tips I would be really grateful. If logfiles are needed then I will gladly provide them. Unfortunately the ad-takeover.log only states “No AD services could be detected on address xyz”.


So that’s my problem - Now to my question regarding the firewall:
I would like to make the UCS freely available (without VPN) from the outside.
The default firewall configuration therefor is a bit unsuitable because LDAP and AD ports are basically completely open to everyone.

But since all the applications I may want to integrate via SAML later are in the same subnet it would make sense to manage access from the outside as strict as possible and only let the machines within the subnet communicate freely with each other.

Is there possibly an installation parameter/a setting which can be used to close all ports (except for 80, 443, 22) from the outside with the option to manually open them up afterwards?

Alternatively, of course, I could also close everything “by hand” but I thought it would be best to ask first :slight_smile:


Last but not least: My question for the OX experts.
I would like to replace Zimbra with the App Suite available through the UCS App Center. Unfortunately I have not been able to find out how to create “shared folders” that can receive emails.

Something like a folder “Sales” which I can allow access to for certain users/groups and that collects all mails directed towards "sales@domain.com" without the need to create an independent user using that email-address.

I read that there is a way using the oxadmin GUI (external application) which offers a convenient solution but unfortunately there is no download for the current OX version (7.10) available yet.
It’s a shame because, as far as I know, OX does not come with its own admin GUI like Zimbra does.

But since I am able to manage my users via UCS it does not bother me if I have to create the shared folders using the CLI.
Unfortunately, I could not find the proper command for it - so maybe someone can help me out :slight_smile:

Mastodon