Registration Server How To’s¶
This chapter covers a number of common tasks that you may want to or need to perform with the Regisration Server.
Configuring a Default License¶
A default license is generated for each user on registration. The features
of this license are determined by the either the LICENSE/DEFAULT_FREE_FEATURE
(see DEFAULT_FREE_FEATURE) or the LICENSE/DEFAULT_ACCOUNT_FEATURE
Provider
settings.
If a user is registered as a member of an account then the
DEFAULT_ACCOUNT_FEATURE
setting is used, otherwise the DEFAULT_FREE_FEATURE
setting is used. This allows you to specify users that are created
for a specific account receive different default license features to those
that register themselves.
Alternatively, it is possible to create a single license which is to be used as a default for multiple users. To do this, first create the license using the Admin Console (see Creating License).
Then set the Provider setting LICENSE/DEFAULT_LICENSEKEY
to the key of the
newly created license. Note that you will must ensure that the “license limit”
(number of users) is sufficiently high to cover the number of users that will
register and use the license.
The DEFAULT_LICENSEKEY
applies to all newly registered users, including those
assign to an account.
Changing the Default Depot Size¶
A default Depot for storage of Space data, may be created for a user
on registration. For this purpose, a Hosting Service must be
connected to the Registration Server. If this is the case, then you will
be able to set the HOSTSERVER/HOST_SERVER_NAME
Provider setting by
selecting the Hosting Service from a popup menu.
The default size of the Depot is specified using the HOST_DEPOT_SIZE
setting. By default, this value is 2 GB.
If you change this value then, for TeamDrive 3 users, you should also
change the CLIENT/FREE_LIMIT_SIZE
setting to the same value.
TeamDrive 3 clients limit the amount of data that will be processed by the
Client when not using a Personal or Professional license. This means that
if you do not increase FREE_LIMIT_SIZE
in accordance with the
HOST_DEPOT_SIZE value, users will not be able to use all the disk
space available in the default Depot.
Setting up a Master User¶
A master user is a user that is automatically invited to all spaces of users of a provider. This has a number advantages, for example:
- All spaces keys used by users can be collected as a backup, in case the keys are lost.
- It creates a central repository where an Administrator can enter any Space used by any of the users.
A disadvantage is that anyone with access to the master user has access to all spaces.
You create a master user by setting the master-user
client setting to
the username of the master user. The value must be set in the
CLIENT/CLIENT_SETTINGS
Provider setting (see CLIENT_SETTINGS).
This user will now be automatically invited to all Spaces with the
“Master User” rights.
Note
In case of using the email as username (see USER_IDENTIFICATION_METHOD) you have to use the magic username as master username.
It is now possible to install a TeamDrive client, login as the master user
and setup the client to automatically accept invitations
sent to it. This can be done by setting the client setting auto-accept-invitation
to true
.
Do not set this setting in the CLIENT_SETTINGS
Provider setting
as this would mean that users, in general, will loose control of how they wish
to handle Space invitations. Instead, it is possible to set this setting
in a local configuration file, so that it only applies to the master user
installation.
This is the “/Users/Shared/teamdrive.ini” file on Mac OS X, “/etc/teamdrive.ini” on Linux and “%ProgramData%/TeamDrive3/teamdrive.ini” (usually “C:\ProgramData\TeamDrive3\teamdrive.ini”) on Windows.
When run on a machine that is “always on” (i.e. a server) this will ensure that all invitations are received when sent to the master user from other clients.
The behaviour, whether files are downloaded directly after accepting the
invitation, or just the “meta-data” of the Space, is determined by the
auto-accept-invitation-mode
client setting. This can be set to
one of the following values: non-offline-available
, offline-available
or archived
. The default is archived
, which means the Space key
is stored, and the Space will be marked as “Inactive”. The Space can then be
activated manually at a later stage.
Using a “Restricted” Client License Model¶
The Restrict License Model is intended to provide users with a limited but free version of TeamDrive. For this reason a restricted license is can to be the default license which a user receives on first time registration.
Note
The Restricted Client License Model is only supported by TeamDrive 4 Clients.
A restricted license tells the TeamDrive Client that certain restrictions apply. Currently this may only be a restriction to the number of Spaces that may be active at any one time.
To setup a Restricted Client License Model, do the following:
Set the Provider settings DEFAULT_FREE_FEATURE
and
DEFAULT_ACCOUNT_FEATURE
to the Restricted and WebDAV or
Restricted and Personal features, depending on whether you
want a non-commercial or a commercial license.
If you include the Personal feature the license will be usable by commercial/business users. Alternatively you could include the Professional feature which is considered identical to the Personal feature by TeamDrive 4 clients (see DEFAULT_FREE_FEATURE for details).
If you only want non-commercia/private users to be able to use the license then include the WebDAV feature instead of the Personal or Professional feature. This will ensure that the user can still use WebDAV hosting services, which is automatically included in the Personal or Professional features.
To ensure that the DEFAULT_FREE_FEATURE` and DEFAULT_ACCOUNT_FEATURE
settings take effect you mus set DEFAULT_LICENSEKEY
is blank.
Finally, ensure that the LICENSE/ACTIVE_SPACES_LIMIT
provider setting
is set to a value greater than 0 (by default the value is 1). This setting
automatically adds the active-spaces-limit
to the CLIENT/CLIENT_SETTINGS
value
sent to the client. The value determines the number of active Spaces allowed
by the TeamDrive Client when the Restricted license feature is set.
The active-spaces-limit
setting only has an effect if the
Restricted feature is set on the user’s license. This means
that users with a standard Professional License (that have just the
Professional license feature) are not effected by this limitation.
In order to upgrade such a user to the a fully commercial license you can either remove the Restricted feature manually in the Admin Console, or it can be done using the “downgradedefaultlicense” API call (see downgradedefaultlicense), which can be used to remove features from a license.
How to Restrict Device Registration¶
As a Provider you may wish to restrict the creation of new TeamDrive installations by your users. For example, the users of a certain Provider may be prevented from using private devices, in order to control the proliferation of company data.
In order to do this, you can configure the Registration Server to require manual approval for every new device registration.
The details are explained in chapter ALLOW_LOGIN_WITHOUT_EMAIL
How to Setup Two-Factor Authentication¶
The Reg Server version 3.6 supports two-factor authentication (2FA) using the Google Authenticator App (https://support.google.com/accounts/answer/1066447?hl=en).
You can enable the use of 2FA for a particular Provider by
setting USE_AUTH_SERVICE
to True
. You must then add the following
settings to CLIENT/PRE_LOGIN_SETTINGS
:
enable-login=false
enable-web-login=true
This will ensure that the user is directed to the “external” (web-based) login page when logging in to the TeamDrive Client.
The external pages use templates stored by the Registration Server and can be modified for each Provider. Use the Admin Console to upload customised versions of the pages for your users as described in Manage HTML Templates
Two-factor authentication must be activated individually by each user by entering the following URL in a Web-browser:
https://regserver.yourdomain.com/pbas/td2as/int/setup-2fa.html
In the future, a link to this page will be made available directly in the client application. Follow the instructions for downloading the Google Authenticator App and activating the 2FA functionality.
Two-factor authentication can also be configured to work with the TeamDrive Web Portal. Following the instructions on how to do this provided by the Web Portal documentation.
Web-Portal users must use the /portal/setup-2fa.html
page to setup
two-factor authentication.
Note that, since the Register Server external authentication pages do not yet support LDAP or Active Directory, it is not possible to use two-factor authentication in combination with LDAP or any other external authentication service.
How to migrate existing Users, Depots and Licenses to an Account¶
1. Create a new account as described in Create Account. You can already choose the manager and account members, but both are optional and not required. When moving existing users to an account their licenses and depots will not automatically be moved to the depot. Both are still bound to the user.
2. Click on Edit Account
to change the account record itself and / or
managers, members, licenses and depots.
3. You can create a new license with Create License
(depends on your access
rights) or you can move existing licenses to an account with Add License
. The
license select list is limited to licenses which:
- are not assigned to a TeamDrive user or
- belong to an user which is already a member of this account, but is not the default license of the user and has a license limit > 1.
When you move an existing license to an account, the account will be the new owner of the license and not the user anymore (this is important, if you remove the user from the account, because the user will not be able to use this license anymore).
4. You can create a new depot with Create Depot
(depends on your access rights)
or you can move existing depots to an account with Add Depot
. The depot select
list is limited to depots which:
- are not assigned to a TeamDrive user or
- belong to an user which is already a member of this account.
When you move an existing depot to an account, the depot will be shown under the account, but also still have a Teamdrive user as an owner of the depot, because the TeamDrive Clients need this information to set/change the Admin-User of a space.