Release Notes - Version 3.5¶
TeamDrive Registration Server version 3.5 is the next major public release following after version 3.0.018.
Please note the the version numbering scheme for the Registration Server has been changed starting with version 3.5. The first two digits of the version string now identify a released version with a fixed feature set. The third digit, e.g. “3.5.1” now identifies the patch version, which increases for every public release that includes backwards-compatible bug or security fixes. A fourth digit identifies the build number and ususually remains at zero, unless a rebuild/republishing of a release based on the same code base has to be performed (e.g. to fix a build or packaging issue that has no effect on the functionality or feature set).
Version 3.5 of the Registration Server contains the following features and notable differences compared to version 3.0.018. This includes all changes made for version 3.0.019, which was an internal interim release used to deploy and test most of the new functionality described below.
- The initial configuration and initialization of a Registration Server is no
longer performed by filling out the
RegServerSetup.xmlfile and running the
RegServerSetup.pbtscript on the command line. Instead, a web-based setup process has been implemented, which guides the administrator through the steps involved.
- The Registration Server no longer depends on the PrimeBase Application
Environment (e.g. the
mod_pbtApache module or the
pbaccommand line client), provided by the RPM package
PrimeBase_TDin version 3.0.018). Instead, it is now based on the Yvva Runtime Environment which is already used for the TeamDrive Host Server since version 3.0.013 and newer. The environment is provided by the
yvvaRPM package, which will automatically replace any installed
PrimeBase_TDRPM package during an upgrade. The central log file
/var/log/td-regserver.logis the central log location for all Yvva-based components; the previous log files (e.g.
/var/log/pbac_mailer.log) will no longer be used.
- The Apache HTTP Server configuration file for the Registration Server has
been renamed from
- The installation no longer requires the Apache HTTP Server to be configured using the “worker” MPM, which simplifies the overall installation and configuration of the base operating system and allows for using the PHP Apache module instead of the FastCGI implementation for the Administration Console.
- The login credentials required to access the Registration Server’s MySQL
database server are now stored in a single configuration file
/etc/td-regserver.my.cnf, which is consulted by all components (e.g. the Administration Console, Registration Server or the Auto Task background service).
- The background service providing the Registration Server Auto Tasks has been
td-regserverand is now based on the
yvvaddaemon instead of the PrimeBase Application Client
pbac. Please make sure to update any monitoring systems that check for the existence of running processes. The configuration of the
td-regserverbackground service is stored in file
- The PBT-based code of the Registration Server is no longer
installed in the directory
/usr/local/primebase. The content of the
td-regserverRPM package has been restructured and relocated to the directory
Registration Server Functionality¶
- Added support for the new business model introduced with TeamDrive 4 Clients (e.g. full support for trial licenses with an expiration date, restricted Client functionality via Client settings).
- The CSV import of user accounts is no longer performed by a cron job running a separate PHP script anymore. Instead, there is now an additional “CSV Import” Auto Task that provides this functionality.
- Email and HTML activation page templates are no longer stored and managed in
the Registration Server’s file system. Instead, they are now stored in the
Registration Server’s database and managed via the Registration Server
Administration Console. During an upgrade from a previous version, any
existing template files will be imported from the file system into the
database. As a result, the following server settings have have been
deprecated and will be removed during an upgrade:
- The “Move Store Forward Messages” Auto Task has been removed, as it’s no longer required. Store Forward invitations are now forwarded automatically, when a user activates the new account.
- Some license related provider settings have been moved from the
CLIENTcategory to the more appropriate
- The provider setting
API/API_USE_SSL_FOR_HOSThas been moved into the more appropriate
- A number of Registration Server Settings that used to apply to all providers
hosted on a Registration Server can now be defined on the provider level.
The following provider settings have been added:
API/API_REQUEST_LOGGING: Set to
Trueto enable logging of API requests in the API log. The value is
EMAIL/USE_SENDER_EMAIL: Set to
Trueif you wish to use the actual email address of the user when sending emails to unregistered users, otherwise the value of
EMAIL_SENDER_EMAILis always used.
HOSTSERVER/AUTO_DISTRIBUTE_DEPOT: Set to
Trueif the Depot should be distributed automatically.
LICENSE/ALLOW_CREATE_LICENSE: Set to
Trueto allow the creation of licenses. The value is
Falseby default and can only be changed by the default provider.
LICENSE/ALLOW_MANAGE_LICENSE: Set to
Trueto allow the management of existing licenses. The value is
Falseby default and can only be changed by the default provider.
- Log messages and errors from the Yvva-based Registration Server components
as well as the Administration Console can now be logged via
Registration Server API¶
Numerous enhancements and additions to the Registration Server API, to provide more functionality for integrating with external applications (e.g. web shops).
- Added API call
deletelicense, which marks a license as “deleted”. The API call
cancellicensewill set a license to “disabled” instead of “deleted” now.
- Added API call
tdnslookup, which performs a lookup at the TeamDrive Name Service (TDNS) to find a given user’s Registration Server.
- Added new functions:
enableuser, updated API reference documentation accordingly.
- Added new function
setdepartmentto set the department reference for a user.
Various security and usability enhancements as well as modifications to support changes made to the Registration Server API and functionality.
- Re-organized the navigation for the various Administraion Console pages, ordered and grouped them in a more logical fashion.
- Error messages when making changes to the Provider or Registration Server Settings are now displayed more prominently.
- The Administration Console now prohibits the manual creation of Depot files
for system accounts such as a Host Server’s
- The workflow of the Create Depot page has been reworked to be more straightforward, and will perform better validation to prevent users from different providers getting assigned to the same Depot. The form now also allows creating a depot as the default depot for the selected user. (REGSERVER-700, REGSERVER-907, REGSERVER-913)
- You can now filter the license table by expiry date, contract number, and holder email. The contract number and holder email have been added to the table, and the rest of the columns have been compacted slightly to create more space. (REGSERVER-885)
- Trial licenses are marked with a “Trial: <end date>” tag in the “More Details” section of the user overview table, the user editing page, and the license overview. (REGSERVER-891)
- The user overview will display ‘N/A’ rather than ‘Free’ as the user’s highest license, if the user has no installations yet. (REGSERVER-904)
- Banner management: Example banner elements are now downloaded with an appropriate file name. (REGSERVER-725)
- Searching for a username on the main user list is now case insensitive when the entire username is provided. (REGSERVER-906)
- Most of the input forms on the Administration Console will automatically trim leading and trailing whitespace from text fields. (REGSERVER-912)
- Can reset/delete multiple messages in the email queue at once (REGSERVER-773)
- Can delete multiple CSV-import log files at once (REGSERVER-990)
- The email templates are sorted into categories which can be shown or hidden. Categories of templates that are not relevant (based on provider settings) are hidden by default (REGSERVER-1026)
- The create-provider dialog will only show the TDNS related fields if TDNS access is enabled in the registration server settings (REGSERVER-1032)
- Multiple spaces can be deleted at once, without requiring a complete page reload (REGSERVER-573)
- Deleted licenses are hidden by default, and can be shown by setting a filter option (REGSERVER-825)
- Merged the “LoginSecurity” server settings group into the “Security” group
- Edited some table column labels to be more descriptive (REGSERVER-1057)
- The Administration Console can now be configured to require two-factor
authentication via email for users that want to log in. The
LOGIN/LOGIN_TWO_FACTOR_AUTHcan be used to enable this feature. Two-factor authentication is disabled by default.
- A Password complexity level is now indicated when creating/changing passwords.
- Security relevant events are logged either into a local log file
syslog. In particular, the following events are logged:
- Failed logins
- Failed two-factor authorization attempts
- Changes to security-related Provider/Server settings (e.g. login timeouts, API access lists, etc.)
- Password changes
- Changes to the privileges of user accounts
- Failed session validations
- If the account being logged into already has an active session, require a two-factor authentication step.
- Added server settings that can be used to limit the number of records that
may be viewed in the console. (
- When logging in to an account that already has an active session, there is the option to immediately end existing sessions (after completing the two- factor authentication step) (REGSERVER-1036)
Manage Serverspage no longer lists all servers on the TDNS network. Instead, there is an option to either enable/disable communication with all other Registration Servers, and exceptions to the chosen default need to be set by entering the exact server name. This is done so that the name of a customer’s Registration Server is not automatically visible to everyone else on the TDNS network (REGSERVER-1042).
- It is now possible to edit the list of users belonging to a Space Depot on the user editing page (REGSERVER-905). Editing of Depots (change limits, delete, activate, etc.) now takes place in a separate dialogue.
- Added a page that can be used to edit the HTML templates for web pages.
- The Administration Console now adds the
<changeinfo>tag to the following Host Server API calls:
- Added functionality to resend Depot information to the user. (REGSERVER-896)
- The Administration Console now uses the Registration Server API to enable/disable/wipe user accounts. (REGSERVER-803)
- Licenses will now be marked as “deleted” with the new
deletelicenseAPI function. (REGSERVER-883)
- Removing a user from a license will now also remove that license from the user’s devices. (REGSERVER-720)
- Licenses are edited strictly via the API, added the Send email button to all forms, made license type editable.
- Added support for the new API calls, added support to manage the new license feature flag “Restricted Client” (which allows to enable configurable Client-side restrictions like the maximum number of Spaces).
- Client log files and support requests can now be viewed on the “Download Client Log Files” page. The default provider can view log files for all providers. (REGSERVER-1025 and REGSERVER-1024)
- If the default provider has assigned a hostserver to another provider via the HOST_SERVER_NAME setting, the other provider will be able to create depots on that server even if the provider would not normally have access to the server
Change Log - Version 3.5¶
- Input parameter
<licensekey>is now accepted in place of
<licensenumber>in order to be compatible with Registration Server version 3.6.
- The “searchuser” API call returns
<licensenumber>in order to be compatible with Registration Server version 3.6.
- The API calls: “searchuser”, “getuserdata”, “getlicensedata”, “getdefaultlicense”,
“getusedlicense”, “createlicense” and “createlicensewithoutuser” now return the tag
<licensekey>in addition to
<number>. The contents is the same. The
<number>tag is deprecated and will be removed in a future version.
- Fixed a bug that caused the switch-distributor function to always create a new depot and license even when the checkboxes where not selected (REGSERVER-1170)
<showlicense>true/false</showlicense>tag to the “searchuser” API call. When set to
true, license information is returned in the result. This includes
<licensestatus>tags in the
<user>tag which indicate the current license set for the user, and the features of the license. A
<licenselist>tag is also returned with a list of the licenses that belong to the user.
- Avoid adding or removing the depot owner from the user list (REGSERVER-1158)
- Added a new server PrivacyURL and Provider redirect page
Version 3.5.8 will fix an error in the depot documents as described below in REGSERVER-1141. To save the successull update the file /var/opt/td-regserver/StartupCache.pbt will be updated. This might fail in case of the wrong user “root” ownership. Please correct the ownership with:
chown apache:apache /var/opt/td-regserver/StartupCache.pbt
Updating the registration server on CentOS 7 with “yum update” might
update the apache to a newer version. This update could re-install the
deleted “conf”-files in the folder
/etc/httpd/conf.modules.d/ and will
prevent starting the apache. Please follow the modified instruction to
disable all modules in the “conf”-files instead of deleting them as
described in Apache 2.4 (CentOS 7)
- Documented additional client settings and ordered client settings alphabetically.
- Fixed the problem that email notifications, such as comments on files, to users on other Registration Servers were ignored. In future, only registered and activated users will be able to send emails. However, the sender can specify an email address instead of a username, in order to send a notification to non-registered users, or users on other Regisration Servers (REGSERVER-1147).
- The Host Server may return a Depot document with a SERVERFLAGS field with an incorrect terminator. These documents will be corrected in the database and when returned by the Host Server (REGSERVER-1141).
- Fixed a bug in “wipedevice” API call (REGSERVER-1139)
- The adminconsole will make requests to hostservers over the hostserver proxy, if one is configured (REGSERVER-1148)
- Fixed a bug in “createlicense” API call: if the user has no other default license, then the created license will now be correctly set as the default.
- The [[GREETING]] in emails templates: “inv-user-invited-passwd” and “inv-user-invited”, incorrectly used the name of the sender of the invitation, instead if the invitee (REGSERVER-1136).
- Deleting users, depots, or spaces in the Adminconsole now requires the user to type the word ‘DELETE’ in a confirmation dialog, to prevent accidental deletion (REGSERVER-1133)
The ssl configuration has changed. All settings are now located in a separate configuration file. Please remove the old configuration in your ssl.conf:
RewriteEngine on RewriteLogLevel 0 RewriteLog "/var/log/httpd/rewrite.log" RewriteRule ^/setup$ /setup/ [R] RewriteRule ^/setup(.*) /yvva/setup$1 [PT] RewriteRule ^/pbas/td2as/(.*)$ /yvva/$1 [PT] RewriteRule ^/pbas/td2api/(.*)$ /yvva/$1 [PT]
and add the new include as described in chapter Configure mod_ssl
The authenticate call now handles authentication tokens that do not contain an email address. The allows an external Authentication Service prevent the automatic creation of a user if the user does not exist.
If the email address is missing from the authentication token then the Registration Server will return the “user not found” error if the user ID in the authentication does not match an existing user.
As before the user ID in the token is compared to the “External Authentication ID” field of the user. This field can be edited in the Admin Console, if
USE_AUTH_SERVICEis enabled (set to
True). If users are not created automatically then it is most likely that this field must be set manually when the user is created.
The alternative is to import the value of the “External Authentication ID” when creating and users using the CSV import facility.
Updated Yvva version to 1.3.6 (required with CentOS 7)
Add support for CentOS 7 with apache 2.4
When a user is removed, if the users licenses are not removed, the licenses are now correctly freed so the may be assigned to another user (REGSERVER-1120) . Note that the default license is no longer a default license when freed.
Corrected handling of default license. This could be overbooked (REGSERVER-1119). If a default license is assigned to the owner, and it is overbooked, then it will now be automatically removed from a number of users as required. Removal begins with less active users (users that accessed a device more recently will be favoured when removing licences).
When a license is removed, the user license is reset to the user’s default. Note that this may fail if the user is not the owner of his/her default license, which may be the case when using the
When changing the Provider of a user update of TDNS was not correct in the case when the case-sensitivity of usernames changed (REGSERVER-361).
The order of the XML tags in the API documentation now matches the actually order of tags returned by the server. Some tags that were ommitted have been added (REGSERVER-949).
<intresult>tag to result of “createlicense” API call.
No longer send email notification message for 4.3.1 clients, because they are able to synchronise user data using the “mod protocol” (REGSERVER-1110).
- The contents of the <message> tag in an exception was not correctly encoded which lead to invalid XML returned by the DISTRIBUTOR_REDIRECT (-30004) exception, which includes a URL in the message tag.
- Fixed a crash which could occur when assigning a license to a user with a device that was not activated (REGSERVER-1104)
- /bal/*html and /act/*html URLs were incorrectly returning “text/xml” as content type. This has been changed to “text/html” (REGSERVER-1106).
Added a “Registration Server How To’s” chapter to the Admin Guide.
The transfer limit for depots on hostservers that do not enforce the traffic limit is now displayed as ‘Unlimited’ (REGSERVER-742)
Added ‘,’ to the reserved characters that are not allowed in usernames. This is in addition to ‘;’ and ‘$’.
DEFAULT_LICENSEKEYis specified the setting
PROFESSIONAL_TRIAL_PERIODno longer has an effect. It is considered to be 0, which means that no trial period is available.
ClientPollIntervalwas incorrectly stored in the database in seconds by the Admin Console. The unit used in the database is 0.2 seconds (i.e. seconds x 5). This has been corrected. Default value is 60 seconds, as before.
Fixed a bug editing / deleting depots belonging to a provider other than the default provider
The “registeruser” API call will now always returns a <username> tag as well as the standard <intresult> tag on success. For example:
This is useful if the caller wishes to know the magic username generated by the server (REGSERVER-838).
Implemented “one-off-secureoffice-trial” license purchase. This will allow users to start a trial period when using the SecureOffice version of TeamDrive.
Removed the following Registration Server settings:
UpdateAvailableURL. All these Settings now use hard-coded URLs that reference the Registration Server (REGSERVER-1100).
Removed all references to
clientinfopage.php. These were used as default redirect pages. Now, if no redirect URL is set, the Registration Server will return a HTML page with a messsage. For example, if a forum URL is not specified by the Provider (
REDIRECT_FORUMsetting), or in the Registration Server setting (
ForumURL), then a page with the message: “Sorry, your service provider has not specified a forum page”, will be returned (REGSERVER-1080).
LoadBalancerURLmay contain multiple URLs separated by a ‘|’ character. In this case, the TeamDrive Clients will automatically use a different URL for each call the Registration Server.
BalanceURLRegistration Server setting. TeamDrive Clients that still use this setting will be directed to a hard-coded URL on the Registration Server:
Fixed the “MAIL FROM:” header in emails sent. The Reg Server now correctly sets this field according to the
MAIL_SENDER_EMAILProvider setting (REGSERVER-1099)
If a user is created via the API, or by CSV import, then it may not be known which language the user will use. In this case the language may be set to “-”. The “-” will be ignored by the TeamDrive Client. API calls will return the default language in this case (REGSERVER-1097)
Fixed a bug: the language passed to the Reg Server on registration was incorrectly converted to upper case and stripped of the location information. The unconverted language sent by the Client is now stored in the database (REGSERVER-1097)
Fixed a bug in the admin console displaying the license language when editing (REGSERVER-1096)
The Reg Server now supports a single Web Portal that manages internet access for multiple providers. This means that Multiple providers can use the same IP number in the
- Changed API function “confirmuserdelete”: allow using the call without sending the user password (REGSERVER-1089)
- Fixed sending Store Forward invitation for a “standalone” Registration Server (REGSERVER-1092)
- Fixed API function “setdistributor” to handle more than one depot in case of switchdepot = true (REGSERVER-1087)
- Fixed sending a store forward invitation in case of device not found fails, if sender is registered at a foreign Reg-Server (REGSERVER-1088)
- AdminConsole: Fixed misleading error message in case of deleting a user
- Fixed api call “setdepotforuser” and “removedepotfromuser”: The depot information sent to the clients used a wrong format (REGSERVER-1085)
- API log view in the admin console will now display API requests from the Web-Portal (REGSERVER-1083)
- Greetings macro was not replaced in mail templates (REGSERVER-1079)
- Added hint in the admin console to show if the background task for sending mails and processing other background tasks is running (REGSERVER-1078)
- Added API call “changelicensepassword” (REGSERVER-1075) and use bcrypt for license password encryption (REGSERVER-965)
- Fixed API access in the Apache configuration using the URL from older API documentations (using ../td2api/.. in the URL instead of ../td2as/..) (REGSERVER-1071)
- Fixed deleting a depot for an user in the admin console. Depot was deleted on the Host Server, but the reference on the Registration Server was not removed (REGSERVER-1070)
- Fixed access to missing language column in the email change confirmation page (REGSERVER-1069)
- Fixed wrong path to tdlibs-library folder in upload.php (REGSERVER-1067)
- Changed the default value for the setting TDNSAutoWhiteList to
True(REGSERVER-1072) and handle the special case of the Master-Server when changing the setting back to false in the admin console. Master-Server could only be disabled when using a white label client (REGSERVER-1073)
- Fixed api call “getusedlicense” to avoid duplicate usernames in user list (REGSERVER-1066)
- Fixed connecting TeamDrive Master Server during the setup in case of server-type “standalone” (REGSERVER-1064)
- Replaced TeamDrive 3 screenshot with TeamDrive 4 in chapter “TeamDrive Client-Server interaction” (REGSERVER-977)
- Added hint in documentation to enable HTTPS for the API communication between Registration Server and Hosting Server (REGSERVER-499)
- Initial release.