Release Notes - Version 3.5

TeamDrive Registration Server version 3.5 is the next major public release following after version 3.0.018.

Note

Please note the the version numbering scheme for the Registration Server has been changed starting with version 3.5. The first two digits of the version string now identify a released version with a fixed feature set. The third digit, e.g. “3.5.1” now identifies the patch version, which increases for every public release that includes backwards-compatible bug or security fixes. A fourth digit identifies the build number and ususually remains at zero, unless a rebuild/republishing of a release based on the same code base has to be performed (e.g. to fix a build or packaging issue that has no effect on the functionality or feature set).

Version 3.5 of the Registration Server contains the following features and notable differences compared to version 3.0.018. This includes all changes made for version 3.0.019, which was an internal interim release used to deploy and test most of the new functionality described below.

Installation

  • The initial configuration and initialization of a Registration Server is no longer performed by filling out the RegServerSetup.xml file and running the RegServerSetup.pbt script on the command line. Instead, a web-based setup process has been implemented, which guides the administrator through the steps involved.
  • The Registration Server no longer depends on the PrimeBase Application Environment (e.g. the mod_pbt Apache module or the pbac command line client), provided by the RPM package PrimeBase_TD in version 3.0.018). Instead, it is now based on the Yvva Runtime Environment which is already used for the TeamDrive Host Server since version 3.0.013 and newer. The environment is provided by the yvva RPM package, which will automatically replace any installed PrimeBase_TD RPM package during an upgrade. The central log file /var/log/td-regserver.log is the central log location for all Yvva-based components; the previous log files (e.g. /var/log/pbt_mod.trace, /var/log/pbvm.log or /var/log/pbac_mailer.log) will no longer be used.
  • The Apache HTTP Server configuration file for the Registration Server has been renamed from /etc/httpd/conf.d/pbt.conf to /etc/httpd/conf.d/td-regserver.httpd.conf.
  • The installation no longer requires the Apache HTTP Server to be configured using the “worker” MPM, which simplifies the overall installation and configuration of the base operating system and allows for using the PHP Apache module instead of the FastCGI implementation for the Administration Console.
  • The login credentials required to access the Registration Server’s MySQL database server are now stored in a single configuration file /etc/td-regserver.my.cnf, which is consulted by all components (e.g. the Administration Console, Registration Server or the Auto Task background service).
  • The background service providing the Registration Server Auto Tasks has been renamed from teamdrive to td-regserver and is now based on the yvvad daemon instead of the PrimeBase Application Client pbac. Please make sure to update any monitoring systems that check for the existence of running processes. The configuration of the td-regserver background service is stored in file /etc/td-regserver.conf.
  • The PBT-based code of the Registration Server is no longer installed in the directory /usr/local/primebase. The content of the td-regserver RPM package has been restructured and relocated to the directory /opt/teamdrive/regserver.

Registration Server Functionality

  • Added support for the new business model introduced with TeamDrive 4 Clients (e.g. full support for trial licenses with an expiration date, restricted Client functionality via Client settings).
  • The CSV import of user accounts is no longer performed by a cron job running a separate PHP script anymore. Instead, there is now an additional “CSV Import” Auto Task that provides this functionality.
  • Email and HTML activation page templates are no longer stored and managed in the Registration Server’s file system. Instead, they are now stored in the Registration Server’s database and managed via the Registration Server Administration Console. During an upgrade from a previous version, any existing template files will be imported from the file system into the database. As a result, the following server settings have have been deprecated and will be removed during an upgrade: PathToEMailTemplates, ActivationURL, ActivationHtdocsPath, HTDocsDirectory.
  • The “Move Store Forward Messages” Auto Task has been removed, as it’s no longer required. Store Forward invitations are now forwarded automatically, when a user activates the new account.
  • Some license related provider settings have been moved from the CLIENT category to the more appropriate LICENSE category, namely CLIENT_DEFAULTLICREF, DEFAULT_FREE_FEATURE and DEFAULT_LICENSEKEY.
  • The provider setting API/API_USE_SSL_FOR_HOST has been moved into the more appropriate HOSTSERVER category.
  • A number of Registration Server Settings that used to apply to all providers hosted on a Registration Server can now be defined on the provider level. The following provider settings have been added:
    • API/API_REQUEST_LOGGING: Set to True to enable logging of API requests in the API log. The value is False by default.
    • EMAIL/USE_SENDER_EMAIL: Set to True if you wish to use the actual email address of the user when sending emails to unregistered users, otherwise the value of EMAIL_SENDER_EMAIL is always used.
    • HOSTSERVER/AUTO_DISTRIBUTE_DEPOT: Set to True if the Depot should be distributed automatically.
    • LICENSE/ALLOW_CREATE_LICENSE: Set to True to allow the creation of licenses. The value is False by default and can only be changed by the default provider.
    • LICENSE/ALLOW_MANAGE_LICENSE: Set to True to allow the management of existing licenses. The value is False by default and can only be changed by the default provider.
  • Log messages and errors from the Yvva-based Registration Server components as well as the Administration Console can now be logged via syslog as well.

Registration Server API

Numerous enhancements and additions to the Registration Server API, to provide more functionality for integrating with external applications (e.g. web shops).

  • Added API call deletelicense, which marks a license as “deleted”. The API call cancellicense will set a license to “disabled” instead of “deleted” now.
  • Added API call tdnslookup, which performs a lookup at the TeamDrive Name Service (TDNS) to find a given user’s Registration Server.
  • Added new functions: deactivateuser, disableuser, enableuser, updated API reference documentation accordingly.
  • Added new function setdepartment to set the department reference for a user.

Administration Console

Various security and usability enhancements as well as modifications to support changes made to the Registration Server API and functionality.

Usability Improvements

  • Re-organized the navigation for the various Administraion Console pages, ordered and grouped them in a more logical fashion.
  • Error messages when making changes to the Provider or Registration Server Settings are now displayed more prominently.
  • The Administration Console now prohibits the manual creation of Depot files for system accounts such as a Host Server’s tdhosting-<hostname> user.
  • The workflow of the Create Depot page has been reworked to be more straightforward, and will perform better validation to prevent users from different providers getting assigned to the same Depot. The form now also allows creating a depot as the default depot for the selected user. (REGSERVER-700, REGSERVER-907, REGSERVER-913)
  • The login page now displays a notice to enable JavaScript if JavaScript is disabled in the user’s browser. (REGSERVER-916)
  • You can now filter the license table by expiry date, contract number, and holder email. The contract number and holder email have been added to the table, and the rest of the columns have been compacted slightly to create more space. (REGSERVER-885)
  • Trial licenses are marked with a “Trial: <end date>” tag in the “More Details” section of the user overview table, the user editing page, and the license overview. (REGSERVER-891)
  • The user overview will display ‘N/A’ rather than ‘Free’ as the user’s highest license, if the user has no installations yet. (REGSERVER-904)
  • Banner management: Example banner elements are now downloaded with an appropriate file name. (REGSERVER-725)
  • Searching for a username on the main user list is now case insensitive when the entire username is provided. (REGSERVER-906)
  • Most of the input forms on the Administration Console will automatically trim leading and trailing whitespace from text fields. (REGSERVER-912)
  • Can reset/delete multiple messages in the email queue at once (REGSERVER-773)
  • Can delete multiple CSV-import log files at once (REGSERVER-990)
  • The email templates are sorted into categories which can be shown or hidden. Categories of templates that are not relevant (based on provider settings) are hidden by default (REGSERVER-1026)
  • The create-provider dialog will only show the TDNS related fields if TDNS access is enabled in the registration server settings (REGSERVER-1032)
  • Multiple spaces can be deleted at once, without requiring a complete page reload (REGSERVER-573)
  • Deleted licenses are hidden by default, and can be shown by setting a filter option (REGSERVER-825)
  • Merged the “LoginSecurity” server settings group into the “Security” group
  • Edited some table column labels to be more descriptive (REGSERVER-1057)

Security Enhancements

  • The Administration Console can now be configured to require two-factor authentication via email for users that want to log in. The provider-specific setting LOGIN/LOGIN_TWO_FACTOR_AUTH can be used to enable this feature. Two-factor authentication is disabled by default.
  • A Password complexity level is now indicated when creating/changing passwords.
  • Security relevant events are logged either into a local log file /var/log/td-adminconsole.log or via syslog. In particular, the following events are logged:
    • Failed logins
    • Failed two-factor authorization attempts
    • Changes to security-related Provider/Server settings (e.g. login timeouts, API access lists, etc.)
    • Password changes
    • Changes to the privileges of user accounts
    • Failed session validations
  • If the account being logged into already has an active session, require a two-factor authentication step.
  • Added server settings that can be used to limit the number of records that may be viewed in the console. (SearchResultLimit, UserRecordLimit, UserRecordLimitInterval)
  • When logging in to an account that already has an active session, there is the option to immediately end existing sessions (after completing the two- factor authentication step) (REGSERVER-1036)
  • The Manage Servers page no longer lists all servers on the TDNS network. Instead, there is an option to either enable/disable communication with all other Registration Servers, and exceptions to the chosen default need to be set by entering the exact server name. This is done so that the name of a customer’s Registration Server is not automatically visible to everyone else on the TDNS network (REGSERVER-1042).

Added Functionality

  • It is now possible to edit the list of users belonging to a Space Depot on the user editing page (REGSERVER-905). Editing of Depots (change limits, delete, activate, etc.) now takes place in a separate dialogue.
  • Added a page that can be used to edit the HTML templates for web pages.
  • The Administration Console now adds the <changeinfo> tag to the following Host Server API calls: createDepot, (de)activateDepot, and createDepot.
  • Added functionality to resend Depot information to the user. (REGSERVER-896)
  • The Administration Console now uses the Registration Server API to enable/disable/wipe user accounts. (REGSERVER-803)
  • Licenses will now be marked as “deleted” with the new deletelicense API function. (REGSERVER-883)
  • Removing a user from a license will now also remove that license from the user’s devices. (REGSERVER-720)
  • Licenses are edited strictly via the API, added the Send email button to all forms, made license type editable.
  • Added support for the new API calls, added support to manage the new license feature flag “Restricted Client” (which allows to enable configurable Client-side restrictions like the maximum number of Spaces).
  • Client log files and support requests can now be viewed on the “Download Client Log Files” page. The default provider can view log files for all providers. (REGSERVER-1025 and REGSERVER-1024)
  • If the default provider has assigned a hostserver to another provider via the HOST_SERVER_NAME setting, the other provider will be able to create depots on that server even if the provider would not normally have access to the server

Change Log - Version 3.5

3.5.9 (YYYY-MM-DD)

  • Added <showlicense>true/false</showlicense> tag to the “searchuser” API call. When set to true, license information is returned in the result. This includes <licensenumber>, <featurevalue> and <licensestatus> tags in the <user> tag which indicate the current license set for the user, and the features of the license. A <licenselist> tag is also returned with a list of the licenses that belong to the user.

3.5.8 (2016-08-26)

Note

Version 3.5.8 will fix an error in the depot documents as described below in REGSERVER-1141. To save the successull update the file /var/opt/td-regserver/StartupCache.pbt will be updated. This might fail in case of the wrong user “root” ownership. Please correct the ownership with:

chown apache:apache /var/opt/td-regserver/StartupCache.pbt

Note

Updating the registration server on CentOS 7 with “yum update” might update the apache to a newer version. This update could re-install the deleted “conf”-files in the folder /etc/httpd/conf.modules.d/ and will prevent starting the apache. Please follow the modified instruction to disable all modules in the “conf”-files instead of deleting them as described in Apache 2.4 (CentOS 7)

  • Documented additional client settings and ordered client settings alphabetically.
  • Fixed the problem that email notifications, such as comments on files, to users on other Registration Servers were ignored. In future, only registered and activated users will be able to send emails. However, the sender can specify an email address instead of a username, in order to send a notification to non-registered users, or users on other Regisration Servers (REGSERVER-1147).
  • The Host Server may return a Depot document with a SERVERFLAGS field with an incorrect terminator. These documents will be corrected in the database and when returned by the Host Server (REGSERVER-1141).
  • Fixed a bug in “wipedevice” API call (REGSERVER-1139)
  • The adminconsole will make requests to hostservers over the hostserver proxy, if one is configured (REGSERVER-1148)

3.5.7 (2016-07-12)

  • Fixed a bug in “createlicense” API call: if the user has no other default license, then the created license will now be correctly set as the default.
  • The [[GREETING]] in emails templates: “inv-user-invited-passwd” and “inv-user-invited”, incorrectly used the name of the sender of the invitation, instead if the invitee (REGSERVER-1136).
  • Deleting users, depots, or spaces in the Adminconsole now requires the user to type the word ‘DELETE’ in a confirmation dialog, to prevent accidental deletion (REGSERVER-1133)

3.5.6 (2016-06-21)

  • The ssl configuration has changed. All settings are now located in a separate configuration file. Please remove the old configuration in your ssl.conf:

    RewriteEngine on
    RewriteLogLevel 0
    RewriteLog "/var/log/httpd/rewrite.log"
    
    RewriteRule ^/setup$ /setup/ [R]
    RewriteRule ^/setup(.*) /yvva/setup$1 [PT]
    RewriteRule ^/pbas/td2as/(.*)$ /yvva/$1 [PT]
    RewriteRule ^/pbas/td2api/(.*)$ /yvva/$1 [PT]
    

    and add the new include as described in chapter Configure mod_ssl

  • The authenticate call now handles authentication tokens that do not contain an email address. The allows an external Authentication Service prevent the automatic creation of a user if the user does not exist.

    If the email address is missing from the authentication token then the Registration Server will return the “user not found” error if the user ID in the authentication does not match an existing user.

    As before the user ID in the token is compared to the “External Authentication ID” field of the user. This field can be edited in the Admin Console, if USE_AUTH_SERVICE is enabled (set to True). If users are not created automatically then it is most likely that this field must be set manually when the user is created.

    The alternative is to import the value of the “External Authentication ID” when creating and users using the CSV import facility.

  • Updated Yvva version to 1.3.6 (required with CentOS 7)

3.5.5 (2016-05-14)

  • Add support for CentOS 7 with apache 2.4

  • When a user is removed, if the users licenses are not removed, the licenses are now correctly freed so the may be assigned to another user (REGSERVER-1120) . Note that the default license is no longer a default license when freed.

  • Corrected handling of default license. This could be overbooked (REGSERVER-1119). If a default license is assigned to the owner, and it is overbooked, then it will now be automatically removed from a number of users as required. Removal begins with less active users (users that accessed a device more recently will be favoured when removing licences).

    When a license is removed, the user license is reset to the user’s default. Note that this may fail if the user is not the owner of his/her default license, which may be the case when using the DEFAULT_LICENSEKEY Provider setting.

  • When changing the Provider of a user update of TDNS was not correct in the case when the case-sensitivity of usernames changed (REGSERVER-361).

  • The order of the XML tags in the API documentation now matches the actually order of tags returned by the server. Some tags that were ommitted have been added (REGSERVER-949).

  • Added <intresult> tag to result of “createlicense” API call.

  • No longer send email notification message for 4.3.1 clients, because they are able to synchronise user data using the “mod protocol” (REGSERVER-1110).

3.5.4 (2016-01-25)

  • The contents of the <message> tag in an exception was not correctly encoded which lead to invalid XML returned by the DISTRIBUTOR_REDIRECT (-30004) exception, which includes a URL in the message tag.
  • Fixed a crash which could occur when assigning a license to a user with a device that was not activated (REGSERVER-1104)
  • /bal/*html and /act/*html URLs were incorrectly returning “text/xml” as content type. This has been changed to “text/html” (REGSERVER-1106).

3.5.3 (2016-01-14)

  • Added a “Registration Server How To’s” chapter to the Admin Guide.

  • The transfer limit for depots on hostservers that do not enforce the traffic limit is now displayed as ‘Unlimited’ (REGSERVER-742)

  • Added ‘,’ to the reserved characters that are not allowed in usernames. This is in addition to ‘;’ and ‘$’.

  • When DEFAULT_LICENSEKEY is specified the setting PROFESSIONAL_TRIAL_PERIOD no longer has an effect. It is considered to be 0, which means that no trial period is available.

  • ClientPollInterval was incorrectly stored in the database in seconds by the Admin Console. The unit used in the database is 0.2 seconds (i.e. seconds x 5). This has been corrected. Default value is 60 seconds, as before.

  • Fixed a bug editing / deleting depots belonging to a provider other than the default provider

  • The “registeruser” API call will now always returns a <username> tag as well as the standard <intresult> tag on success. For example:

    <teamdrive><username>$NEW1-1061</username><intresult>0</intresult></teamdrive>
    

    This is useful if the caller wishes to know the magic username generated by the server (REGSERVER-838).

  • Implemented “one-off-secureoffice-trial” license purchase. This will allow users to start a trial period when using the SecureOffice version of TeamDrive.

  • Removed the following Registration Server settings: MediaURL, NotificationURL, RedirectorURL, UpdateAvailableURL. All these Settings now use hard-coded URLs that reference the Registration Server (REGSERVER-1100).

  • Removed all references to providerinfo.html and clientinfopage.php. These were used as default redirect pages. Now, if no redirect URL is set, the Registration Server will return a HTML page with a messsage. For example, if a forum URL is not specified by the Provider (REDIRECT_FORUM setting), or in the Registration Server setting (ForumURL), then a page with the message: “Sorry, your service provider has not specified a forum page”, will be returned (REGSERVER-1080).

  • The LoadBalancerURL may contain multiple URLs separated by a ‘|’ character. In this case, the TeamDrive Clients will automatically use a different URL for each call the Registration Server.

  • Removed BalanceURL Registration Server setting. TeamDrive Clients that still use this setting will be directed to a hard-coded URL on the Registration Server: http://<reg-server-domain>/pbas/td2as/bal/server.xml (REGSERVER-917).

  • Fixed the “MAIL FROM:” header in emails sent. The Reg Server now correctly sets this field according to the MAIL_SENDER_EMAIL Provider setting (REGSERVER-1099)

  • If a user is created via the API, or by CSV import, then it may not be known which language the user will use. In this case the language may be set to “-”. The “-” will be ignored by the TeamDrive Client. API calls will return the default language in this case (REGSERVER-1097)

  • Fixed a bug: the language passed to the Reg Server on registration was incorrectly converted to upper case and stripped of the location information. The unconverted language sent by the Client is now stored in the database (REGSERVER-1097)

  • Fixed a bug in the admin console displaying the license language when editing (REGSERVER-1096)

  • The Reg Server now supports a single Web Portal that manages internet access for multiple providers. This means that Multiple providers can use the same IP number in the API_WEB_PORTAL_IP setting (REGSERVER-1095)

3.5.2 (2015-12-04)

  • Changed API function “confirmuserdelete”: allow using the call without sending the user password (REGSERVER-1089)
  • Fixed sending Store Forward invitation for a “standalone” Registration Server (REGSERVER-1092)
  • Fixed API function “setdistributor” to handle more than one depot in case of switchdepot = true (REGSERVER-1087)
  • Fixed sending a store forward invitation in case of device not found fails, if sender is registered at a foreign Reg-Server (REGSERVER-1088)
  • AdminConsole: Fixed misleading error message in case of deleting a user

3.5.1 (2015-11-04)

  • Fixed api call “setdepotforuser” and “removedepotfromuser”: The depot information sent to the clients used a wrong format (REGSERVER-1085)
  • API log view in the admin console will now display API requests from the Web-Portal (REGSERVER-1083)
  • Greetings macro was not replaced in mail templates (REGSERVER-1079)
  • Added hint in the admin console to show if the background task for sending mails and processing other background tasks is running (REGSERVER-1078)
  • Added API call “changelicensepassword” (REGSERVER-1075) and use bcrypt for license password encryption (REGSERVER-965)
  • Fixed API access in the Apache configuration using the URL from older API documentations (using ../td2api/.. in the URL instead of ../td2as/..) (REGSERVER-1071)
  • Fixed deleting a depot for an user in the admin console. Depot was deleted on the Host Server, but the reference on the Registration Server was not removed (REGSERVER-1070)
  • Fixed access to missing language column in the email change confirmation page (REGSERVER-1069)
  • Fixed wrong path to tdlibs-library folder in upload.php (REGSERVER-1067)
  • Changed the default value for the setting TDNSAutoWhiteList to True (REGSERVER-1072) and handle the special case of the Master-Server when changing the setting back to false in the admin console. Master-Server could only be disabled when using a white label client (REGSERVER-1073)
  • Fixed api call “getusedlicense” to avoid duplicate usernames in user list (REGSERVER-1066)
  • Fixed connecting TeamDrive Master Server during the setup in case of server-type “standalone” (REGSERVER-1064)
  • Replaced TeamDrive 3 screenshot with TeamDrive 4 in chapter “TeamDrive Client-Server interaction” (REGSERVER-977)
  • Added hint in documentation to enable HTTPS for the API communication between Registration Server and Hosting Server (REGSERVER-499)

3.5.0 (2015-09-21)

  • Initial release.