Release Notes - Version 3.5¶
TeamDrive Registration Server version 3.5 is the next major public release following after version 3.0.018.
Note
Please note the the version numbering scheme for the Registration Server has been changed starting with version 3.5. The first two digits of the version string now identify a released version with a fixed feature set. The third digit, e.g. “3.5.1” now identifies the patch version, which increases for every public release that includes backwards-compatible bug or security fixes. A fourth digit identifies the build number and ususually remains at zero, unless a rebuild/republishing of a release based on the same code base has to be performed (e.g. to fix a build or packaging issue that has no effect on the functionality or feature set).
Version 3.5 of the Registration Server contains the following features and notable differences compared to version 3.0.018. This includes all changes made for version 3.0.019, which was an internal interim release used to deploy and test most of the new functionality described below.
Installation¶
- The initial configuration and initialization of a Registration Server is no
longer performed by filling out the
RegServerSetup.xml
file and running theRegServerSetup.pbt
script on the command line. Instead, a web-based setup process has been implemented, which guides the administrator through the steps involved. - The Registration Server no longer depends on the PrimeBase Application
Environment (e.g. the
mod_pbt
Apache module or thepbac
command line client), provided by the RPM packagePrimeBase_TD
in version 3.0.018). Instead, it is now based on the Yvva Runtime Environment which is already used for the TeamDrive Host Server since version 3.0.013 and newer. The environment is provided by theyvva
RPM package, which will automatically replace any installedPrimeBase_TD
RPM package during an upgrade. The central log file/var/log/td-regserver.log
is the central log location for all Yvva-based components; the previous log files (e.g./var/log/pbt_mod.trace
,/var/log/pbvm.log
or/var/log/pbac_mailer.log
) will no longer be used. - The Apache HTTP Server configuration file for the Registration Server has
been renamed from
/etc/httpd/conf.d/pbt.conf
to/etc/httpd/conf.d/td-regserver.httpd.conf
. - The installation no longer requires the Apache HTTP Server to be configured using the “worker” MPM, which simplifies the overall installation and configuration of the base operating system and allows for using the PHP Apache module instead of the FastCGI implementation for the Administration Console.
- The login credentials required to access the Registration Server’s MySQL
database server are now stored in a single configuration file
/etc/td-regserver.my.cnf
, which is consulted by all components (e.g. the Administration Console, Registration Server or the Auto Task background service). - The background service providing the Registration Server Auto Tasks has been
renamed from
teamdrive
totd-regserver
and is now based on theyvvad
daemon instead of the PrimeBase Application Clientpbac
. Please make sure to update any monitoring systems that check for the existence of running processes. The configuration of thetd-regserver
background service is stored in file/etc/td-regserver.conf
. - The PBT-based code of the Registration Server is no longer
installed in the directory
/usr/local/primebase
. The content of thetd-regserver
RPM package has been restructured and relocated to the directory/opt/teamdrive/regserver
.
Registration Server Functionality¶
- Added support for the new business model introduced with TeamDrive 4 Clients (e.g. full support for trial licenses with an expiration date, restricted Client functionality via Client settings).
- The CSV import of user accounts is no longer performed by a cron job running a separate PHP script anymore. Instead, there is now an additional “CSV Import” Auto Task that provides this functionality.
- Email and HTML activation page templates are no longer stored and managed in
the Registration Server’s file system. Instead, they are now stored in the
Registration Server’s database and managed via the Registration Server
Administration Console. During an upgrade from a previous version, any
existing template files will be imported from the file system into the
database. As a result, the following server settings have have been
deprecated and will be removed during an upgrade:
PathToEMailTemplates
,ActivationURL
,ActivationHtdocsPath
,HTDocsDirectory
. - The “Move Store Forward Messages” Auto Task has been removed, as it’s no longer required. Store Forward invitations are now forwarded automatically, when a user activates the new account.
- Some license related provider settings have been moved from the
CLIENT
category to the more appropriateLICENSE
category, namelyCLIENT_DEFAULTLICREF
,DEFAULT_FREE_FEATURE
andDEFAULT_LICENSEKEY
. - The provider setting
API/API_USE_SSL_FOR_HOST
has been moved into the more appropriateHOSTSERVER
category. - A number of Registration Server Settings that used to apply to all providers
hosted on a Registration Server can now be defined on the provider level.
The following provider settings have been added:
API/API_REQUEST_LOGGING
: Set toTrue
to enable logging of API requests in the API log. The value isFalse
by default.EMAIL/USE_SENDER_EMAIL
: Set toTrue
if you wish to use the actual email address of the user when sending emails to unregistered users, otherwise the value ofEMAIL_SENDER_EMAIL
is always used.HOSTSERVER/AUTO_DISTRIBUTE_DEPOT
: Set toTrue
if the Depot should be distributed automatically.LICENSE/ALLOW_CREATE_LICENSE
: Set toTrue
to allow the creation of licenses. The value isFalse
by default and can only be changed by the default provider.LICENSE/ALLOW_MANAGE_LICENSE
: Set toTrue
to allow the management of existing licenses. The value isFalse
by default and can only be changed by the default provider.
- Log messages and errors from the Yvva-based Registration Server components
as well as the Administration Console can now be logged via
syslog
as well.
Registration Server API¶
Numerous enhancements and additions to the Registration Server API, to provide more functionality for integrating with external applications (e.g. web shops).
- Added API call
deletelicense
, which marks a license as “deleted”. The API callcancellicense
will set a license to “disabled” instead of “deleted” now. - Added API call
tdnslookup
, which performs a lookup at the TeamDrive Name Service (TDNS) to find a given user’s Registration Server. - Added new functions:
deactivateuser
,disableuser
,enableuser
, updated API reference documentation accordingly. - Added new function
setdepartment
to set the department reference for a user.
Administration Console¶
Various security and usability enhancements as well as modifications to support changes made to the Registration Server API and functionality.
Usability Improvements¶
- Re-organized the navigation for the various Administraion Console pages, ordered and grouped them in a more logical fashion.
- Error messages when making changes to the Provider or Registration Server Settings are now displayed more prominently.
- The Administration Console now prohibits the manual creation of Depot files
for system accounts such as a Host Server’s
tdhosting-<hostname>
user. - The workflow of the Create Depot page has been reworked to be more straightforward, and will perform better validation to prevent users from different providers getting assigned to the same Depot. The form now also allows creating a depot as the default depot for the selected user. (REGSERVER-700, REGSERVER-907, REGSERVER-913)
- The login page now displays a notice to enable JavaScript if JavaScript is disabled in the user’s browser. (REGSERVER-916)
- You can now filter the license table by expiry date, contract number, and holder email. The contract number and holder email have been added to the table, and the rest of the columns have been compacted slightly to create more space. (REGSERVER-885)
- Trial licenses are marked with a “Trial: <end date>” tag in the “More Details” section of the user overview table, the user editing page, and the license overview. (REGSERVER-891)
- The user overview will display ‘N/A’ rather than ‘Free’ as the user’s highest license, if the user has no installations yet. (REGSERVER-904)
- Banner management: Example banner elements are now downloaded with an appropriate file name. (REGSERVER-725)
- Searching for a username on the main user list is now case insensitive when the entire username is provided. (REGSERVER-906)
- Most of the input forms on the Administration Console will automatically trim leading and trailing whitespace from text fields. (REGSERVER-912)
- Can reset/delete multiple messages in the email queue at once (REGSERVER-773)
- Can delete multiple CSV-import log files at once (REGSERVER-990)
- The email templates are sorted into categories which can be shown or hidden. Categories of templates that are not relevant (based on provider settings) are hidden by default (REGSERVER-1026)
- The create-provider dialog will only show the TDNS related fields if TDNS access is enabled in the registration server settings (REGSERVER-1032)
- Multiple spaces can be deleted at once, without requiring a complete page reload (REGSERVER-573)
- Deleted licenses are hidden by default, and can be shown by setting a filter option (REGSERVER-825)
- Merged the “LoginSecurity” server settings group into the “Security” group
- Edited some table column labels to be more descriptive (REGSERVER-1057)
Security Enhancements¶
- The Administration Console can now be configured to require two-factor
authentication via email for users that want to log in. The
provider-specific setting
LOGIN/LOGIN_TWO_FACTOR_AUTH
can be used to enable this feature. Two-factor authentication is disabled by default. - A Password complexity level is now indicated when creating/changing passwords.
- Security relevant events are logged either into a local log file
/var/log/td-adminconsole.log
or viasyslog
. In particular, the following events are logged:- Failed logins
- Failed two-factor authorization attempts
- Changes to security-related Provider/Server settings (e.g. login timeouts, API access lists, etc.)
- Password changes
- Changes to the privileges of user accounts
- Failed session validations
- If the account being logged into already has an active session, require a two-factor authentication step.
- Added server settings that can be used to limit the number of records that
may be viewed in the console. (
SearchResultLimit
,UserRecordLimit
,UserRecordLimitInterval
) - When logging in to an account that already has an active session, there is the option to immediately end existing sessions (after completing the two- factor authentication step) (REGSERVER-1036)
- The
Manage Servers
page no longer lists all servers on the TDNS network. Instead, there is an option to either enable/disable communication with all other Registration Servers, and exceptions to the chosen default need to be set by entering the exact server name. This is done so that the name of a customer’s Registration Server is not automatically visible to everyone else on the TDNS network (REGSERVER-1042).
Added Functionality¶
- It is now possible to edit the list of users belonging to a Space Depot on the user editing page (REGSERVER-905). Editing of Depots (change limits, delete, activate, etc.) now takes place in a separate dialogue.
- Added a page that can be used to edit the HTML templates for web pages.
- The Administration Console now adds the
<changeinfo>
tag to the following Host Server API calls:createDepot
,(de)activateDepot
, andcreateDepot
. - Added functionality to resend Depot information to the user. (REGSERVER-896)
- The Administration Console now uses the Registration Server API to enable/disable/wipe user accounts. (REGSERVER-803)
- Licenses will now be marked as “deleted” with the new
deletelicense
API function. (REGSERVER-883) - Removing a user from a license will now also remove that license from the user’s devices. (REGSERVER-720)
- Licenses are edited strictly via the API, added the Send email button to all forms, made license type editable.
- Added support for the new API calls, added support to manage the new license feature flag “Restricted Client” (which allows to enable configurable Client-side restrictions like the maximum number of Spaces).
- Client log files and support requests can now be viewed on the “Download Client Log Files” page. The default provider can view log files for all providers. (REGSERVER-1025 and REGSERVER-1024)
- If the default provider has assigned a hostserver to another provider via the HOST_SERVER_NAME setting, the other provider will be able to create depots on that server even if the provider would not normally have access to the server
Change Log - Version 3.5¶
3.5.8 (2016-08-26)¶
Note
Version 3.5.8 will fix an error in the depot documents as described below in REGSERVER-1141. To save the successull update the file /var/opt/td-regserver/StartupCache.pbt will be updated. This might fail in case of the wrong user “root” ownership. Please correct the ownership with:
chown apache:apache /var/opt/td-regserver/StartupCache.pbt
Note
Updating the registration server on CentOS 7 with “yum update” might
update the apache to a newer version. This update could re-install the
deleted “conf”-files in the folder /etc/httpd/conf.modules.d/
and will
prevent starting the apache. Please follow the modified instruction to
disable all modules in the “conf”-files instead of deleting them as
described in Apache 2.4 (CentOS 7)
- Documented additional client settings and ordered client settings alphabetically.
- Fixed the problem that email notifications, such as comments on files, to users on other Registration Servers were ignored. In future, only registered and activated users will be able to send emails. However, the sender can specify an email address instead of a username, in order to send a notification to non-registered users, or users on other Regisration Servers (REGSERVER-1147).
- The Host Server may return a Depot document with a SERVERFLAGS field with an incorrect terminator. These documents will be corrected in the database and when returned by the Host Server (REGSERVER-1141).
- Fixed a bug in “wipedevice” API call (REGSERVER-1139)
- The adminconsole will make requests to hostservers over the hostserver proxy, if one is configured (REGSERVER-1148)
3.5.7 (2016-07-12)¶
- Fixed a bug in “createlicense” API call: if the user has no other default license, then the created license will now be correctly set as the default.
- The [[GREETING]] in emails templates: “inv-user-invited-passwd” and “inv-user-invited”, incorrectly used the name of the sender of the invitation, instead if the invitee (REGSERVER-1136).
- Deleting users, depots, or spaces in the Adminconsole now requires the user to type the word ‘DELETE’ in a confirmation dialog, to prevent accidental deletion (REGSERVER-1133)
3.5.6 (2016-06-21)¶
The ssl configuration has changed. All settings are now located in a separate configuration file. Please remove the old configuration in your ssl.conf:
RewriteEngine on RewriteLogLevel 0 RewriteLog "/var/log/httpd/rewrite.log" RewriteRule ^/setup$ /setup/ [R] RewriteRule ^/setup(.*) /yvva/setup$1 [PT] RewriteRule ^/pbas/td2as/(.*)$ /yvva/$1 [PT] RewriteRule ^/pbas/td2api/(.*)$ /yvva/$1 [PT]
and add the new include as described in chapter Configure mod_ssl
The authenticate call now handles authentication tokens that do not contain an email address. The allows an external Authentication Service prevent the automatic creation of a user if the user does not exist.
If the email address is missing from the authentication token then the Registration Server will return the “user not found” error if the user ID in the authentication does not match an existing user.
As before the user ID in the token is compared to the “External Authentication ID” field of the user. This field can be edited in the Admin Console, if
USE_AUTH_SERVICE
is enabled (set toTrue
). If users are not created automatically then it is most likely that this field must be set manually when the user is created.The alternative is to import the value of the “External Authentication ID” when creating and users using the CSV import facility.
Updated Yvva version to 1.3.6 (required with CentOS 7)
3.5.5 (2016-05-14)¶
Add support for CentOS 7 with apache 2.4
When a user is removed, if the users licenses are not removed, the licenses are now correctly freed so the may be assigned to another user (REGSERVER-1120) . Note that the default license is no longer a default license when freed.
Corrected handling of default license. This could be overbooked (REGSERVER-1119). If a default license is assigned to the owner, and it is overbooked, then it will now be automatically removed from a number of users as required. Removal begins with less active users (users that accessed a device more recently will be favoured when removing licences).
When a license is removed, the user license is reset to the user’s default. Note that this may fail if the user is not the owner of his/her default license, which may be the case when using the
DEFAULT_LICENSEKEY
Provider setting.When changing the Provider of a user update of TDNS was not correct in the case when the case-sensitivity of usernames changed (REGSERVER-361).
The order of the XML tags in the API documentation now matches the actually order of tags returned by the server. Some tags that were ommitted have been added (REGSERVER-949).
Added
<intresult>
tag to result of “createlicense” API call.No longer send email notification message for 4.3.1 clients, because they are able to synchronise user data using the “mod protocol” (REGSERVER-1110).
3.5.4 (2016-01-25)¶
- The contents of the <message> tag in an exception was not correctly encoded which lead to invalid XML returned by the DISTRIBUTOR_REDIRECT (-30004) exception, which includes a URL in the message tag.
- Fixed a crash which could occur when assigning a license to a user with a device that was not activated (REGSERVER-1104)
- /bal/*html and /act/*html URLs were incorrectly returning “text/xml” as content type. This has been changed to “text/html” (REGSERVER-1106).
3.5.3 (2016-01-14)¶
Added a “Registration Server How To’s” chapter to the Admin Guide.
The transfer limit for depots on hostservers that do not enforce the traffic limit is now displayed as ‘Unlimited’ (REGSERVER-742)
Added ‘,’ to the reserved characters that are not allowed in usernames. This is in addition to ‘;’ and ‘$’.
When
DEFAULT_LICENSEKEY
is specified the settingPROFESSIONAL_TRIAL_PERIOD
no longer has an effect. It is considered to be 0, which means that no trial period is available.ClientPollInterval
was incorrectly stored in the database in seconds by the Admin Console. The unit used in the database is 0.2 seconds (i.e. seconds x 5). This has been corrected. Default value is 60 seconds, as before.Fixed a bug editing / deleting depots belonging to a provider other than the default provider
The “registeruser” API call will now always returns a <username> tag as well as the standard <intresult> tag on success. For example:
<teamdrive><username>$NEW1-1061</username><intresult>0</intresult></teamdrive>
This is useful if the caller wishes to know the magic username generated by the server (REGSERVER-838).
Implemented “one-off-secureoffice-trial” license purchase. This will allow users to start a trial period when using the SecureOffice version of TeamDrive.
Removed the following Registration Server settings:
MediaURL
,NotificationURL
,RedirectorURL
,UpdateAvailableURL
. All these Settings now use hard-coded URLs that reference the Registration Server (REGSERVER-1100).Removed all references to
providerinfo.html
andclientinfopage.php
. These were used as default redirect pages. Now, if no redirect URL is set, the Registration Server will return a HTML page with a messsage. For example, if a forum URL is not specified by the Provider (REDIRECT_FORUM
setting), or in the Registration Server setting (ForumURL
), then a page with the message: “Sorry, your service provider has not specified a forum page”, will be returned (REGSERVER-1080).The
LoadBalancerURL
may contain multiple URLs separated by a ‘|’ character. In this case, the TeamDrive Clients will automatically use a different URL for each call the Registration Server.Removed
BalanceURL
Registration Server setting. TeamDrive Clients that still use this setting will be directed to a hard-coded URL on the Registration Server:http://<reg-server-domain>/pbas/td2as/bal/server.xml
(REGSERVER-917).Fixed the “MAIL FROM:” header in emails sent. The Reg Server now correctly sets this field according to the
MAIL_SENDER_EMAIL
Provider setting (REGSERVER-1099)If a user is created via the API, or by CSV import, then it may not be known which language the user will use. In this case the language may be set to “-”. The “-” will be ignored by the TeamDrive Client. API calls will return the default language in this case (REGSERVER-1097)
Fixed a bug: the language passed to the Reg Server on registration was incorrectly converted to upper case and stripped of the location information. The unconverted language sent by the Client is now stored in the database (REGSERVER-1097)
Fixed a bug in the admin console displaying the license language when editing (REGSERVER-1096)
The Reg Server now supports a single Web Portal that manages internet access for multiple providers. This means that Multiple providers can use the same IP number in the
API_WEB_PORTAL_IP
setting (REGSERVER-1095)
3.5.2 (2015-12-04)¶
- Changed API function “confirmuserdelete”: allow using the call without sending the user password (REGSERVER-1089)
- Fixed sending Store Forward invitation for a “standalone” Registration Server (REGSERVER-1092)
- Fixed API function “setdistributor” to handle more than one depot in case of switchdepot = true (REGSERVER-1087)
- Fixed sending a store forward invitation in case of device not found fails, if sender is registered at a foreign Reg-Server (REGSERVER-1088)
- AdminConsole: Fixed misleading error message in case of deleting a user
3.5.1 (2015-11-04)¶
- Fixed api call “setdepotforuser” and “removedepotfromuser”: The depot information sent to the clients used a wrong format (REGSERVER-1085)
- API log view in the admin console will now display API requests from the Web-Portal (REGSERVER-1083)
- Greetings macro was not replaced in mail templates (REGSERVER-1079)
- Added hint in the admin console to show if the background task for sending mails and processing other background tasks is running (REGSERVER-1078)
- Added API call “changelicensepassword” (REGSERVER-1075) and use bcrypt for license password encryption (REGSERVER-965)
- Fixed API access in the Apache configuration using the URL from older API documentations (using ../td2api/.. in the URL instead of ../td2as/..) (REGSERVER-1071)
- Fixed deleting a depot for an user in the admin console. Depot was deleted on the Host Server, but the reference on the Registration Server was not removed (REGSERVER-1070)
- Fixed access to missing language column in the email change confirmation page (REGSERVER-1069)
- Fixed wrong path to tdlibs-library folder in upload.php (REGSERVER-1067)
- Changed the default value for the setting TDNSAutoWhiteList to
True
(REGSERVER-1072) and handle the special case of the Master-Server when changing the setting back to false in the admin console. Master-Server could only be disabled when using a white label client (REGSERVER-1073) - Fixed api call “getusedlicense” to avoid duplicate usernames in user list (REGSERVER-1066)
- Fixed connecting TeamDrive Master Server during the setup in case of server-type “standalone” (REGSERVER-1064)
- Replaced TeamDrive 3 screenshot with TeamDrive 4 in chapter “TeamDrive Client-Server interaction” (REGSERVER-977)
- Added hint in documentation to enable HTTPS for the API communication between Registration Server and Hosting Server (REGSERVER-499)
3.5.0 (2015-09-21)¶
- Initial release.