Registration Server How To’s¶

Configuring a Default License¶

A default license is generated for each user on registration. The features of this license are determined by the either the LICENSE/DEFAULT_FREE_FEATURE (see DEFAULT_FREE_FEATURE) or the LICENSE/DEFAULT_ACCOUNT_FEATURE Provider settings.

If a user is registered as a member of an account then the DEFAULT_ACCOUNT_FEATURE setting is used, otherwise the DEFAULT_FREE_FEATURE setting is used. This allows you to specify users that are created for a specific account receive different default license features to those that register themselves.

Alternatively, it is possible to create a single license which is to be used as a default for multiple users. To do this, first create the license using the Admin Console (see Creating License).

Then set the Provider setting LICENSE/DEFAULT_LICENSEKEY to the key of the newly created license. Note that you will must ensure that the “license limit” (number of users) is sufficiently high to cover the number of users that will register and use the license.

The DEFAULT_LICENSEKEY applies to all newly registered users, including those assign to an account.

Changing the Default Depot Size¶

A default Depot for storage of Space data, may be created for a user on registration. For this purpose, a Hosting Service must be connected to the Registration Server. If this is the case, then you will be able to set the HOSTSERVER/HOST_SERVER_NAME Provider setting by selecting the Hosting Service from a popup menu.

The default size of the Depot is specified using the HOST_DEPOT_SIZE setting. By default, this value is 2 GB.

If you change this value then, for TeamDrive 3 users, you should also change the CLIENT/FREE_LIMIT_SIZE setting to the same value.

TeamDrive 3 clients limit the amount of data that will be processed by the Client when not using a Personal or Professional license. This means that if you do not increase FREE_LIMIT_SIZE in accordance with the HOST_DEPOT_SIZE value, users will not be able to use all the disk space available in the default Depot.

Setting up a Master User¶

A master user is a user that is automatically invited to all spaces of users of a provider. This has a number advantages, for example:

• All spaces keys used by users can be collected as a backup, in case the keys are lost.
• It creates a central repository where an Administrator can enter any Space used by any of the users.

A disadvantage is that anyone with access to the master user has access to all spaces.

You create a master user by setting the master-user client setting to the username of the master user. The value must be set in the CLIENT/CLIENT_SETTINGS Provider setting (see CLIENT_SETTINGS). This user will now be automatically invited to all Spaces with the “Master User” rights.

It is now possible to install a TeamDrive client, login as the master user and setup the client to automatically accept invitations sent to it. This can be done by setting the client setting auto-accept-invitation to true.

Do not set this setting in the CLIENT_SETTINGS Provider setting as this would mean that users, in general, will loose control of how they wish to handle Space invitations. Instead, it is possible to set this setting in a local configuration file, so that it only applies to the master user installation.

This is the “/Users/Shared/teamdrive.ini” file on Mac OS X, “/etc/teamdrive.ini” on Linux and “%ProgramData%/TeamDrive3/teamdrive.ini” (usually “C:\ProgramData\TeamDrive3\teamdrive.ini”) on Windows.

When run on a machine that is “always on” (i.e. a server) this will ensure that all invitations are received when sent to the master user from other clients.

The behaviour, whether files are downloaded directly after accepting the invitation, or just the “meta-data” of the Space, is determined by the auto-accept-invitation-mode client setting. This can be set to one of the following values: non-offline-available, offline-available or archived. The default is archived, which means the Space key is stored, and the Space will be marked as “Inactive”. The Space can then be activated manually at a later stage.

Using a “Restricted” Client License Model¶

The Restrict License Model is intended to provide users with a limited but free version of TeamDrive. For this reason a restricted license is can to be the default license which a user receives on first time registration.

A restricted license tells the TeamDrive Client that certain restrictions apply. Currently this may only be a restriction to the number of Spaces that may be active at any one time.

To setup a Restricted Client License Model, do the following:

Set the Provider settings DEFAULT_FREE_FEATURE and DEFAULT_ACCOUNT_FEATURE to the Restricted and WebDAV or Restricted and Personal features, depending on whether you want a non-commercial or a commercial license.

If you include the Personal feature the license will be usable by commercial/business users. Alternatively you could include the Professional feature which is considered identical to the Personal feature by TeamDrive 4 clients (see DEFAULT_FREE_FEATURE for details).

If you only want non-commercia/private users to be able to use the license then include the WebDAV feature instead of the Personal or Professional feature. This will ensure that the user can still use WebDAV hosting services, which is automatically included in the Personal or Professional features.

To ensure that the DEFAULT_FREE_FEATURE` and DEFAULT_ACCOUNT_FEATURE settings take effect you mus set DEFAULT_LICENSEKEY is blank.

Finally, ensure that the LICENSE/ACTIVE_SPACES_LIMIT provider setting is set to a value greater than 0 (by default the value is 1). This setting automatically adds the active-spaces-limit to the CLIENT/CLIENT_SETTINGS value sent to the client. The value determines the number of active Spaces allowed by the TeamDrive Client when the Restricted license feature is set.

The active-spaces-limit setting only has an effect if the Restricted feature is set on the user’s license. This means that users with a standard Professional License (that have just the Professional license feature) are not effected by this limitation.

In order to upgrade such a user to the a fully commercial license you can either remove the Restricted feature manually in the Admin Console, or it can be done using the “downgradedefaultlicense” API call (see downgradedefaultlicense), which can be used to remove features from a license.

How to Restrict Device Registration¶

As a Provider you may wish to restrict the creation of new TeamDrive installations by your users. For example, the users of a certain Provider may be prevented from using private devices, in order to control the proliferation of company data.

In order to do this, you can configure the Registration Server to require manual approval for every new device registration.

The details are explained in chapter ALLOW_LOGIN_WITHOUT_EMAIL

How to Setup Two-Factor Authentication¶

The Reg Server version 3.6 supports two-factor authentication (2FA) using the Google Authenticator App (https://support.google.com/accounts/answer/1066447?hl=en).

You can enable the use of 2FA for a particular Provider by setting USE_AUTH_SERVICE to True. You must then add the following settings to CLIENT/PRE_LOGIN_SETTINGS:

enable-login=false
enable-web-login=true

This will ensure that the user is directed to the “external” (web-based) login page when logging in to the TeamDrive Client.

The external pages use templates stored by the Registration Server and can be modified for each Provider. Use the Admin Console to upload customised versions of the pages for your users as described in Manage HTML Templates

Two-factor authentication must be activated individually by each user by entering the following URL in a Web-browser:

https://regserver.yourdomain.com/pbas/td2as/int/setup-2fa.html

In the future, a link to this page will be made available directly in the client application. Follow the instructions for downloading the Google Authenticator App and activating the 2FA functionality.

Two-factor authentication can also be configured to work with the TeamDrive Web Portal. Following the instructions on how to do this provided by the Web Portal documentation.

Web-Portal users must use the /portal/setup-2fa.html page to setup two-factor authentication.

Note that, since the Register Server external authentication pages do not yet support LDAP or Active Directory, it is not possible to use two-factor authentication in combination with LDAP or any other external authentication service.

How to migrate existing Users, Depots and Licenses to an Account¶

1. Create a new account as described in Create Account. You can already choose the manager and account members, but both are optional and not required. When moving existing users to an account their licenses and depots will not automatically be moved to the depot. Both are still bound to the user.

2. Click on Edit Account to change the account record itself and / or managers, members, licenses and depots.

3. You can create a new license with Create License (depends on your access rights) or you can move existing licenses to an account with Add License. The license select list is limited to licenses which:

• are not assigned to a TeamDrive user or
• belong to an user which is already a member of this account, but is not the default license of the user and has a license limit > 1.

When you move an existing license to an account, the account will be the new owner of the license and not the user anymore (this is important, if you remove the user from the account, because the user will not be able to use this license anymore).

4. You can create a new depot with Create Depot (depends on your access rights) or you can move existing depots to an account with Add Depot . The depot select list is limited to depots which:

• are not assigned to a TeamDrive user or
• belong to an user which is already a member of this account.

When you move an existing depot to an account, the depot will be shown under the account, but also still have a Teamdrive user as an owner of the depot, because the TeamDrive Clients need this information to set/change the Admin-User of a space.