Chapter 2. User management

Table of Contents

Extended options
Open-Xchange module access
Extra parameters when authentication is enabled
Return value
Mandatory parameters
Command output
Extra parameters when authentication is enabled
Return value
Mandatory parameters
Command output
Extra parameters when authentication is enabled
Return value
Mandatory parameters
Command output
Extended options
Access changes for existing users
Extra parameters when authentication is enabled
Return value
Mandatory parameters
Command output


createuser is the tool to create new users in a given context. The displayname must be unique in one context.


-h,--helpPrints a help text
--environmentShow info about commandline environment
--nonlRemove all newlines (\n) from output
--extendedoptions Set this if you want to see all options, use this instead of help option
-c,--contextid <integer>The id of the context
-u,--username <string>Username of the user
-d,--displayname <string>Display name of the user
-g,--givenname <string>Given name for the user
-s,--surname <string>Surname of the user
-p,--password <string>Password for the user
-e,--email <string>Primary mail address
-l,--language <lang>Language for the user (de_DE,en_US, fr_FR)
-t,--timezone <timezone>Timezone of the user (Europe/Berlin)
-x,--department <string>Department of the user
-z,--company <string>Company of the user
-a,--aliases <string>E-Mail aliases of the user, separated by ","
--access-combination-name <access-combination-name>Access combination name
--addguipreferences <addguipreferences>Add a GUI setting (key=value)

For the GUI preferences please also see

Extended options

--email1 <string>Email1
--birthday <datevalue>Birthday
--anniversary <datevalue>Anniversary
--branches <string>Branches
--business_category <string>Business_category
--postal_code_business <string>Postal_code_business
--state_business <string>State_business
--street_business <string>Street_business
--telephone_callback <string>Telephone_callback
--city_home <string>City_home
--commercial_register <string>Commercial_register
--country_home <string>Country_home
--email2 <string>Email2
--email3 <string>Email3
--employeetype <string>EmployeeType
--fax_business <string>Fax_business
--fax_home <string>Fax_home
--fax_other <string>Fax_other
--imapserver <string>ImapServer
--imaplogin <string>ImapLogin
--smtpserver <string>SmtpServer
--instant_messenger1 <string>Instant_messenger1
--instant_messenger2 <string>Instant_messenger2
--telephone_ip <string>Telephone_ip
--telephone_isdn <string>Telephone_isdn
--mail_folder_drafts_name <string>Mail_folder_drafts_name
--mail_folder_sent_name <string>Mail_folder_sent_name
--mail_folder_spam_name <string>Mail_folder_spam_name
--mail_folder_trash_name <string>Mail_folder_trash_name
--manager_name <string>Manager_name
--marital_status <string>Marital_status
--cellular_telephone1 <string>Cellular_telephone1
--cellular_telephone2 <string>Cellular_telephone2
--info <string>Info
--nickname <string>Nickname
--number_of_children <string>Number_of_children
--note <string>Note
--number_of_employee <string>Number_of_employee
--telephone_pager <string>Telephone_pager
--password_expired <booleanvalue>Password_expired
--telephone_assistant <string>Telephone_assistant
--telephone_business1 <string>Telephone_business1
--telephone_business2 <string>Telephone_business2
--telephone_car <string>Telephone_car
--telephone_company <string>Telephone_company
--telephone_home1 <string>Telephone_home1
--telephone_home2 <string>Telephone_home2
--telephone_other <string>Telephone_other
--postal_code_home <string>Postal_code_home
--profession <string>Profession
--telephone_radio <string>Telephone_radio
--room_number <string>Room_number
--sales_volume <string>Sales_volume
--city_other <string>City_other
--country_other <string>Country_other
--middle_name <string>Middle_name
--postal_code_other <string>Postal_code_other
--state_other <string>State_other
--street_other <string>Street_other
--spouse_name <string>Spouse_name
--state_home <string>State_home
--street_home <string>Street_home
--suffix <string>Suffix
--tax_id <string>Tax_id
--telephone_telex <string>Telephone_telex
--telephone_ttytdd <string>Telephone_ttytdd
--uploadFileSizeLimitPerFile <string>uploadFileSizeLimitPerFile
--uploadFileSizeLimit <string>uploadFileSizeLimit
--url <string>Url
--userfield01 <string>Userfield01
--userfield02 <string>Userfield02
--userfield03 <string>Userfield03
--userfield04 <string>Userfield04
--userfield05 <string>Userfield05
--userfield06 <string>Userfield06
--userfield07 <string>Userfield07
--userfield08 <string>Userfield08
--userfield09 <string>Userfield09
--userfield10 <string>Userfield10
--userfield11 <string>Userfield11
--userfield12 <string>Userfield12
--userfield13 <string>Userfield13
--userfield14 <string>Userfield14
--userfield15 <string>Userfield15
--userfield16 <string>Userfield16
--userfield17 <string>Userfield17
--userfield18 <string>Userfield18
--userfield19 <string>Userfield19
--userfield20 <string>Userfield20
--city_business <string>City_business
--country_business <string>Country_business
--assistant_name <string>Assistant_name
--telephone_primary <string>Telephone_primary
--categories <string>Categories
--mail_folder_confirmed_ham_name <string>Mail_folder_confirmed_ham_name
--mail_folder_confirmed_spam_name <string>Mail_folder_confirmed_spam_name
--Spam_filter_capabilities_enabled <booleanvalue>Spam_filter_capabilities_enabled
--mailenabled <true/false>Mailenabled
--defaultsenderaddress <stringvalue>DefaultSenderAddress
--title <string>Title
--position <string>Position
--access-calendar <on/off>Calendar module (Default is off)
--access-contacts <on/off>Contact module access (Default is on)
--access-delegate-tasks <on/off>Delegate tasks access (Default is off)
--access-edit-public-folder <on/off>Edit public folder access (Default is off)
--access-forum <on/off>Forum module access (Default is off)
--access-ical <on/off>Ical module access (Default is off)
--access-infostore <on/off>Infostore module access (Default is off)
--access-pinboard-write <on/off>Pinboard write access (Default is off)
--access-projects <on/off>Project module access (Default is off)
--access-read-create-shared-Folders <on/off>Read create shared folder access (Default is off)
--access-rss-bookmarks <on/off>RSS bookmarks access (Default is off)
--access-rss-portal <on/off>RSS portal access (Default is off)
--access-syncml <on/off>Syncml access (Default is off)
--access-active-sync <on/off>Exchange Active Sync access (Default is off)
--access-usm <on/off>Universal Sync Module access (Default is off)
--access-tasks <on/off>Tasks access (Default is off)
--access-vcard <on/off>Vcard access (Default is off)
--access-webdav <on/off>Webdav access (Default is off)
--access-webdav-xml <on/off>Webdav-Xml access (Default is off)
--access-webmail <on/off>Webmail access (Default is on)
--access-publication <on/off>Publication permission (Default is on)
--access-subscription <on/off>Subscription permission (Default is on)
--access-edit-group <on/off>Edit group access (Default is off)
--access-edit-resource <on/off>Edit resource access (Default is off)
--access-edit-password <on/off>Edit password access (Default is off)
--access-multiple-mail-accounts <on/off>Use multiple mail account feature (Default is off)
--access-global-address-book-disabled <on/off>Access to global address book (Default is off). Note: There is a 'restoregaddefaults' script to restore the default permissions of the global address book folder.

Open-Xchange module access

With Open-Xchange it is possible to limit the access to the available modules per context i. e., all users in one context need to have the same access rights. Currently, following modules are implemented: access-calendar, access-contacts, access-delegate-tasks, access-edit-public-folder, access-ical, access-infostore, access-read-create-shared-Folders, access-tasks, access-vcard, access-webdav, access-webdav-xml, access-syncml and access-webmail. There are several combinations possible and four are supported (not mentioned modules need to be disabled). This limitation is needed because some modules depend on access to others. There are different Open-Xchange packages available for the customer: Webmail+, PIM+, Groupware+, Premium. These packages have to be configured per context i. e., all users in a context need to use the same package. Each package consists of a combination of modules that has to be set up appropriately. The following sections quickly introduce the packages and their module configuration. Open-Xchange also provides the possibility to use "access combination names" when creating and changing contexts/users. If you want to change the package acess rights for a context, you can simply add the "access-combination-name" switch to the appropriate tool (createcontext,createuser,changecontext etc.).


If there are no access rights specified when creating a new user Webmail+ is used as default. Webmail+ is a base package that allows access to the webmail interface and a personal address book. To grant access to this package, the following modules have to be set to "on" for all users in a context:

* access-contactsAccess combination name: webmail_plus   
* access-webmailAccess combination name: webmail_plus   


PIM+ is another base package that gives access to the webmailer, personal address book, calendar and tasks. Group appointments and delegating tasks are not supported. To grant access to this package, the following modules have to be set to "on" for all users in a context:

* access-contactsAccess combination name: pim_plus   
* access-webmailAccess combination name: pim_plus   
* access-calendarAccess combination name: pim_plus   
* access-delegate-tasksAccess combination name: pim_plus   
* access-tasksAccess combination name: pim_plus   


Groupware+ is an upsell package that provides full groupware functionality: private, shared and public folders, conflict handling for appointments, team view. Furthermore, the InfoStore is available. To grant access to this package, the following modules have to be set to "on" for all users in a context:

* access-contactsAccess combination name: groupware_plus   
* access-webmailAccess combination name: groupware_plus   
* access-calendarAccess combination name: groupware_plus   
* access-delegate-tasksAccess combination name: groupware_plus   
* access-tasksAccess combination name: groupware_plus   
* access-edit-public-folderAccess combination name: groupware_plus   
* access-infostoreAccess combination name: groupware_plus   
* access-read-create-shared-FoldersAccess combination name: groupware_plus   


Premium is a desktop integration package. It provides the functionality of the "Groupware+" package and comes with interfaces to integrate with other software: The OXtender for MS Outlook and the WebDAV interface to integrate the InfoStore with desktops. To grant access to this package, the following modules have to be set to "on" for all users in a context:

* access-contactsAccess combination name: premium   
* access-webmailAccess combination name: premium   
* access-calendarAccess combination name: premium   
* access-delegate-tasksAccess combination name: premium   
* access-tasksAccess combination name: premium   
* access-edit-public-folderAccess combination name: premium   
* access-infostoreAccess combination name: premium   
* access-read-create-shared-FoldersAccess combination name: premium   
* access-icalAccess combination name: premium   
* access-vcardAccess combination name: premium   
* access-webdavAccess combination name: premium   
* access-webdavxmlAccess combination name: premium   

Package access configuration

This section provides a quick overview about the different packages that can be configured per context and the required access configuration:


Extra parameters when authentication is enabled

-A,--adminuser <string>Context admin user name
-P,--adminpass <string>Context admin password

Return value

0 on success

>0 on failure

Mandatory parameters

contextid {adminuser adminpass} username displayname givenname surname password email

Command output

On success:

user <userid> in context <contextid> created

On failure:

user in context <contextid> could not be created: <reason from server>


root@oxhe~# /opt/open-xchange/sbin/createuser -c 123 -u jd -d "john doe" -g John -s Doe -p userpw -e

user 3 in context 123 created