Release Notes - Version 3.5

TeamDrive Registration Server version 3.5 is the next major public release following after version 3.0.018.

Note

Please note the the version numbering scheme for the Registration Server has been changed starting with version 3.5. The first two digits of the version string now identify a released version with a fixed feature set. The third digit, e.g. “3.5.1” now identifies the patch version, which increases for every public release that includes backwards-compatible bug or security fixes. A fourth digit identifies the build number and ususually remains at zero, unless a rebuild/republishing of a release based on the same code base has to be performed (e.g. to fix a build or packaging issue that has no effect on the functionality or feature set).

Version 3.5 of the Registration Server contains the following features and notable differences compared to version 3.0.018. This includes all changes made for version 3.0.019, which was an internal interim release used to deploy and test most of the new functionality described below.

Installation

  • The initial configuration and initialization of a Registration Server is no longer performed by filling out the RegServerSetup.xml file and running the RegServerSetup.pbt script on the command line. Instead, a web-based setup process has been implemented, which guides the administrator through the steps involved.
  • The Registration Server no longer depends on the PrimeBase Application Environment (e.g. the mod_pbt Apache module or the pbac command line client), provided by the RPM package PrimeBase_TD in version 3.0.018). Instead, it is now based on the Yvva Runtime Environment which is already used for the TeamDrive Host Server since version 3.0.013 and newer. The environment is provided by the yvva RPM package, which will automatically replace any installed PrimeBase_TD RPM package during an upgrade. The central log file /var/log/td-regserver.log is the central log location for all Yvva-based components; the previous log files (e.g. /var/log/pbt_mod.trace, /var/log/pbvm.log or /var/log/pbac_mailer.log) will no longer be used.
  • The Apache HTTP Server configuration file for the Registration Server has been renamed from /etc/httpd/conf.d/pbt.conf to /etc/httpd/conf.d/td-regserver.httpd.conf.
  • The installation no longer requires the Apache HTTP Server to be configured using the “worker” MPM, which simplifies the overall installation and configuration of the base operating system and allows for using the PHP Apache module instead of the FastCGI implementation for the Administration Console.
  • The login credentials required to access the Registration Server’s MySQL database server are now stored in a single configuration file /etc/td-regserver.my.cnf, which is consulted by all components (e.g. the Administration Console, Registration Server or the Auto Task background service).
  • The background service providing the Registration Server Auto Tasks has been renamed from teamdrive to td-regserver and is now based on the yvvad daemon instead of the PrimeBase Application Client pbac. Please make sure to update any monitoring systems that check for the existence of running processes. The configuration of the td-regserver background service is stored in file /etc/td-regserver.conf.
  • The PBT-based code of the Registration Server is no longer installed in the directory /usr/local/primebase. The content of the td-regserver RPM package has been restructured and relocated to the directory /opt/teamdrive/regserver.

Registration Server Functionality

  • Added support for the new business model introduced with TeamDrive 4 Clients (e.g. full support for trial licenses with an expiration date, restricted Client functionality via Client settings).
  • The CSV import of user accounts is no longer performed by a cron job running a separate PHP script anymore. Instead, there is now an additional “CSV Import” Auto Task that provides this functionality.
  • Email and HTML activation page templates are no longer stored and managed in the Registration Server’s file system. Instead, they are now stored in the Registration Server’s database and managed via the Registration Server Administration Console. During an upgrade from a previous version, any existing template files will be imported from the file system into the database. As a result, the following server settings have have been deprecated and will be removed during an upgrade: PathToEMailTemplates, ActivationURL, ActivationHtdocsPath, HTDocsDirectory.
  • The “Move Store Forward Messages” Auto Task has been removed, as it’s no longer required. Store Forward invitations are now forwarded automatically, when a user activates the new account.
  • Some license related provider settings have been moved from the CLIENT category to the more appropriate LICENSE category, namely CLIENT_DEFAULTLICREF, DEFAULT_FREE_FEATURE and DEFAULT_LICENSEKEY.
  • The provider setting API/API_USE_SSL_FOR_HOST has been moved into the more appropriate HOSTSERVER category.
  • A number of Registration Server Settings that used to apply to all providers hosted on a Registration Server can now be defined on the provider level. The following provider settings have been added:
    • API/API_REQUEST_LOGGING: Set to True to enable logging of API requests in the API log. The value is False by default.
    • EMAIL/USE_SENDER_EMAIL: Set to True if you wish to use the actual email address of the user when sending emails to unregistered users, otherwise the value of EMAIL_SENDER_EMAIL is always used.
    • HOSTSERVER/AUTO_DISTRIBUTE_DEPOT: Set to True if the Depot should be distributed automatically.
    • LICENSE/ALLOW_CREATE_LICENSE: Set to True to allow the creation of licenses. The value is False by default and can only be changed by the default provider.
    • LICENSE/ALLOW_MANAGE_LICENSE: Set to True to allow the management of existing licenses. The value is False by default and can only be changed by the default provider.
  • Log messages and errors from the Yvva-based Registration Server components as well as the Administration Console can now be logged via syslog as well.

Registration Server API

Numerous enhancements and additions to the Registration Server API, to provide more functionality for integrating with external applications (e.g. web shops).

  • Added API call deletelicense, which marks a license as “deleted”. The API call cancellicense will set a license to “disabled” instead of “deleted” now.
  • Added API call tdnslookup, which performs a lookup at the TeamDrive Name Service (TDNS) to find a given user’s Registration Server.
  • Added new functions: deactivateuser, disableuser, enableuser, updated API reference documentation accordingly.
  • Added new function setdepartment to set the department reference for a user.

Administration Console

Various security and usability enhancements as well as modifications to support changes made to the Registration Server API and functionality.

Usability Improvements

  • Re-organized the navigation for the various Administraion Console pages, ordered and grouped them in a more logical fashion.
  • Error messages when making changes to the Provider or Registration Server Settings are now displayed more prominently.
  • The Administration Console now prohibits the manual creation of Depot files for system accounts such as a Host Server’s tdhosting-<hostname> user.
  • The workflow of the Create Depot page has been reworked to be more straightforward, and will perform better validation to prevent users from different providers getting assigned to the same Depot. The form now also allows creating a depot as the default depot for the selected user. (REGSERVER-700, REGSERVER-907, REGSERVER-913)
  • The login page now displays a notice to enable JavaScript if JavaScript is disabled in the user’s browser. (REGSERVER-916)
  • You can now filter the license table by expiry date, contract number, and holder email. The contract number and holder email have been added to the table, and the rest of the columns have been compacted slightly to create more space. (REGSERVER-885)
  • Trial licenses are marked with a “Trial: <end date>” tag in the “More Details” section of the user overview table, the user editing page, and the license overview. (REGSERVER-891)
  • The user overview will display ‘N/A’ rather than ‘Free’ as the user’s highest license, if the user has no installations yet. (REGSERVER-904)
  • Banner management: Example banner elements are now downloaded with an appropriate file name. (REGSERVER-725)
  • Searching for a username on the main user list is now case insensitive when the entire username is provided. (REGSERVER-906)
  • Most of the input forms on the Administration Console will automatically trim leading and trailing whitespace from text fields. (REGSERVER-912)
  • Can reset/delete multiple messages in the email queue at once (REGSERVER-773)
  • Can delete multiple CSV-import log files at once (REGSERVER-990)
  • The email templates are sorted into categories which can be shown or hidden. Categories of templates that are not relevant (based on provider settings) are hidden by default (REGSERVER-1026)
  • The create-provider dialog will only show the TDNS related fields if TDNS access is enabled in the registration server settings (REGSERVER-1032)
  • Multiple spaces can be deleted at once, without requiring a complete page reload (REGSERVER-573)
  • Deleted licenses are hidden by default, and can be shown by setting a filter option (REGSERVER-825)
  • Merged the “LoginSecurity” server settings group into the “Security” group
  • Edited some table column labels to be more descriptive (REGSERVER-1057)

Security Enhancements

  • The Administration Console can now be configured to require two-factor authentication via email for users that want to log in. The provider-specific setting LOGIN/LOGIN_TWO_FACTOR_AUTH can be used to enable this feature. Two-factor authentication is disabled by default.
  • A Password complexity level is now indicated when creating/changing passwords.
  • Security relevant events are logged either into a local log file /var/log/td-adminconsole.log or via syslog. In particular, the following events are logged:
    • Failed logins
    • Failed two-factor authorization attempts
    • Changes to security-related Provider/Server settings (e.g. login timeouts, API access lists, etc.)
    • Password changes
    • Changes to the privileges of user accounts
    • Failed session validations
  • If the account being logged into already has an active session, require a two-factor authentication step.
  • Added server settings that can be used to limit the number of records that may be viewed in the console. (SearchResultLimit, UserRecordLimit, UserRecordLimitInterval)
  • When logging in to an account that already has an active session, there is the option to immediately end existing sessions (after completing the two- factor authentication step) (REGSERVER-1036)
  • The Manage Servers page no longer lists all servers on the TDNS network. Instead, there is an option to either enable/disable communication with all other Registration Servers, and exceptions to the chosen default need to be set by entering the exact server name. This is done so that the name of a customer’s Registration Server is not automatically visible to everyone else on the TDNS network (REGSERVER-1042).

Added Functionality

  • It is now possible to edit the list of users belonging to a Space Depot on the user editing page (REGSERVER-905). Editing of Depots (change limits, delete, activate, etc.) now takes place in a separate dialogue.
  • Added a page that can be used to edit the HTML templates for web pages.
  • The Administration Console now adds the <changeinfo> tag to the following Host Server API calls: createDepot, (de)activateDepot, and createDepot.
  • Added functionality to resend Depot information to the user. (REGSERVER-896)
  • The Administration Console now uses the Registration Server API to enable/disable/wipe user accounts. (REGSERVER-803)
  • Licenses will now be marked as “deleted” with the new deletelicense API function. (REGSERVER-883)
  • Removing a user from a license will now also remove that license from the user’s devices. (REGSERVER-720)
  • Licenses are edited strictly via the API, added the Send email button to all forms, made license type editable.
  • Added support for the new API calls, added support to manage the new license feature flag “Restricted Client” (which allows to enable configurable Client-side restrictions like the maximum number of Spaces).
  • Client log files and support requests can now be viewed on the “Download Client Log Files” page. The default provider can view log files for all providers. (REGSERVER-1025 and REGSERVER-1024)
  • If the default provider has assigned a hostserver to another provider via the HOST_SERVER_NAME setting, the other provider will be able to create depots on that server even if the provider would not normally have access to the server

Change Log - Version 3.5

3.5.1 (2015-11-04)

  • Fixed api call “setdepotforuser” and “removedepotfromuser”: The depot information sent to the clients used a wrong format (REGSERVER-1085)
  • API log view in the admin console will now display API requests from the Web-Portal (REGSERVER-1083)
  • Greetings macro was not replaced in mail templates (REGSERVER-1079)
  • Added hint in the admin console to show if the background task for sending mails and processing other background tasks is running (REGSERVER-1078)
  • Added API call “changelicensepassword” (REGSERVER-1075) and use bcrypt for license password encryption (REGSERVER-965)
  • Fixed API access in the Apache configuration using the URL from older API documentations (using ../td2api/.. in the URL instead of ../td2as/..) (REGSERVER-1071)
  • Fixed deleting a depot for an user in the admin console. Depot was deleted on the Host Server, but the reference on the Registration Server was not removed (REGSERVER-1070)
  • Fixed access to missing language column in the email change confirmation page (REGSERVER-1069)
  • Fixed wrong path to tdlibs-library folder in upload.php (REGSERVER-1067)
  • Changed the default value for the setting TDNSAutoWhiteList to True (REGSERVER-1072) and handle the special case of the Master-Server when changing the setting back to false in the admin console. Master-Server could only be disabled when using a white label client (REGSERVER-1073)
  • Fixed api call “getusedlicense” to avoid duplicate usernames in user list (REGSERVER-1066)
  • Fixed connecting TeamDrive Master Server during the setup in case of server-type “standalone” (REGSERVER-1064)
  • Replaced TeamDrive 3 screenshot with TeamDrive 4 in chapter “TeamDrive Client-Server interaction” (REGSERVER-977)
  • Added hint in documentation to enable HTTPS for the API communication between Registration Server and Hosting Server (REGSERVER-499)

3.5.0 (2015-09-21)

  • Initial release.