Registration Server Settings¶

APIAllowSettingDistributor¶

When accessing the API, providers are identified by the IP address of the caller (see api_ip_access).

Set this to True if you want a provider to be able to make requests on behalf of another provider. This means that a provider that manages (see the “Managed by” setting on the Providers page in the Admin Console) other providers can set the caller provider to one of those providers.

The “Default Provider”, specified by the DefaultProvider setting (see DefaultProvider) has the right to manage all other providers.

In order to make an API request on behalf of some other providers, set the <distributor> tag to the required provider code (see API Input Parameters).

Since the Admin Console uses the API, you must set APIAllowSettingDistributor to True if you wish to access Providers other than the default Provider through the Admin Console.

APIChecksumSalt¶

To detect “man in the middle” attacks when sending API requests to the Registration Server, a random “salt value” is generated during the initial installation. The sender must add this salt value to his request before calculating the MD5 hash value of the API request content which will be sent to the Registration Server.

The checksum will be included in the URL, so that the Registration Server can check if the content was modified during the transport.

This setting is read-only and can not be changed via the Administration Console.

See chapter API Basics for details.

ApiLogFile¶

A log file that tracks API requests issued by the Administration Console. This file needs to be owned and writeable by the apache user (default: /var/log/td-adminconsole-api.log).

RegServerAPIURL¶

Optional Reg Server API URL, used by the Administration Console (e.g. http://regserver.yourdomain.com/yvva/api/api.xml). Must be set, if HTTPS should be used for API communication or if a dedicated API server is used. If empty, it will be derived from RegServerURL.

WebPortalAPICalls¶

This is a comma separated list of API calls that are permitted for the Web Portal. If set to empty, Web Portals will not be a be able to access the Registration Server.

There should be no need to update this setting. New calls required by the Web Portal will be added in future updates as required.

ClientPasswordLength¶

You can define a minimum password length to be used by a user. The default value is 8 characters. This parameter will only be checked by the API, since the Clients only send an MD5 hash of the password, which can not be checked on server side. A password complexity check is not implemented at the moment.

ClientPollInterval¶

The default poll interval for clients (in seconds) to look for new invitations on the Registration Server.

ClientSettings¶

These settings are sent to all Clients after login. Settings specified for a Provider can override the values defined here.

ClientUsernameLength¶

You can define a minimum username length to be used by a user. The default value is 5 characters.

EmailGloballyUnique¶

This setting specifies whether a Registration Email address should be globally unique or not. When set to True, the Registration Server will check that an email is unique over the entire TeamDrive Network.

By default this parameter is set to the value if UserEmailUnique. In other words, if UserEmailUnique is set to True, then EmailGloballyUnique will be set to True on upgrade to version 3.6.

InvitationStoragePeriod¶

Invitations will be stored on the server for a specified period of time. The default is 30 days (2592000 seconds). After that duration the server will automatically delete older invitations. If the value is to 0, invitations will never be deleted. Deletions are carried out by the background task described here: “Delete Old Messages” Task.

InvitationStoragePeriodFD¶

This setting is deprecated and will be removed in a future version. The functionality will only be used by TeamDrive 3 clients. TeamDrive 4 clients are using the key repository instead (see following link to the chapter Invitation for future devices).

Within 14 days after the first registration, the client will send an invitation for each created Space to the registration server for devices the user may install in future. See Invitation for future devices for a detailed description.

InviteOldDevicesPeriodActive¶

Each new Client installation by a user will create a new device in the database. If the user were to get a new PC, it would be installed as a new device, but the first device will remain in the Registration Server database, even if the user no longer uses it. Invitations will only be sent to devices which were active within the defined period. Please notice, that the device active timestamp will only be updated once a day. So, the value should not be less than one day (86400 seconds). The default value is 96 days (8294400 seconds).

A device that is no longer receiving invitations is said to be “inactive”. An inactive device can be re-activated by starting the TeamDrive client on the device. As long as the TeamDrive installation on the device has not been deleted, the device will be re-activated, and will be able receive invitations again.

If you try to send an invitation to a user that has no active devices, the TeamDrive client register an error. You should then contact the user and request that an old device be re-activated, or a new device installed by the user. The invitation will then need to be sent again.

StoreRegistrationDeviceIPinSeconds¶

Each client registration will store the IP address which was used to register the client. In case of a hacked user, it may be possible to identify the source of the request. The default is 2592000 seconds (30 days) after which the IP will be removed. Other possible values are -1 (never store the value) or 0 (never delete it). All values greater than zero will be taken as seconds. The Delete Client IPs auto task as described in “Delete Client IPs” Task must be enabled.

UserEmailUnique¶

This setting specifies if email address must be unique for the entire Registration Server. If set to False then email address need only be unique per Provider. The setting EmailGloballyUnique specifies whether email address must be unique over all TeamDrive Registration Servers.

EmailSendRate¶

This is the maximum send rate for emails per minute. The default is “0” which means unlimmited.

MailSenderEmail¶

The sender header can be defined to avoid spam classification (see sender field description in: http://en.wikipedia.org/wiki/Email#Header_fields). This is necessary in case that the invitations between the users don’t match to the domain which will be used by the registration server. If this value is empty, only the from header will be used. The email will also be used as the ‘envelope-from’-email in user-to-user mails like invitations and as the ‘from’-email for all server-to-user emails like the activation email, new password, etc.

MailSenderHost¶

As described in the SMTP protocol http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example there will be communication between the SMTP client on the registration server and the SMTP server which will accept the email for delivery. To avoid spam classification the HELO command must match the servers FQDN. If this value is empty, the default hostname / IP address detection will be used which might get 127.0.0.1 instead of the hostname.

MaxEmailPerDay¶

This is a security setting, since invitation mails can, potentially, also be used for spam mails from an user sent by your mail server. You can define how many mails the user can send and/or receive per day. (-1 = unlimited, 0 = no mail)

MaxInboxEmailPerDay¶

This setting specifies the number of emails an inbox can sent per day. This on concerns the upload confirmation emails which are sent to unregistered users. The upload notification emails are always sent to registered users and are included in the MaxEmailPerDay which each user may receive.

As for MaxEmailPerDay, “-1” mean unlimited, and “0” means no email will be sent.

SMTPServer¶

The IP or DNS name of the SMTP server.

In order to use a TLS/SSL connection to the SMTP server prefix the host name of the server with “smpts” protocol, for example: “smtps://my.smtpserver.com”. If no protocol is specified then “smpt” is assumed.

SMTPServerUser¶

An username for smtp authentication.

SMTPServerPassword¶

The password for smtp authentication.

SMTPServerTimeOut¶

Timeout parameter in seconds for sendmail requests.

TemplatePath¶

This is the location of the default email and HTML templates.

UsePrecedenceBulk¶

Set this value to True in order to add the header:

Precedence: bulk

to all outgoing emails. This should reduce the number of automatic reply mails for “out of office” and “vacation”. This setting is False by default.

CalculatedLookupMaximum¶

The is the maximum call rate during the last 48 hours. This value is calculated by the “Manage Failed Lookup” auto-task every 4 hours.

If this rate is exceeded an email notification will be sent to the manager of the default provider.

CheckUserLimit¶

The limit (per day) to the number of users that can be checked as to whether they exist or not. This value is set to 200 by default.

FailedLookupLimit¶

This is the maximum number of failed searches for usernames and email addresses that are allowed in one hour. A search occurs when a user is invited to a Space, or during login and registration. By default this value is 200.

The value is intended to prevent using the Registration Server API to enumerate all registered users.

Note that this also limits the rate at which unregistered users can be invited to a space using an unknown email address.

FailedLookupPeriod¶

The period in which the maximum failed lookup rate is enforced by the server. By default this is 30 minutes. This means if the limit is exceeded (see FailedLookupLimit below), then this si the maximum time that a caller must wait before they can try again.

Decreasing the period “smoothes” out the enforcement of the limit.

LastLookupNotification¶

The time of the last notification. Notification will not be sent faster than once every 5 minutes.

LookupRetensionTime¶

This is the time that entries in the failed lookup log are retained. By default this is 180 days.

RecentLookupMaximum¶

The “Manage Failed Lookup” auto-task reset this value to the CalculatedLookupMaximum. If RecentLookupMaximum is exceeded during normal operation by frequently failed calls to lookup functions, then an email is sent to the default provider manager.

RecentLookupMaximum is then set to the new maximum lookup call fail rate, and a new email is only sent when this value is exceeded again.

In this manner the manager is informed of constantly increasing fail rate.

AuthorizationSequence¶

Authorization sequence used to send invitations to users which are registered on other Registration Servers in the TeamDrive Network via TDNS.

CacheInterval¶

The time in seconds that Registration Server configuration options are cached. Changes to the Registration Server or Provider setting will be reloaded after CacheInterval expired.

DefaultProvider¶

Select the existing Provider that acts as the Default Provider (this is usually the first provider created on the Registration Server).

For more information about the Provider concept, please refer to Provider Concept.

EnableSuperPINRepository¶

If False (the default) the option to enable the Super PIN Repository, and the function to require account users enable the Super PIN are not available in the Admin Console.

If set to True the Super PIN account level options become available to account managers in the Admin Console. In addition, all account managers are prompted by a banner to read information about the Super PIN and the options available to accounts and users.

EnforceHttps¶

Set this value to True to ensure that all access to the Registration Server uses HTTPS. The value is True by default.

This affects all URLs referencing the Registration Server, including: RegServerURL, LogUploadURL and PingURL.

Not affected are those URLs for which the protocol is specified by the RedirectorProtocol (see RedirectorProtocol).

This setting is new in Registration Server version 4.6.4.

MasterServerName¶

The name of the Master Registration Server in your TeamDrive Network.

MasterServerURL¶

Default URL of the Master Registration Server.

PingURL¶

For an inital connection or later on the online test, the client will ping the PingURL. This will return a defined answer:

<?xml version='1.0' encoding='UTF-8' ?>
<teamdrive>
        <intresult>0</intresult>
</teamdrive>

back to the client, so that the client can check if he can reach the server, or if there is a proxy or an other gateway which require additional steps to get internet access. The PingURL can be located on another server and just requires a file ping.xml with the above content. Default should be the same domain as in RegServerURL,

RegServerDescription¶

This is a description of the Registraton Server and should include the name of the owner or name of the company that hosts the server. The name and contact information of the administrator of the server should also be provided.

RegServerName¶

The name of your Registration Server which should be defined together with TeamDrive Systems GmbH. The name must be unique within the TDNS network, and it can not be changed later on without reinstalling all clients.

RegServerURL¶

This is the main URL which will be used by the Clients to register and interact with the Registration Server. This URL must always be reachable by the Clients to offer the services. If the URL is no longer valid the Clients have no possibility to reach the server again.

ServerLogFiles¶

Location of various server log files that can be viewed from within the Administration Console via Admin -> View Server Logs. For security reason this setting can only be changed directly in the database to avoid unauthorized access to other than the allowed log files.

ServerTimeZone¶

Timezone used for date functions in the Adminstration Console. Please ensure that the timezone is valid (see /usr/share/zoneinfo/ for available time zone information)! (default: Europe/Berlin)

SimulateRegServer20¶

Enables backward compatibility with TeamDrive 2 clients.

HOSTProxyHost¶

IP address or host name of the HTTP proxy server to be used for the Registration Server to Host Server communication.

HOSTProxyPort¶

TCP port of the HTTP proxy server to be used for Host Server requests.

HOSTUseProxy¶

Set to True if outgoing Host Server requests must be sent via a HTTP proxy server. This requires setting HOSTProxyHost and HOSTProxyPort as well.

ProxyHost¶

IP address or host name of the HTTP proxy to be used for outgoing HTTP requests.

ProxyPort¶

TCP Port of the HTTP proxy server to be used for outgoing HTTP requests.

UseProxy¶

Set to True if outgoing requests must be sent via a HTTP proxy server. This requires setting ProxyHost and ProxyPort as well. Note that Host Server access uses different proxy settings (see HostUseProxy).

DownloadURL¶

A link to the Client software download page. This URL is optional and may be overridden by the REDIRECT_DOWNLOAD Provider setting.

FAQURL¶

An optional link to a FAQ page. This URL can be overridden by the REDIRECT_FAQ Provider setting.

ForumURL¶

An optional link to a Forum which can be overridden by the REDIRECT_FORUM Provider setting.

HelpURL¶

An optional link to a general Help page. This URL can be overridden by the REDIRECT_HELP Provider setting.

LicensePurchaseURL¶

This an optional link to a page on which new licenses can be purchased. This URL may be overridden by the REDIRECT_PURCHASE Provider setting.

LogUploadURL¶

In case of errors on the Client side, the user can submit a support request by uploading its log files to the Registration Server. The archive of log files and additional debug information will be sent to a PHP script upload.php. We recommend keeping the existing URL since in general it will only be possible for TeamDrive Systems GmbH to understand the log output.

If you want to set up your own log upload service, you can direct the URL to your server. For details see chapter Client Log Files.

PrivacyURL¶

An optional link to a privacy page which is required by the Google Play Store or the Apple App-Store. This URL can be overridden by the REDIRECT_PRIVACY Provider setting.

ProviderInfoURL¶

URL of the Provider information page which will describe all Provider codes available to the user. This link may be overridden by the REDIRECT_PROVIDERINFO Provider setting.

RedirectorProtocol¶

The setting applies to the portal pages, the provider “REDIRECT” settings, the global redirect URL settings and the global ‘’RedirectURL’’ setting. These are collectively known as the “Redirect URLs”.

The redirect URL’s are requested by the TeamDrive client in various situations, or when the user requires additional information. For example, DownloadURL or REDIRECT_DOWNLOAD, is requested by the TeamDrive client when it directs the user to the location of client software updates.

If RedirectorProtocol is set to “https”, then HTTPS is used for all of the redirect URLs. When set to “http” then HTTP is used, but only in the cases where HTTPS, is not explicitly specified in the URL specific setting.

This means that, if a setting such as REDIRECT_DOWNLOAD is set to a URL like: http://my.server.org/download.html, and RedirectorProtocol is set to “https”, then then a request for REDIRECT_DOWNLOAD will return https://my.server.org/download.html.

RedirectorProtocol may be set to either “http” or “https”, “https” is the default.

Before version 4.6.3, the default value was blank which meant that the protocol of the URL specific setting was not changed.

This setting is new in Registration Server 4.1.3.

ReferralURL¶

The optional user-invite-user referral link, which can be overridden by the REDIRECT_USERINVITEUSER Provider setting.

TDPSOrderURL¶

An optional link used to purchase a license for TDPS (TeamDrive Personal Server). This URL can be overridden by the REDIRECT_ORDER Provider setting.

TutorialURL¶

An optional link a tutorials page. This URL can be overridden by the REDIRECT_TUTORIALS Provider setting.

EnableSyslog¶

Log security events to a local syslog, rather than td-adminconsole.log.

EnableXForwardedFor¶

Set this value to True if the Admin Console should should read the “X-Forwarded-For” HTTP header. This is required if the Admin Console is configured to run behind a load balancer or some other proxy.

In this case the Admin Console is not directly contacted by the user’s Web-browser, and the IP address of the browser is placed in the “X-Forwarded-For” header by the proxy.

LoginMaxAttempts¶

The number of failed login attempts of a particular user within LoginMaxInterval before further login attempts are subjected to a delay (default: 5).

LoginMaxInterval¶

Time interval used by LoginMaxAttempts, in minutes (default: 60).

LoginSessionTimeout¶

Period of idle time before you need to log in to the Administration Console again, in minutes (default: 30).

SearchResultLimit¶

The maximum number of search results that will be shown for any given request (0 == unlimited)

UserRecordLimit¶

If set to a non-zero value, this is the maximum number of user records that can be viewed within the interval defined by UserRecordLimitInterval.

UserRecordLimitInterval¶

The time interval that UserRecordLimit applies to.

TDNSEnabled¶

This value will be used to activate the TDNS integration of the RegServer, so that the users of your Registration Server can invite users of other Registration Servers which are registered in the TDNS network. Each Provider on a Registration Server needs an own TDNS-ServerID and a TDNS-Checksum value which will be defined by TeamDrive Systems. Without these values your server can not communicate with the TDNS. The two values must be set when for adding a new Provider on the Registration Server (see tdns_settings).

TDNSURL¶

URL used to access the TeamDrive Name Server (TDNS).

If this the URL is set to use HTTP, then it will be changed to HTTPS when upgrading to Registration Server version 4.5.6. This is a once-off change, however HTTPS should be used for security reasons, and HTTP access to TDNS will is deprecated and will be disallowed in the future.