Registration Server Settings¶
Registration Server Settings can be changed in the Administration Console, via the Admin -> Server Settings page.
These settings are split up into several categories, which are listed below (in alphabetical order).
API Settings¶
APIAllowSettingDistributor¶
When accessing the API, providers are identified by the IP address of the caller (see api_ip_access).
Set this to True
if you want a provider to be able to make requests on
behalf of another provider. This means that a provider that manages (see
the “Managed by” setting on the Providers page in the Admin Console)
other providers can set the caller provider to one of those providers.
The “Default Provider”, specified by the DefaultProvider
setting (see
DefaultProvider)
has the right to manage all other providers.
In order to make an API request on behalf of some other providers, set
the <distributor>
tag to the required provider code
(see API Input Parameters).
Since the Admin Console uses the API, you must set APIAllowSettingDistributor
to True
if you wish to access Providers other than the default
Provider through the Admin Console.
APIChecksumSalt¶
To detect “man in the middle” attacks when sending API requests to the Registration Server, a random “salt value” is generated during the initial installation. The sender must add this salt value to his request before calculating the MD5 hash value of the API request content which will be sent to the Registration Server.
The checksum will be included in the URL, so that the Registration Server can check if the content was modified during the transport.
This setting is read-only and can not be changed via the Administration Console.
See chapter API Basics for details.
ApiLogFile¶
A log file that tracks API requests issued by the Administration Console. This
file needs to be owned and writeable by the apache user (default:
/var/log/td-adminconsole-api.log
).
RegServerAPIURL¶
Optional Reg Server API URL, used by the Administration Console (e.g.
http://regserver.yourdomain.com/yvva/api/api.xml
). Must be set, if HTTPS
should be used for API communication or if a dedicated API server is used. If
empty, it will be derived from RegServerURL
.
WebPortalAPICalls¶
This is a comma separated list of API calls that are permitted for the Web Portal. If set to empty, Web Portals will not be a be able to access the Registration Server.
There should be no need to update this setting. New calls required by the Web Portal will be added in future updates as required.
Client Settings¶
ClientPasswordLength¶
You can define a minimum password length to be used by a user. The default value is 8 characters. This parameter will only be checked by the API, since the Clients only send an MD5 hash of the password, which can not be checked on server side. A password complexity check is not implemented at the moment.
ClientPollInterval¶
The default poll interval for clients (in seconds) to look for new invitations on the Registration Server.
ClientSettings¶
These settings are sent to all Clients after login. Settings specified for a Provider can override the values defined here.
Note
This setting can be overridden by the provider setting
CLIENT/CLIENT_SETTINGS
on a per-provider basis. See chapter
CLIENT_SETTINGS for details.
ClientUsernameLength¶
You can define a minimum username length to be used by a user. The default value is 5 characters.
EmailGloballyUnique¶
This setting specifies whether a Registration Email address should be globally
unique or not. When set to True
, the Registration Server will check that
an email is unique over the entire TeamDrive Network.
By default this parameter is set to the value if UserEmailUnique
. In other
words, if UserEmailUnique
is set to True
, then EmailGloballyUnique
will be set to True
on upgrade to version 3.6.
InvitationStoragePeriod¶
Invitations will be stored on the server for a specified period of time. The default is 30 days (2592000 seconds). After that duration the server will automatically delete older invitations. If the value is to 0, invitations will never be deleted. Deletions are carried out by the background task described here: “Delete Old Messages” Task.
InvitationStoragePeriodFD¶
This setting is deprecated and will be removed in a future version. The functionality will only be used by TeamDrive 3 clients. TeamDrive 4 clients are using the key repository instead (see following link to the chapter Invitation for future devices).
Within 14 days after the first registration, the client will send an invitation for each created Space to the registration server for devices the user may install in future. See Invitation for future devices for a detailed description.
InviteOldDevicesPeriodActive¶
Each new Client installation by a user will create a new device in the database. If the user were to get a new PC, it would be installed as a new device, but the first device will remain in the Registration Server database, even if the user no longer uses it. Invitations will only be sent to devices which were active within the defined period. Please notice, that the device active timestamp will only be updated once a day. So, the value should not be less than one day (86400 seconds). The default value is 96 days (8294400 seconds).
A device that is no longer receiving invitations is said to be “inactive”. An inactive device can be re-activated by starting the TeamDrive client on the device. As long as the TeamDrive installation on the device has not been deleted, the device will be re-activated, and will be able receive invitations again.
If you try to send an invitation to a user that has no active devices, the TeamDrive client register an error. You should then contact the user and request that an old device be re-activated, or a new device installed by the user. The invitation will then need to be sent again.
StoreRegistrationDeviceIPinSeconds¶
Each client registration will store the IP address which was used to register the client. In case of a hacked user, it may be possible to identify the source of the request. The default is 2592000 seconds (30 days) after which the IP will be removed. Other possible values are -1 (never store the value) or 0 (never delete it). All values greater than zero will be taken as seconds. The Delete Client IPs auto task as described in “Delete Client IPs” Task must be enabled.
UserEmailUnique¶
This setting specifies if email address must be unique for the entire
Registration Server. If set to False
then email address need only be
unique per Provider. The setting EmailGloballyUnique
specifies whether
email address must be unique over all TeamDrive Registration Servers.
Email Settings¶
These settings define how the Registration Server delivers outgoing email messages to an SMTP server (MTA).
EmailSendRate¶
This is the maximum send rate for emails per minute. The default is “0” which means unlimmited.
MailSenderEmail¶
The sender header can be defined to avoid spam classification (see sender field description in: http://en.wikipedia.org/wiki/Email#Header_fields). This is necessary in case that the invitations between the users don’t match to the domain which will be used by the registration server. If this value is empty, only the from header will be used. The email will also be used as the ‘envelope-from’-email in user-to-user mails like invitations and as the ‘from’-email for all server-to-user emails like the activation email, new password, etc.
Note
This setting can be overridden by the provider setting
EMAIL/EMAIL_SENDER_EMAIL
, to define a custom sender address on a
per-provider basis. See chapter EMAIL_SENDER_EMAIL for details.
MailSenderHost¶
As described in the SMTP protocol
http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example
there will be communication between the SMTP client on the registration server
and the SMTP server which will accept the email for delivery. To avoid spam
classification the HELO
command must match the servers FQDN
. If this
value is empty, the default hostname / IP address detection will be used which
might get 127.0.0.1
instead of the hostname.
MaxEmailPerDay¶
This is a security setting, since invitation mails can, potentially, also be used for spam mails from an user sent by your mail server. You can define how many mails the user can send and/or receive per day. (-1 = unlimited, 0 = no mail)
MaxInboxEmailPerDay¶
This setting specifies the number of emails an inbox can sent per day. This
on concerns the upload confirmation emails which are sent to unregistered
users. The upload notification emails are always sent to registered users
and are included in the MaxEmailPerDay
which each user may receive.
As for MaxEmailPerDay
, “-1” mean unlimited, and “0” means no email will be
sent.
SMTPServer¶
The IP or DNS name of the SMTP server.
In order to use a TLS/SSL connection to the SMTP server prefix the host name of the server with “smpts” protocol, for example: “smtps://my.smtpserver.com”. If no protocol is specified then “smpt” is assumed.
SMTPServerUser¶
An username for smtp authentication.
SMTPServerPassword¶
The password for smtp authentication.
SMTPServerTimeOut¶
Timeout parameter in seconds for sendmail
requests.
TemplatePath¶
This is the location of the default email and HTML templates.
UsePrecedenceBulk¶
Set this value to True
in order to add the header:
Precedence: bulk
to all outgoing emails. This should reduce the number of automatic reply mails
for “out of office” and “vacation”. This setting is False
by default.
Failed Lookup Control¶
The lookup functions are all API calls that are used during login, registration abd when inviting users. We limit the number of calls to these functions to a certain rate per hour, for a give IP address.
The manager of the default provider is sent a notification email if the rate of failure is
increasing, or if a user exceeds the FailedLookupLimit
.
CalculatedLookupMaximum¶
The is the maximum call rate during the last 48 hours. This value is calculated by the “Manage Failed Lookup” auto-task every 4 hours.
If this rate is exceeded an email notification will be sent to the manager of the default provider.
CheckUserLimit¶
The limit (per day) to the number of users that can be checked as to whether they exist or not. This value is set to 200 by default.
FailedLookupLimit¶
This is the maximum number of failed searches for usernames and email addresses that are allowed in one hour. A search occurs when a user is invited to a Space, or during login and registration. By default this value is 200.
The value is intended to prevent using the Registration Server API to enumerate all registered users.
Note that this also limits the rate at which unregistered users can be invited to a space using an unknown email address.
FailedLookupPeriod¶
The period in which the maximum failed lookup rate is enforced by the server. By
default this is 30 minutes. This means if the limit is exceeded (see FailedLookupLimit
below), then this si the maximum time that a caller must wait before they can try
again.
Decreasing the period “smoothes” out the enforcement of the limit.
LastLookupNotification¶
The time of the last notification. Notification will not be sent faster than once every 5 minutes.
LookupRetensionTime¶
This is the time that entries in the failed lookup log are retained. By default this is 180 days.
RecentLookupMaximum¶
The “Manage Failed Lookup” auto-task reset this value to the CalculatedLookupMaximum
.
If RecentLookupMaximum
is exceeded during normal operation by frequently failed calls to lookup
functions, then an email is sent to the default provider manager.
RecentLookupMaximum
is then set to the new maximum lookup call fail rate, and a new
email is only sent when this value is exceeded again.
In this manner the manager is informed of constantly increasing fail rate.
General Settings¶
AuthorizationSequence¶
Authorization sequence used to send invitations to users which are registered on other Registration Servers in the TeamDrive Network via TDNS.
Note
If TDNSEnabled=True
then this information is stored on the TeamDrive
Name Server, and is shared with other Registration Servers on the
TeamDrive network.
CacheInterval¶
The time in seconds that Registration Server configuration options are cached.
Changes to the Registration Server or Provider setting will be reloaded after
CacheInterval
expired.
DefaultProvider¶
Select the existing Provider that acts as the Default Provider (this is usually the first provider created on the Registration Server).
For more information about the Provider concept, please refer to Provider Concept.
EnableSuperPINRepository¶
If False
(the default) the option to enable the Super PIN Repository, and
the function to require account users enable the Super PIN are not available in
the Admin Console.
If set to True
the Super PIN account level options become available to
account managers in the Admin Console. In addition, all account managers are
prompted by a banner to read information about the Super PIN and the options
available to accounts and users.
EnforceHttps¶
Set this value to True
to ensure that all access to the Registration Server
uses HTTPS. The value is True
by default.
This affects all URLs referencing the Registration Server, including:
RegServerURL
, LogUploadURL
and PingURL
.
Not affected are those URLs for which the protocol is specified by the
RedirectorProtocol
(see RedirectorProtocol).
This setting is new in Registration Server version 4.6.4.
MasterServerName¶
The name of the Master Registration Server in your TeamDrive Network.
MasterServerURL¶
Default URL of the Master Registration Server.
PingURL¶
For an inital connection or later on the online test, the client will ping the
PingURL
. This will return a defined answer:
<?xml version='1.0' encoding='UTF-8' ?>
<teamdrive>
<intresult>0</intresult>
</teamdrive>
back to the client, so that the client can check if he can reach the server,
or if there is a proxy or an other gateway which require additional steps
to get internet access. The PingURL
can be located on another server
and just requires a file ping.xml
with the above content.
Default should be the same domain as in RegServerURL
,
RegServerDescription¶
This is a description of the Registraton Server and should include the name of the owner or name of the company that hosts the server. The name and contact information of the administrator of the server should also be provided.
Note
If TDNSEnabled=True
then this information is stored on the TeamDrive
Name Server, and is shared with other Registration Servers on the
TeamDrive network.
RegServerName¶
The name of your Registration Server which should be defined together with TeamDrive Systems GmbH. The name must be unique within the TDNS network, and it can not be changed later on without reinstalling all clients.
Note
If TDNSEnabled=True
then this information is stored on the TeamDrive
Name Server, and is shared with other Registration Servers on the
TeamDrive network.
RegServerURL¶
This is the main URL which will be used by the Clients to register and interact with the Registration Server. This URL must always be reachable by the Clients to offer the services. If the URL is no longer valid the Clients have no possibility to reach the server again.
Note
If TDNSEnabled=True
then this information is stored on the TeamDrive
Name Server, and is shared with other Registration Servers on the
TeamDrive network.
ServerLogFiles¶
Location of various server log files that can be viewed from within the Administration Console via Admin -> View Server Logs. For security reason this setting can only be changed directly in the database to avoid unauthorized access to other than the allowed log files.
ServerTimeZone¶
Timezone used for date functions in the Adminstration Console. Please ensure
that the timezone is valid (see /usr/share/zoneinfo/
for available time
zone information)! (default: Europe/Berlin
)
SimulateRegServer20¶
Enables backward compatibility with TeamDrive 2 clients.
Proxy Settings¶
HOSTProxyHost¶
IP address or host name of the HTTP proxy server to be used for the Registration Server to Host Server communication.
HOSTProxyPort¶
TCP port of the HTTP proxy server to be used for Host Server requests.
HOSTUseProxy¶
Set to True
if outgoing Host Server requests must be sent via a HTTP
proxy server. This requires setting HOSTProxyHost
and HOSTProxyPort
as well.
Note
In case of using a squid proxy, you have to set ignore_expect_100 on
in your squid configuration (see squid documentation
http://www.squid-cache.org/Doc/config/ignore_expect_100/).
ProxyHost¶
IP address or host name of the HTTP proxy to be used for outgoing HTTP requests.
ProxyPort¶
TCP Port of the HTTP proxy server to be used for outgoing HTTP requests.
UseProxy¶
Set to True
if outgoing requests must be sent via a HTTP proxy server.
This requires setting ProxyHost
and ProxyPort
as well. Note that Host
Server access uses different proxy settings (see HostUseProxy
).
Redirect URLs Settings¶
There are a number of URLs that will be used by the TeamDrive Client to open web pages in response to clicks within the client. These are referred to as “Redirect URLs”.
The various target pages of the Redirect URLs can be set by providing value for the
following variable: DownloadURL
, FAQURL
, ForumURL
,
HelpURL
, LicensePurchaseURL
, ProviderInfoURL
, ReferralURL
,
TDPSOrderURL
and TutorialURL
.
These settings are optional. If no URL is provided the Registration server will return a HTML result containing an english error message.
In addition, all the settings can be overridden by Provider specific settings (see Provider Settings). This means that the Registration Server settings act as a default, if the Provider does not specify a particular URL.
A number of URL parameters are passed to the target pages. These parameters can be used within the target landing pages to generate the content.
page
anddistr
- These parameters are used to determine the target page. These parameters are used by the Registration Server to select a target URL from the various Redirect URL settings.
lang
- The international language code of the current language of the client.
platf
- Specifies the platform of the client: mac, win, linux, ios, android or unknown.
user
- Base 64 encoded username. This parameter is only supplied for the
LicensePurchaseURL
URL. product
- Specifies the product ordered. Only provided for the
TDPSOrderURL
URL. Currently the only possible value is TDPS.
DownloadURL¶
A link to the Client software download page. This URL is optional and may be
overridden by the REDIRECT_DOWNLOAD
Provider setting.
FAQURL¶
An optional link to a FAQ page. This URL can be overridden by the REDIRECT_FAQ
Provider setting.
ForumURL¶
An optional link to a Forum which can be overridden by the REDIRECT_FORUM
Provider setting.
HelpURL¶
An optional link to a general Help page. This URL can be overridden by
the REDIRECT_HELP
Provider setting.
LicensePurchaseURL¶
This an optional link to a page on which new licenses can be purchased. This URL may
be overridden by the REDIRECT_PURCHASE
Provider setting.
LogUploadURL¶
In case of errors on the Client side, the user can submit a support request by
uploading its log files to the Registration Server. The archive of log files
and additional debug information will be sent to a PHP script upload.php
. We
recommend keeping the existing URL since in general it will only be possible for
TeamDrive Systems GmbH to understand the log output.
If you want to set up your own log upload service, you can direct the URL to your server. For details see chapter Client Log Files.
PrivacyURL¶
An optional link to a privacy page which is required by the Google Play Store or the
Apple App-Store. This URL can be overridden by the REDIRECT_PRIVACY
Provider setting.
ProviderInfoURL¶
URL of the Provider information page which will describe all Provider codes
available to the user. This link may be overridden by the
REDIRECT_PROVIDERINFO
Provider setting.
RedirectorProtocol¶
The setting applies to the portal pages, the provider “REDIRECT” settings, the global redirect URL settings and the global ‘’RedirectURL’’ setting. These are collectively known as the “Redirect URLs”.
The redirect URL’s are requested by the TeamDrive client in various situations, or when
the user requires additional information. For example, DownloadURL
or
REDIRECT_DOWNLOAD
, is requested by the TeamDrive client when it directs the
user to the location of client software updates.
If RedirectorProtocol
is set to “https”, then HTTPS is used for all of the redirect
URLs. When set to “http” then HTTP is used, but only in the cases where HTTPS, is
not explicitly specified in the URL specific setting.
This means that, if a setting such as REDIRECT_DOWNLOAD
is set to a URL like:
http://my.server.org/download.html
, and RedirectorProtocol
is set to “https”,
then then a request for REDIRECT_DOWNLOAD
will return
https://my.server.org/download.html
.
RedirectorProtocol
may be set to either “http” or “https”, “https” is the default.
Before version 4.6.3, the default value was blank which meant that the protocol of the URL specific setting was not changed.
This setting is new in Registration Server 4.1.3.
ReferralURL¶
The optional user-invite-user referral link, which can be overridden by the
REDIRECT_USERINVITEUSER
Provider setting.
TDPSOrderURL¶
An optional link used to purchase a license for TDPS (TeamDrive Personal Server).
This URL can be overridden by the REDIRECT_ORDER
Provider setting.
TutorialURL¶
An optional link a tutorials page. This URL can be overridden by the
REDIRECT_TUTORIALS
Provider setting.
Security Settings¶
These settings allow to enforce some security related restrictions on the Administration Console.
EnableSyslog¶
Log security events to a local syslog, rather than td-adminconsole.log
.
EnableXForwardedFor¶
Set this value to True
if the Admin Console should should read the
“X-Forwarded-For” HTTP header. This is required if the Admin Console is
configured to run behind a load balancer or some other proxy.
In this case the Admin Console is not directly contacted by the user’s Web-browser, and the IP address of the browser is placed in the “X-Forwarded-For” header by the proxy.
LoginMaxAttempts¶
The number of failed login attempts of a particular user within
LoginMaxInterval
before further login attempts are subjected to a delay
(default: 5
).
LoginMaxInterval¶
Time interval used by LoginMaxAttempts
, in minutes (default: 60
).
LoginSessionTimeout¶
Period of idle time before you need to log in to the Administration Console
again, in minutes (default: 30
).
SearchResultLimit¶
The maximum number of search results that will be shown for any given request (0 == unlimited)
UserRecordLimit¶
If set to a non-zero value, this is the maximum number of user records that
can be viewed within the interval defined by UserRecordLimitInterval
.
UserRecordLimitInterval¶
The time interval that UserRecordLimit
applies to.
TDNS Settings¶
TDNSEnabled¶
This value will be used to activate the TDNS integration of the RegServer, so
that the users of your Registration Server can invite users of other
Registration Servers which are registered in the TDNS network. Each
Provider on a Registration Server needs an own TDNS-ServerID
and a
TDNS-Checksum
value which will be defined by TeamDrive Systems. Without
these values your server can not communicate with the TDNS. The two values
must be set when for adding a new Provider on the Registration Server
(see tdns_settings).
TDNSURL¶
URL used to access the TeamDrive Name Server (TDNS).
If this the URL is set to use HTTP, then it will be changed to HTTPS when upgrading to Registration Server version 4.5.6. This is a once-off change, however HTTPS should be used for security reasons, and HTTP access to TDNS will is deprecated and will be disallowed in the future.