Release Notes - Version 3.6

TeamDrive Registration Server version 3.6 is the next major public release following after version 3.5.

Version 3.6 of the Registration Server contains the following features and notable differences compared to version 3.5.

Installation

  • The Reg Server 3.6 supports CentOS 7. RPM’s are available for this version of the OS.

Registration Server Functionality

  • Added the “Web Portal Access” capability bit. This bit represents user-level permission to access Web Portals. The capability bit is only used if the ALLOW_WEB_PORTAL_ACCESS Provider setting is set to peruser (see below).

  • Added ALLOW_WEB_PORTAL_ACCESS Provider setting. This setting determined whether users are permitted to access a Web Portal or not. Possible settings are:

    • permit: All users are permitted to login to Web Portals (this is the default).
    • deny: Web Portal access is denied to all users.
    • peruser: Access is determined by the “Web Portal Access” capability bit.
  • TeamDrive Authentication Services now includes an example of how to connect to Vasco IDENTIKEY Authentication Server. When used in conjunction with the Web Portal, Web Portal version 1.0.6 is required.

  • Emails sent by the server now have a maximum size of 16 MB. Previously the limit was 64 K (REGSERVER-1131).

  • Implemented support for Two-Factor Authentication using the Google Authenticator App.

  • Added the AUTH_SETUP_2FA_URL Provider setting. This value must be set to the URL of the page used to setup two-factor authentication.

    See How to Setup Two-Factor Authentication for details.

  • Added ALLOW_MAGIC_USERNAMES Provider setting. When set to True, users of the Provider may register with usernames that match the standard “magic username” pattern.

  • Added ISOLATED_EMAIL_SCOPE Provider setting. When set to True, the users of the Provider may use email addresses that are in use by other users, as long as the email addresses are unique for the Provider (REGSERVER-1125).

  • Added the HIDE_FROM_SEARCH Provider setting. When set to True, this setting will prevent users from being found by a Client when doing the standard username and email address searches, during login and when inviting users to a Space (REGSERVER-1124).

  • Added the PROVIDER_DEPOT Provider setting. This setting may be used to specify that a certain Depot should be used as default Depot for all users of a Provider (REGSERVER-1117).

  • Added the SUPPORT_EMAIL Provider setting. This setting specifies the email address that will be notified if support content is uploaded to the Registration Server.

  • Users will now receive “store forward” invitations no matter which Registration Server the invitation is located on. Previously a user had to register on the same Registration Server as the store forward message.

    A store forward invitation is created when a user invites another user via email, but the user is not yet registered.

  • HTTPS is now used for all communications with a Host Server if the Provider setting API_USE_SSL_FOR_HOST is set to True.

  • Added the Registration Server setting: EmailGloballyUnique. When set to True the Registration Server will check to ensure that an email address is not in use by any other Registration Server in the TeamDrive Network (REGSERVER-809).

    This value is automatically set to the same value as ``UserEmailUnique` on upgrade to version 3.6 or later.

    See EmailGloballyUnique for details.

Registration Server API

  • Added notifications: the Registration Server can be configured to send a notification when a change is made to a user. To do this, the Provider setting API_SEND_NOTIFICATIONS must be set to True, and the setting API_NOTIFICATION_URL must be set to the URL that will receive the notification (TRUS-136).

  • The tag <webportal> has been added to the API functions: “searchuser”, “loginuser”, “getuserdata” and “registeruser”. This tag indicates whether the user is permitted to access a Web Portal.

    Note that if the Provider setting ALLOW_WEB_PORTAL_ACCESS is set to permit or deny, the the value returned in the <webportal> tag will reflect this setting, not the value of the user’s Web Portal Access capability bit.

    When calling “setcapability” the <capability> tage may be set to the value “webportal”, in order to set Web Portal Access capability bit.

  • The “searchuser” API call now accepts the input tags <distributor>, <reference> and <authid>, which are used to search for users with specific external reference or external authentication ID. This tags can be used in addition to or in place of other search tags. The ‘*’ search wildcard is not recognised which searching for these values.

    When searching by <authid> the <distributor> will automatically be added to the search conditions (normally this is only done when you set <onlyownusers>true</onlyownusers>).

    Note that setting <distributor> to a value other than your own Provider code is only permitted if you are the “Default Provider”. Web Portals working on the behalf of a Provider may also set the <distributor> tag accordingly.

  • The “registeruser” API call now returns a <userdata> block with the complete details of the user.

  • Client API: the client version will now be extracted from the path: “/teamdrive/clientversion”, in addition to the paths used previously. Command names are case-insensitive.

  • Added the Provider setting EXT_LICENCE_REF_UNIQUE, default True. If set to False duplicate license references are allowed (REGSERVER-1130).

  • Removed the Provider setting CLIENT_DEFAULTLICREF. The license reference must now be provided as parameter to the API call (REGSERVER-1130).

  • Updated version number of API to 1.0.007.

  • The <licensereference> tag can now be used to specify the license in place of the <licensenumber> tag (REGSERVER-808). Note that the license reference must be unique for each Provider, if EXT_LICENCE_REF_UNIQUE is set to True (which is the default).

  • Added the “sendtemplatemail” API call. This call can be used to sent standard template based emails to user, Providers or some other recipient (REGSERVER-1103).

  • Added lookup of an Email on TDNS to the “tdnslookup” call. The result is a list of Registration Servers (REGSERVER-1113).

Administration Console

  • Added “Delete Provider” Functionality (REGSERVER-1127). Deleting a Provider will delete all user, licenses and depots that belong to the Provider. If the Reg Server is connected to TDNS, the delete process will be suspended until the Provider has been removed from TDNS.
  • If too many failed logins are detected for an account, further attempts are subjected to a delay that increases with the number of login attempts, up to a maximum delay of 2 minutes. The previous system of a constant 5 second delay will still be used if the account is protected by the LOGIN_IP provider setting (REGSERVER-534)
  • Added an option to move spaces from one depot to another (REGSERVER-1116)
  • Depot change history can be displayed on the edit-user page, when available (REGSERVER-1040)
  • A users Spaces are fetched more efficiently when displaying them on the edit-user page, which solves some browser memory problems when a user has a lot of spaces. Unfortunately this also means that the list of spaces can no longer be sorted (REGSERVER-1122)
  • The list of spaces on the edit-user page can now be exported as a CSV document (eg. for opening in Excel) (REGSERVER-1128)
  • Users can now be added or removed from a license on the edit-license page (REGSERVER-1129)
  • Changing a license owner can now be done only via the edit-license page. The function has been removed from the edit-user and license overwiew pages to avoid confusion with the ‘add user to license’ function (REGSERVER-1129)
  • The Admin Console now displays the Host Server version number. The version number is only correctly updated with Host Server version 3.6.1 or later. Otherwise, the number displayed is the version of the original Host Server installation. Note that, in this case, the version number displayed is of the form: <major>.<minor>.**.<patch>, for example: Host Server version 3.0.011 (for example) is displayed as: 03.00.**.00011.

Change Log - Version 3.6

3.6.8 (2018-02-07)

  • Added new Provider EMAIL settings which override the global Registration Server settings (REGSERVER-1226). This makes it possible to specify the SMTP Server to be used to send emails at the Provider level. Support for sending mails using SSL/TLS by prepending the protocol “smtps://” (only supported on CentOS 7 systems due to dependencies of required curl functionality) and authentification with an username and password was added:
    • SMTP_SERVER: The SMTP Mail Server address (host name), if empty the SMTPServer global setting value will be used.
    • SMTP_SERVER_TIMEOUT: the Timeout in seconds when waiting for the SMTP Mail Server, if empty the SMTPServerTimeOut global setting value will be used.
    • SENDER_HOST: Host name of the email originator. If empty the MailSenderHost global setting value will be used.
    • SMTP_SERVER_USER: Username for smtp authentification.
    • SMTP_SERVER_PASSWORD: Password for smtp authentification.
  • Version 3.6.8 requires YVVA runtime version 1.4.5.

3.6.7 (2017-11-06)

  • Fixed a crash when sending email due to incorrect SQL statement (REGSERVER-1223).

  • Fixed sending of “Future Device” messages which are used to sent invitations to users that do not yet have a device.

  • Documentations has been changed to conform to the new TeamDrive CI.

  • Some devices were not receiving invitations because the “Demo” flag was set. This flag is now ignored when invitations are sent.

  • Replaced TeamDrive logo and colors

  • Improved logging of errors when connected to TDNS, Host Servers and other Registration Servers. If an unexpected reply is received, the server will dump the first 420 characters of the response to the log, in order to help debugging proxy related connection errors.

    During setup of a Registration Server details of incorrect results are provided when you press the “Error Details” button. If the server receives an unexpected result when trying to contact other servers then the first 420 characters are display in the dialog window.

  • External Auth Service: corrected generation of user secret. Added the “alt user secret” to enable transition to a new method for generating user secrets.

  • Added the SETUP-2FA conditional variable for the Portal Pages (Portal Pages) which is set to “true” if the user selects to setup 2-Factor Authentication during login.

    The default portal-login page has been altered to use the variable to indicated if the user has selected to setup 2-Factor Authentication or not.

  • Fixed a bug in the Web-based setup of the Registration Server that caused a “Unknown attribute: ‘REG_SERVER_BUILD’” exception (REGSERVER-1214).

  • Registration Setup as Standalone or Master server now requires as “Setup Code”. This is required in order to prevent the accidental installation of a Registration Server that can only be accessed using a customised TeamDrive Client. A Setup Code can be obtained from support@teamdrive.com, but requires an agreement for the deployment of a “white-label” TeamDrive Client.

  • Fixed a bug in the Registration Server Setup that prevented the installation of a server when using a proxy to access the Master Registration Server.

  • Version 3.6.7 requires YVVA runtime version 1.4.4.

3.6.6 (2017-08-04)

  • Fixed an exception that occurred when attempting to wipe a device (REGSERVER-1210).
  • Fixed a error that occurred when removing a device installation on the client of a user had already been removed (REGSERVER-1211).

3.6.5 (2017-07-13)

  • The Reg Server now handles “store forward” invitations sent by the TeamDrive client, when a user has no active devices (because all devices have been inactive for longer than InviteOldDevicesPeriodActive). Previously this only worked if the user had no devices (which can happen if the user was created via the API).

    The first device that becomes active after this point, whether it is a new device or an old device that was re-activated will receive the invitation (REGSERVER-1200).

  • API call “removelicense” was not working due to a problem with NULL values (REGSERVER-1197).

  • Fixed activation of users and devices via the adminconsole (REGSERVER-1199)

  • Uploaded Client log files are now stored in a table created to store all large binary values (TD2LargeBinaries). This prevents a slowdown of access to the TD2BlobData table (REGSERVER-1202).

    On upgrade the log files will be moved from one table to the other. This can take some time.

  • Added a new covering index to the TD2BlobData table that includes all columns used to search the table. This will allow the server to avoid reading the entire row during a search.

    The column TD2BlobData.Extension has been shortened to 40 bytes (ascii) and the columns TD2BlobData.SourceChecksum has been removed because it is no longer used (REGSERVER-1201).

  • Optimised the queries used in the CSV page in the Admin Console, and fixed a bug that left the ‘error’ and ‘success’ file in the database when a CSV file was deleted

  • Fixed a bug in the “searchuser” API call. When <showdevice> was false, the <total> was incorrectly set to 0 (REGSERVER-1204).

  • Fixed a bug when deleting an user and his depots: If user is not the owner of a depot he must be removed from the depot as an user instead of deleting the depot (REGSERVER-1205).

3.6.4 (2017-05-04)

  • Fixed crash in regserverdistribution (REGSERVER-1186).

  • Fixed an error that resulted in the <licensekey> tag missing from a number of API calls that returned license data (REGSERVER-1187).

  • Fixed setting a client update notification using the admin console (REGSERVER-1189).

  • The <intresult> tag was missing from the result of the “createlicensewithoutuser” API call.

  • Several small fixes for the admin console: improved user search speed and added case insensitive search for usernames, fixed regular expression for magic usernames with an ID > 9999, improved client logs download page

  • Added hint how to start the apache service after mysql (see Enabling Service Autostart)

  • Fixed sending API calls for different provider using the same IP (REGSERVER-1194).

  • Fixed license change history in the adminconsole in cases where the ‘license created’ entry was missing from TD2TicketChanges (REGSERVER-1188)

  • Require entry of a confirmation text when deleting licenses (previously this was only required if the license was created in an external system) (REGSERVER-1193)

  • The default provider can now view uploaded log files for all providers at once (REGSERVER-1190)

  • Installation: set max_allowed_packet=32M in order to support the upload of large client log files (REGSERVER-1192)

  • Fixed a number of problems with the API functions “searchuser” (REGSERVER-1195): It is now possible to retrieve all users by not specifying any search condition. Previously this caused error -30116.

    The result tags <current>, <total> and <maximum> now refer to the number of users, regardless of whether devices are included in the result or not. Previously these tags referred to the number of devices, when <showdevice> was set to true.

    Previously it was possible that devices for the last user returned were missing, if the maximum rows (<total> value) was exceeded when including devices in the result.

    When you specify a <startid> value, the <total> value returned now consistently refers to the total number of users with an ID greater than the specified value.

    This means that, in general, if the <total> value is greater than the <current> value, then the caller knows that more user records are available with the input parameters.

    Previously to version 3.6.4 the result <total> was not consistant if <showdevice> was set to true and should not be used.

  • Increased TD2BlobData.Data column size to allow 50 MB uploaded log files (REGSERVER-1191).

  • Increased TD2Depots.ReposDoc column size to 4000 characters required to store larger repository files (REGSERVER-1185).

3.6.3 (2017-03-22)

  • Added Provider setting EMAIL/IGNORE_TEMPLATES_LIST, which contains a list of email templates. Emails will not be sent with the templates specified in this list (REGSERVER-1184).
  • Added the UsePrecedenceBulk setting which determines whether the “Precedence: bulk” header should be added to outgoing emails (REGSERVER-1182).
  • The activatelicense and deactivatelicense API calls no longer return error -30210 (REGSERVER-1177).
  • Specifying a user in the “removeuserfromlicense” API call is now optional. If specified, then the user must be the owner of the license or a “Unknown license” error will be returned (REGSERVER-1178).
  • The API documentation now includes a section on the changes to the API based on the Registration Server version. All changes since version 3.5.0 are noted in the documentation of the API calls (REGSERVER-1173).
  • Remove the API version number (1.0.006, 1.0.007, etc.) The Registration Server version number is now used to determine when API changes have been made. All API calls now return the <regversion> tag which contains the version number of the server (REGSERVER-1173).
  • “getdefaultlicense” API call: removed the exception that returned the features of the license in use if it was higher than the features of the default license.
  • Added a <licensereference> tag to the input parameters of the “loginuser” call. This tag is used if a default license is created for the user. This is only done if the user has no default license, and the Provider setting DEFAULT_LICENSEKEY is empty.
  • The new reference should now be specified using the <newlicensereference> tag in the “setlicensereference” API call.
  • Added an optional <password> tag to the “removeuser” API call input data.
  • The <featurevalue> tag value may now also be specified as an integer in the “createlicense”, “createlicensewithoutuser”, “upgradelicense” and “downgradelicense” API calls.
  • Added the <licensereference> tag to the <license> block in reply of the “getusedlicense” API call.
  • Added the <licensereference> tag to the <user> and the <device> block in reply of the “searchuser” API call.
  • Fixed a bug removing users from a depot who had been added to the depot when it was created (REGSERVER-1159)
  • Several minor changes and fixes in the Admin Console (fixed spelling License -> Licence, moved “change user licence” on the edit user page from device block to user block, fixed 2 SQL statements, added username to client logs download page)
  • Added new clients settings allow-webaccess-by-default and enable-space-webaccess in the documentation

3.6.2 (2017-02-01)

  • The Registration Server Portal Pages (see Portal Pages) will no longer allow login of users that have previously logged in using an external authentication service (REGSERVER-1180).

  • If a user is using external authentication then the server will no longer allow the user to change his password. The server now returns an error -24907: Permission denied, when the TeamDrive client attempts to perform on of these functions (REGSERVER-1179).

  • External authentication now first checks wether the authentication token is an internal token used by the portal pages. If not, it checks the URL specified by the AUTH_LOGIN_URL setting (REGSERVER-1181).

  • The <licensekey> tag must be used in place of the <licensenumber> tag in the API. <licensenumber> has been deprecated and will no longer be accepted in Registration Server 3.7.

  • Add a <licensekey> tag to the “registeruser” API call. This tag can be used to specify a license to assign to the newly created user.

  • Added Provider setting USER_IDENTIFICATION_METHOD (REGSERVER-1171). This setting determines how user accounts will be identified (see USER_IDENTIFICATION_METHOD). USER_IDENTIFICATION_METHOD replaces the Provider setting USE_EMAIL_AS_REFERENCE, which has been removed.

  • Removed the Provider setting API_CREATE_DEFAULT_LICENSE (REGSERVER-1163). A default license is now always created when a user is created by the API, or during TeamDrive Client registration.

    Since the Registration Server version 3.6 now allows a license to be assigned to a user, even when the user has no devices, the default license is also assigned to the user on creation via the API. If the license already has the maximum number of users, the new user will not be created.

  • Fixed a bug that caused the switch-distributor function to always create a new depot and license even when the checkboxes where not selected (REGSERVER-1170)

  • Added new server setting PrivacyURL and Provider redirect page REDIRECT_PRIVACY

  • Added fields to select an existing license when creating a new user in the adminconsole (REGSERVER-1166)

  • Can now filter the list of devices by the username or email address of the user who owns the device (REGSERVER-1160)

  • It is now possible to edit licenses with an “extreference” set (REGSERVER-1168)

3.6.1 (2016-12-02)

  • Fixed a crash that occurred when search user was called from a TeamDrive Client that is registered at a different Registration Server (REGSERVER-1161)

3.6.0 (2016-11-25)

  • Initial release.

  • LDAP/AD Connectivity (REGSERVER-506): The LDAP/AD external authentication reference code has been improved so that all important parameters are in one configuration file.

    The file “ldap_config.php.example” must be duplicated and renamed to “ldap_config.php” on installation. The file parameters should then be modified as required. Further instructions and a description of the parameters is provided in the “ldap_config.php” file.