Contents:
FusionDirectory¶
Contents:
What is FusionDirectory ?¶
FusionDirectory provides a solution to daily management of data stored in an LDAP directory. Becoming the cornerstone of the information system, the corporate directory becomes more complex offering more data and managing more infrastructure services.
This interface is simple and can be used to delegate fully or partly the data management to non-specialists.
Features¶
Acls and roles¶
ACLs are only used by FusionDirectory and not the underlying ldap server.
ACLs can be assigned to roles.
Global administrator : Can do everything.
Local administrator : Can manage users and groups and also a branch.
Human resources : Can create users from template to optimize the arrival of new people.
User : Will only be able to change his data permitted by an administrator
FusionDirectory Triggers¶
FusionDirectory incorporates a series of triggers that can launch a specific action based on a task FusionDirectory must run.
These triggers are associated with a content type (LDAP user, group, server, password, service and the triggering action (create, edit, delete, change password … )
For example, when creating a user, a script generation form can be executed automatically with information from the LDAP server.
This can be useful for generating badges with photo, a form of access to the canteen or sending an email to warn other services of the actual arrival of the person.
This system is also convenient when we want to deploy the account of that person on an application that does not support LDAP.
Another example is when a user leaves, you must:
archive and delete his mailbox
archive and remove its network space
delete him from third party applications not connected to LDAP.
All of this can be easily done by shell scripts (at least in UNIX environment) and run automatically after the suppression of the person by the administrator in FusionDirectory
The interaction with non-LDAP applications¶
FusionDirectory stores information of a service or a server on an LDAP server. How about when this service does not have the opportunity to interact with LDAP?
This question can be solved by creating:
Prerequisites¶
FusionDirectory is a Web application that will need:
a webserver;
PHP;
an ldap server;
perl
Web server¶
FusionDirectory requires a web server that supports PHP, like:
PHP¶
As of 1.3 release, FusionDirectory requires PHP 5.6 or more recent.
Note
We recommand to use the most recent stable PHP release for better performances.
Mandatory extensions¶
Following PHP extensions are required for the app to work properly:
cas: for CAS authentication;curl: to communicate with different types of servers and protocolsfilter: to filters a variable with a specified filter;fpdf: to export data in pdf format;gd: to generate images;iconv: for the samba integration;imagick: to handle images;imap: to handle imap servers management;json: to get support for JSON data format;mbstring: to manage multi bytes characters;ldap: to connect and query the ldap server;openssl: secured communications and generation of secure tokens;session: to get user sessions support;simplexml;xml.
Optional extensions¶
Note
Even if those extensions are not mandatory, we advise you to install them anyways.
Following PHP extensions are required for some extra features of FusionDirectory :
gettext: for an internationalized interface.mhash: to make use of SSHA encryptionsha1: to make use of SSHA encryptionzlib: to handle snapshots;
Configuration¶
PHP configuration file (php.ini) must be adapted to reflect following variables:
expose_php = Off;
implicit_flush = Off;
memory_limit = 128M ; // max memory limit
max_execution_time = 30 ; // not mandatory but adviced
session.auto_start = off ;
Certified distributions¶
We certify FusionDirectory with all the most common distributions, here is a table which summarizes the level of support by distribution and version.
Fusiondirectory need at least PHP 5.6.
Fusiondirectory 1.3 need >= PHP 5.6
Fusiondirectory 1.4 need >= PHP 7.0
DISTRIBUTION |
FusionDirectory 1.2 |
FusionDirectory 1.3 |
|---|---|---|
Debian Jessie |
need a support contract |
need a support contract |
Debian Stretch |
not supported |
supported |
Debian Buster |
not supported |
supported |
Ubuntu 16.04 LTS |
need a support contract |
supported |
Ubuntu 18.04 LTS |
not supported |
supported |
Ubuntu 20.04 LTS |
not supported |
work in progress |
Centos 7 |
need a support contract |
supported |
Centos 8 |
not supported |
not supported |
Install FusionDirectory¶
Install FusionDirectory
Getting the official GPG keys to active package signature¶
Our packages for Debian and Centos/RHEL are signed with the official gpg key of the project.
Getting the new official gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xD744D55EACDA69FF
gpg --export -a "FusionDirectory Project Signing Key <contact@fusiondirectory.org>" > FD-archive-key
Getting the development gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xADD3A1B88B29AE4A
gpg --export -a "FusionDirectory Packagers <fusiondirectory-packages@lists.fusiondirectory.org>" > FD-archive-dev-key
Adding the key to apt for Debian/Ubuntu¶
apt-key add FD-archive-key
Adding the key to RPM for Centos / RHEL / Scientific Linux¶
cp FD-archive-key /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Debian Repository¶
Debian Stretch¶
To use the lastest published version for stretch put this in your /etc/apt/sources.list
#fusiondirectory repository
deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main
#fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main
Debian Jessie¶
To use the lastest published version for jessie put this in your /etc/apt/sources.list
#fusiondirectory repository
deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie jessie main
#fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main
!!! Wheezy is deprecated and will not be maintained anymore, the latest release is 1.2 !!!
RPM Repository¶
A repository is available for CentOS 6 / Centos7
This repository contains the stable and oldstable version of FusionDirectory. It also contains the extra packages needed to use FusionDirectory.
To use the lastest published version put this in your yum config :
CentOS 6 / RHEL 6¶
To use the lastest published version put this
[fusiondirectory]
name=Fusiondirectory Packages for RHEL / CentOS 6
baseurl=http://repos.fusiondirectory.org/fusiondirectory-current/rhel6/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
[fusiondirectory-extra]
name=Fusiondirectory Extra Packages for RHEL / CentOS 6
baseurl=http://repos.fusiondirectory.org/fusiondirectory-extra/rhel6/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
SRPMS are also available in the following repo :
[fusiondirectory-src]
name=Fusiondirectory Packages for RHEL / CentOS 6
baseurl=http://repos.fusiondirectory.org/fusiondirectory-current/rhel6/SRPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
!!! Scientific Linux is deprecated and will not be maintained anymore, you can switch the centos packages !!!
CentOS 7 / RHEL 7¶
To use the lastest published version put this
[fusiondirectory]
name=Fusiondirectory Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/fusiondirectory-current/rhel7/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
[fusiondirectory-extra]
name=Fusiondirectory Extra Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/fusiondirectory-extra/rhel7/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
SRPMS are also available in the following repo :
[fusiondirectory-src]
name=Fusiondirectory Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/fusiondirectory-current/rhel7/SRPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Install FusionDirectory on Debian¶
Install FusionDirectory
Installing Dependencies¶
All The needed dependancies are resolved by the debian packages
Note
The repositories are in https for Debian so you will need to install apt-transport-https
Install the FusionDirectory Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your Debian version
Create 2 new .list file your favorite text editor in /etc/apt/source.list.d
One for fusiondirectory
One for fusiondirectory-extra
Install FusionDirectory¶
You can then install FusionDirectory by running:
apt-get install fusiondirectory
apt-get install fusiondirectory-schema
FusionDirectory Schema Setup¶
Now that we have FusionDirectory installed, we need to install the FusionDirectory schemas into our LDAP database.
We can easily do this by running:
fusiondirectory-insert-schema
You should see the FusionDirectory setup page come up by going to:
Install FusionDirectory on Centos¶
Install FusionDirectory
Installing Dependencies¶
FusionDirectory requires both the EPEL repository and the REMI repository for PHP 7.1
To install epel
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
To install remi repository
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils
To enable Remi repo an PHP 7.1
yum-config-manager --enable remi-php71
yum-config-manager --enable remi
yum update
Install the FusionDirectory Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your centos version
Create 2 new repo file your favorite text editor.
One for fusiondirectory
One for fusiondirectory-extra
Install FusionDirectory¶
You can then install FusionDirectory by running:
yum install -y fusiondirectory
yum install -y fusiondirectory-selinux fusiondirectory-schema schema2ldif
Avertissement
If you use SELinux (same in permissive), you must install fusiondirectory-selinux !
FusionDirectory Schema Setup¶
Now that we have FusionDirectory installed, we need to install the FusionDirectory schemas into our LDAP database.
We can easily do this by running:
fusiondirectory-insert-schema -i /etc/openldap/schema/cosine.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/inetorgperson.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/nis.schema
fusiondirectory-insert-schema
Now we just need to restart apache:
systemctl restart httpd
You should see the FusionDirectory setup page come up by going to:
Setup FusionDirectory¶
Once FusionDirectory is installed you can load it in your browser and go through the web setup.
Welcome¶
The first step requires you to put a token in a file on the server, to make sure you have access to the server.
Note that you may need to replace the « > » by « | sudo tee » if you need to use sudo to access the location.
Language¶
The second step simply lets you select the language in which FusionDirectory and the web setup should be displayed at. If your browser is correctly set it’s better to select « Automatic » and let you browser ask FusionDirectory for your preferred language.
Checks¶
The third step runs some checks on you PHP installation to make sure everything is installed and setup as needed by FusionDirectory.
LDAP¶
The fourth step is where you indicate how to connect to you LDAP server. You can use the refresh button to retry connection once you corrected the information.
Configuration¶
The fifth step is the configuration of FusionDirectory. You will be able to edit these settings later but be particularly careful about « people and group storage » section and of course the login settings so that you can connect to your FusionDirectory instance without trouble.
LDAP inspection¶
Then some more checks are run, this time about the content of your LDAP directory. If you have some content in there which is not organized as FusionDirectory would expect (or not located in the branches you indicated in the configuration step), you will be able to migrate them.
You can see the changes made to the LDAP before applying them.
Usually this is where you create an admin account for FusionDirectory, and inserting default ACL roles and groups is also a good idea, especially if you never used FusionDirectory before.
Finish¶
You got to the end of the web setup. You now need to download the config file using the button, and store it in /etc/fusiondirectory on the server.
You may get this additionnal message if the permissions are wrong in which case you can run « fusiondirectory-setup –check-config » as root to fix those.
Once everything is fine, clicking next will redirect you to the login screen of your FusionDirectory installation.
Update FusionDirectory¶
Update FusionDirectory
Supported¶
Supported version
Migrate FusionDirectory from 1.3 to 1.3.1¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
if you are using the sinaps plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/sinaps-fd-conf.schema
Fonctionality Added¶
The macro %passwordClear% is now available in the sambaAccount so that in can be used in hooks for AD sync.
The ldapdump fonctionality is now available on the configuration
The supann etablissment objects is now equal to entite objects except for the attribute ou
Fonctionality removed¶
The google+ account storage has been removed from personal social accounts tab
Enjoy :)
Migrate FusionDirectory from 1.2.3 to 1.3¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade core schema of FusionDirectory
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
if you are using the audit plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/audit-fd.schema
if you are using the argonaut plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema
if you are using the community plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/community-fd.schema
if you are using the dhcp plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/dhcp-fd.schema
if you are using the ejbca plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/ejbca-fd.schema
if you are using the opsi plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/opsi-fd.schema
if you are using the postfix plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/postfix-fd.schema
if you are using the supann plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/supann-fd-conf.schema
if you are using the systems plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema
if you are using the user reminder plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/user-reminder-fd-conf.schema
if you are using the weblink plugin you have to update is schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/weblink-fd.schema
Enjoy :)
Migrate FusionDirectory from 1.2.2 to 1.2.3¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Enjoy :)
Migrate FusionDirectory from 1.2.1 to 1.2.2¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Enjoy :)
Migrate FusionDirectory from 1.2 to 1.2.1¶
New Depot Configuration¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade schema2ldif¶
For Jessie distribution add extra repository
#fusiondirectory debian-extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie/ jessie main
Update the package list and upgrade schema2ldif
apt-get update
apt-get install schema2ldif
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade core schema of FusionDirectory
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
Enjoy :)
Unsupported version¶
Unsupported version
Migrate FusionDirectory from 1.0.1 to 1.0.2¶
Remove fusiondirectory-plugin-opsi¶
Before migration from FusionDirectory 1.0.1 to 1.0.2 is important to remove the fusiondirectory-plugin-opsi and fusiondirectory-plugin-log to avoid errors:
Debian¶
apt-get remove fusiondirectory-plugin-opsi
apt-get remove fusiondirectory-plugin-log
RHEL / Fedora¶
Not Applicable
Migrate FusionDirectory from 1.0.2 to 1.0.3¶
Remove fusiondirectory-plugin-goto¶
Before migration from FusionDirectory 1.0.2 to 1.0.3 is important to remove the fusiondirectory-plugin-goto, fusiondirectory-plugin-mit-krb5 and fusiondirectory-plugin-phpgw to avoid errors:
Debian¶
apt-get remove fusiondirectory-plugin-goto
apt-get remove fusiondirectory-plugin-mit-krb5
apt-get remove fusiondirectory-plugin-phpgw
RHEL / Fedora¶
Not Applicable
Upgrade fusiondirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Debian¶
apt-get update
apt-get install fusiondirectory
apt-get upgrade
RHEL / Fedora¶
yum makecache
yum upgrade fusiondirectory*
Run setup¶
Starting with version 1.0.3, the addition of a plugin is handled automatically by fusiondirectory. To activate this you have to re-run the setup from the web interface.
mv /etc/fusiondirectory/fusiondirectory.conf /etc/fusiondirectory/fusiondirectory.conf.back
Then from web interface type :
http://your_server/fusiondirectory/setup.php
and fill the required information.
Migrate FusionDirectory from 1.0.3 to 1.0.4¶
Upgrade fusiondirectory first¶
Upgrade FusionDirectory core package and fusiondirectory-plugin-systems (if it’s installed) before other ones to avoid dependencies errors:
Debian¶
apt-get update
apt-get install fusiondirectory
apt-get upgrade
Main page is changed¶
Starting with version 1.0.4, the main page of FusionDirectory interface is changed. From now, the main menu will be displayed in the following order:
Administration
Addons
My Account
To adapt to change, you have 2 ways :
Re-run setup
Change data manually in fusiondirectory.conf
Re-run setup¶
Before you re-run the setup from the web interface, you must do this :
mv /etc/fusiondirectory/fusiondirectory.conf /etc/fusiondirectory/fusiondirectory.conf.back
Then from web interface type :
http://your_server/fusiondirectory/setup.php
and fill the required information.
Change data manually in fusiondirectory.conf¶
In fusiondirectory.conf file, in the menu part, you must place sections in this order :
section name= »Administration »
section name= »Addons »
section name= »My account »
Upgrade of LDAP directory¶
You have to update your LDAP schema, FusionDirectory provide you dedicated LDIF file for updating your LDAP tree. If you are still using .schema files a restart of your ldap server should be sufficient.
The files to apply to your OpenLDAP server, there are stored in « /etc/ldap/schema/fusiondirectory/update-from-1.0.3 »
ls -l /etc/ldap/schema/fusiondirectory/update-from-1.0.3/*
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/remove-trust.ldif
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-argonaut.ldif
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-fdQuota.ldif
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-goserver.ldif
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-goto.ldif
/etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-recovery.ldif
Remove trust schema¶
If in a previous version of FusionDirectory you have installed trust.schema, you need to remove it. For this you can use remove-trust.ldif.
Because we can not predict the order of schema insertion in your ldap directory, you need to modify the provided remove-trust.ldif.
Identify the number of insertion of the trust schema in your ldap directory :
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=schema,cn=config \| grep "dn: cn={"
dn: cn={29}trust,cn=schema,cn=config ...
edit the remove-trust.ldif file :
nano /etc/ldap/schema/fusiondirectory/update-from-1.0.3/remove-trust.ldif
dn: cn=trust,cn=schema,cn=config ...
and add the find number {29} at the first line, like this :
dn: cn={29}trust,cn=schema,cn=config
Run the fusiondirectory-insert-schema command :
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/update-from-1.0.3/remove-trust.ldif
SASL/EXTERNAL authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
executing 'ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/fusiondirectory/update-from-1.0.3/remove-trust.ldif'SASL/EXTERNAL
authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
modifying entry "cn={29}trust,cn=schema,cn=config"
Update needed fusiondirectory schema¶
The following needed schema must be upgraded :
- goserver, goto, recovery
Because we can not predict the order of schema insertion in your ldap directory, you need to modify the provided update-goserver.ldif, update-goto.ldif, update-recovery.ldif.
For exemple, for goserver schema :
Identify the number of insertion of the goserver schema in your ldap directory :
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=schema,cn=config \| grep "dn: cn={"
dn: cn={9}goserver,cn=schema,cn=config ...
Edit the update-goserver.ldif file :
nano /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-goserver.ldif
dn: cn=goserver,cn=schema,cn=config ...
and add the find number {9} at the first line, like this :
dn: cn={9}goserver,cn=schema,cn=config
Run the fusiondirectory-insert-schema command :
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-goserver.ldif
SASL/EXTERNAL authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
executing 'ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-goserver.ldif'SASL/EXTERNAL
authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
modifying entry "cn={9}goserver,cn=schema,cn=config"
You must do the same for goto et recovery also.
Upgrade argonaut schema¶
If you’ve installed argonaut plugin, you must upgrade his schema.
Because we can not predict the order of schema insertion in your ldap directory, you need to modify the provided update-argonaut.ldif.
Identify the number of insertion of the argonaut schema in your ldap directory :
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=schema,cn=config \| grep "dn: cn={"
dn: cn={14}argonaut,cn=schema,cn=config ...
Edit the update-argonaut.ldif file :
nano /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-argonaut.ldif
dn: cn=argonaut,cn=schema,cn=config
and add the find number {14} at the first line, like this :
dn: cn={14}argonaut,cn=schema,cn=config
Run the fusiondirectory-insert-schema command :
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-argonaut.ldif
SASL/EXTERNAL authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
executing 'ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-argonaut.ldif'SASL/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
modifying entry "cn={14}argonaut,cn=schema,cn=config"
Upgrade fdQuota schema¶
If you’ve installed quota plugin, you must upgrade fdQuota schema.
Because we can not predict the order of schema insertion in your ldap directory, you need to modify the provided update-fdQuota.ldif.
Identify the number of insertion of the fdQuota schema in your ldap directory :
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=schema,cn=config \| grep "dn: cn={"
dn: cn={25}fdQuota,cn=schema,cn=config ...
Edit the update-fdQuota.ldif file :
nano /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-fdQuota.ldif
dn: cn=fdQuota,cn=schema,cn=config ...
and add the find number {25} at the first line, like this :
dn: cn={25}fdQuota,cn=schema,cn=config
Run the fusiondirectory-insert-schema command :
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-fdQuota.ldif
SASL/EXTERNAL authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
executing 'ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/fusiondirectory/update-from-1.0.3/update-fdQuota.ldif'SASL/EXTERNAL
authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
modifying entry "cn={25}fdQuota,cn=schema,cn=config"
Migrate FusionDirectory from 1.0.4 to 1.0.5¶
Upgrade of LDAP directory¶
Install schema packages¶
Upgrade new schema core first:
Debian
apt-get update
apt-get install fusiondirectory-schema
Then, depending of your installation, install new schema packages for your installed plugins.
For example, if you have Systems, Dhcp and Dns plugin installed, you need to:
Debian
apt-get install fusiondirectory-plugin-systems-schema
apt-get install fusiondirectory-plugin-dhcp-schema
apt-get install fusiondirectory-plugin-dns-schema
Remove old schema from your Ldap Directory¶
Your installed schema are in /etc/ldap/slapd.d/cn\=config/cn\=schema directory. For the above example, installed schema will be the following:
Debian
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=schema,cn=config \| grep "dn: cn={"
SASL/EXTERNAL authentication started SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:
cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn:
cn={2}nis,cn=schema,cn=config dn:
cn={3}inetorgperson,cn=schema,cn=config dn:
cn={4}samba,cn=schema,cn=config dn: cn={5}gosystem,cn=schema,cn=config
cn={6}gofon,cn=schema,cn=config dn: cn={7}gofax,cn=schema,cn=config
cn={8}goto,cn=schema,cn=config dn:
cn={9}goserver,cn=schema,cn=config dn:
cn={10}goto-mime,cn=schema,cn=config dn:
cn={11}gosa-samba3,cn=schema,cn=config dn:
cn={12}ldapns,cn=schema,cn=config dn:
cn={13}recovery,cn=schema,cn=config dn: cn={14}dhcp,cn=schema,cn=config
cn={15}dnszone,cn=schema,cn=config
Schema’s from “cn={0}…” to “cn={3}” doesn’t change, so you can leave it.
Now you need to remove all others before install the new one’s. You can start to remove before plugin schemas. Doing this is simple, just delete its relative file in the folder
/etc/ldap/slapd.d/cn=config/cn=schema
and restart slapd. A word of advice, remove schemas starting from the last. For the above example:
Debian
cd /etc/ldap/slapd.d/cn=config/cn=schema
rm cn={15}dnszone.ldif
rm cn={14}dhcp.ldif
/etc/init.d/slapd stop
/etc/init.d/slapd start
If everything goes right, you can remove core schemas:
Debian
rm cn={13}recovery.ldif
rm cn={12}ldapns.ldif
rm cn={11}gosa-samba3.ldif
rm cn={10}goto-mime.ldif
rm cn={9}goserver.ldif
rm cn={8}goto.ldif
rm cn={7}gofax.ldif
rm cn={6}gofon.ldif
rm cn={5}gosystem.ldif
rm cn={4}samba.ldif
/etc/init.d/slapd stop
/etc/init.d/slapd start
Insert new schemas inside your Ldap Directory¶
First of all insert the new core schemas:
Debian
fusiondirectory-insert-schema
Then you can proceed for all the plugins schemas (here you can find a list of available plugins with old and new relative schemas), for the above example:
Debian
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/service-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/mime-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/systems-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/dhcp-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/dnszone.schema
Upgrade fusiondirectory first¶
Upgrade FusionDirectory core package and fusiondirectory-plugin-systems (if it’s installed) before other ones to avoid dependencies errors:
Debian
apt-get install fusiondirectory
apt-get install fusiondirectory-plugin-systems
apt-get upgrade
Configuration file is changed¶
Starting with version 1.0.5, the configuration of FusionDirectory is stored inside the ldap, in configs branch.
To adapt to this change, you need to Re-run setup.
Before you re-run the setup from the web interface, you must move your old configuration file, doing this :
mv /etc/fusiondirectory/fusiondirectory.conf /etc/fusiondirectory/fusiondirectory.conf.back
Then, in your web browser, you can type :
http://your_server/fusiondirectory/setup.php
and fill the required informations (look here to see more about parameters of configuration).
Migrate FusionDirectory from 1.0.6 to 1.0.7¶
Upgrade fusiondirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Debian¶
Add new debian-extra repo to you source list¶
deb http://repos.fusiondirectory.org/debian-extra jessie main
apt-get update
apt-get install fusiondirectory
apt-get upgrade
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas. We have put a new option in fusiondirectory-insert-schema that allow you to update easily your schema without the use of ldif files.
The following schemas needs an update :
core-fd-conf.schema
mail-fd.schema
service-fd.schema
systems-fd-conf.schema
systems-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
You must do the same procedure for all other schema needing an update
Migrate FusionDirectory from 1.0.7 or 1.0.7.1 to 1.0.7.2¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas. We have put a new option in fusiondirectory-insert-schema that allow you to update easily your schema without the use of ldif files.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema``
Migrate FusionDirectory from 1.0.7.2 to 1.0.7.3¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas. We have put a new option in fusiondirectory-insert-schema that allow you to update easily your schema without the use of ldif files.
In this version only the schema from the argonaut plugin needs to be update if you have the systems or argonaut plugins installed
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema``
Migrate FusionDirectory from 1.0.7.3 to 1.0.7.4¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Migrate FusionDirectory from 1.0.7.4 to 1.0.7.5¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors.
Migrate FusionDirectory from 1.0.7.4 to 1.0.8¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Remove the deprecated plugins¶
The rolemanagement plugin has been integrated to the core so it must be removed.
apt-get --purge remove fusiondirectory-plugin-rolemanagement
The board plugin has been renamed so it must be replaced
apt-get --purge remove fusiondirectory-plugin-board
apt-get install fusiondirectory-plugin-dashboard
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
After that you have to update the schema for the plugins you are using. In this version the following schema have to be updated
argonaut-fd-schema
ipmi-fd.schema
repository-fd.schema
Migration of the FusionDirectory acls¶
FusionDirectory acl management has been changed from 1.0.7 to 1.0.8, so they need to be migrated. We added a command to fusiondirectory-setup for that.
fusiondirectory-setup --migrate-acls
Avertissement
This is tricky, don’t forget to write down you acl first in case it doesnt work
Migrate FusionDirectory from 1.0.8 to 1.0.8.1¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.1 to 1.0.8.2¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup –list-deprecated show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.2 to 1.0.8.3¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first update the FusionDirectory core schemas.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.3 to 1.0.8.4¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.4 to 1.0.8.5¶
Remove the deprecated plugins¶
The dashboard plugin has been integrated to the core so it must be removed.
apt-get --purge remove fusiondirectory-plugin-dashboard
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first remove the dashboard configuration schema.
fusiondirectory-insert-schema -e dashboard-fd-conf
Are you sure you want to empty schema(s) dashboard-fd-conf?
[Yes/No]? Yes
Then update the core-fd-conf schema.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
If you are using the debconf plugin update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/debconf.schema
If you are using the fai plugin update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai.schema
If you are using the mail plugin update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema``
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.5 to 1.0.8.6¶
Removal of the mixed posixAccount / groupOfNames aka rfc2307bis¶
Avertissement
This was done to be more respectful of standard and not change the core openldap schema, but it seems to be causing trouble on some install, so if you use it don’t upgrade to 1.0.8.6 and wait for 1.0.8.7 !!!
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Migrate FusionDirectory from 1.0.8.6 to 1.0.8.7¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
You have to update your LDAP schemas, first remove the dashboard configuration schema.
fusiondirectory-insert-schema -e dashboard-fd-conf
Are you sure you want to empty schema(s) dashboard-fd-conf?
[Yes/No]? Yes
Then update the core-fd-conf schema.
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema``
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.7 to 1.0.8.8¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Nothing to do
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.8 to 1.0.8.9¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the argonaut.schema if you use the argonaut plugin
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema``
Check for deprecated attributes and objectClasses in your LDAP¶
since FusionDirectory 1.0.8.1 two new options are in fusiondirectory-setup
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gosaUnitTag (Takes a list of relevant mime-type|priority settings) - 1.3.6.1.4.1.10098.1.1.12.33
gosaSnapshotType (Takes either undo or snapshot) - 1.3.6.1.4.1.10098.1.1.12.36
fdHonourUnitTags (FusionDirectory - Honour unit tags) - 1.3.6.1.4.1.38414.8.14.3
Deprecated objectClasses:
gosaAdministrativeUnitTag (Marker for objects below administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.16
gosaAdministrativeUnit (Marker for administrational units (v2.6.1)) - 1.3.6.1.4.1.10098.1.2.1.19.15
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –check-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes and objectClasses
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.8.9 to 1.0.9¶
Backup you template First¶
The template system has been completely rewritten, and the old template will not be converted, so you need to backup them, remove them from FusionDirectory and then redo them.
The new system is much cleaner because template are stored in they own branch now and are the basis for having template for the whole application in the future.
Backup your phones¶
You must backup all your phones in a LDIF and remove them. Modify your LDIF like below:
Before
cn=namePhone,ou=phones,ou=systems,dc=fusiondirectory,dc=org
cn: namePhone
goFonType: friend
goFonDmtfMode: inband
goFonDefaultIP:
dynamic ipHostNumber: 127.0.0.1
macAddress: 00:0C:7F:31:33:F1
objectClass: top
After
cn=namePhone,ou=phones,ou=systems,dc=fusiondirectory,dc=org
cn: namePhone
ipHostNumber: 127.0.0.1
macAddress: 00:0C:7F:31:33:F1
objectClass: fdPhone
objectClass: device
objectClass: ieee802Device
objectClass: ipHost
After the migration you may insert your phone again in your LDAP.
You can use the next command to backup your phones
ldapsearch -xLLL -b ou=phones,ou=systems,dc=fusiondirectory,dc=org > backupPhones.ldif
Moved Attributes¶
We cleaned the core of FusionDirectory to only used classical attributes and objectClass, so the FusionDirectory special attributes on the first page of FusionDirectory are now managed by the personal plugin.
The personal plugin has been made to manage all kind of personal data and is best suited to contain those data not normalized. So of you use personalTitle, dateOfBirth, gender you will need to install the personal plugin.
Upgrade FusionDirectory¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors¶
Debian
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
RPM
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
yum remove fusiondirectory
yum install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
yum remove fusiondirectory-schema
yum install fusiondirectory-schema
There is a new schema for the templates, so you need to run
fusiondirectory-insert-schema
Removed obsolete plugins¶
In this version we removed obsolete plugin, because they where based on software no longer existing or needed an sql backend and we decided they need to be rewritten using the now ldap backend of those softwares :
asterisk : old plugin not maintainable anymore based on the sql backend, but now asterisk has an ldap backend has well.
fax : old code based on the gofax software from gonicus, not maintained anymore upstream.
openstack-compute : openstack management interface changed and this plugin is no longer relevant
uw-imap : long gone imap server, nobody that whe know still use it
They are no longer supported and should be removed from your installation
New Plugin for peoples using a mix of groupOfNames and posixGroup on the same object¶
We cleaned the code of FusionDirectory and by default it make posixGroup or clean standard compliant groupOfNames. If you need a mix of groupOfNames and posixGroup on the same object you will need to install a new plugin called mixedgroups.
Avertissement
Please take note that this plugin is for special cases and need modified core schema. !!
If you need to have a link between user and groups you are better using the standard compliant groupOfNames or roles for examples for web applications.
apt-get install fusiondirectory-plugin-mixedgroups
Upgrade of LDAP directory¶
Upgrade Core FusionDirectory Schema¶
The password recovery schema has been migrated into the core schema so you must remove it first
fusiondirectory-insert-schema -e recovery-fd
Are you sure you want to empty schema(s) recovery-fd?
[Yes/No]? Yes
Upgrade the core-fd.schema and core-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
If you use the argonaut plugin, upgrade the argonaut.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema
If you use the fai plugin, upgrade the fai-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai-fd-conf.schema
If you use the mail plugin, upgrade the mail-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema
If you use the personal plugin, upgrade the personal-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/personal-fd.schema
If you use the squid plugin, upgrade the proxy-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/proxy-fd.schema``
If you use the system plugin, upgrade the service-fd.schema, systems-fd.schema, systems-fd-conf.schema
The Phone object has been migrated to the system plugin due to the removal of the asterisk plugin.
fusiondirectory-insert-schema -e asterisk-fd-conf
Are you sure you want to empty schema(s) asterisk-fd-conf?
[Yes/No]? Yes
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema
Check for deprecated attributes and objectClasses in your LDAP¶
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
cn=fusiondirectory,ou=configs,dc=fusiondirectory,dc=org contains an obsolete attribute
cn=fusiondirectory,ou=configs,dc=fusiondirectory,dc=org uses the obsolete object class fdAsteriskPluginConf
uid=fd-admin,ou=people,dc=fusiondirectory,dc=org uses the obsolete object class gosaAccount
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes. If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
fusiondirectory-setup –ldif-deprecated
dn:cn=fusiondirectory,ou=configs,dc=fusiondirectory,dc=org
changetype:modify delete:fdRfc2307bis
-
delete:fdCopyPaste
-
WARNING: There are entries in the LDAP using obsolete classes, you need to edit them manually
Avertissement
Please read it carefully before applying !!
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf
Problems when we removing objectClasses¶
When you remove gosaAccount you can have some troubles.
If you have samba plugin installed you must remove the next attributes on the users where the samba tab is not activate.
sambaBadPasswordTime
sambaBadPasswordCount
sambaNTPassword
sambaPwdLastSet
If you use argonaut client tab on some objets¶
To add the new attribute argonautClientProtocol, you must only open the objets that have an argonaut client tab and save it again.
Migrate FusionDirectory from 1.0.9 to 1.0.9.1¶
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Insert the core template schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/template-fd.schema``
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.9.1 to 1.0.9.2¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Removed obsolete plugins¶
In this version we removed obsolete plugin, because they where based on software no longer existing or needed an sql backend and we decided they need to be rewritten using the now ldap backend of those softwares :
rsyslog : old plugin not maintainable anymore based on the sql backend, and we don’t want to manage sql backend in FusionDiretory anymore
- Database-connectorsql abstraction code no longer needed now
that rsylog plugin is removed
They are no longer supported and should be removed from your installation
apt-get remove fusiondirectory-plugin-rsyslog
apt-get remove fusiondirectory-plugin-database-connector
Upgrade of LDAP directory¶
Upgrade the core template schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema``
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema``
if your are using the fusioninventory plugin you have to update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/inventory-fd.schema``
if your are using the supann plugin you have to update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/supann-fd.conf``
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.9.2 to 1.0.9.3¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core configuration schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
if your are using the system plugin you have to update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
if your are using the repository plugin you have to update his schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/repository-fd.schema
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.9.3 to 1.0.10¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core configuration schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
if your are using the personal plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/personal-fd.schema
if your are using the system plugin you have to update its schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
if your are using the dns plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/dns-fd-conf.schema
and install a new schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/dns-fd.schema
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.10 to 1.0.11¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Migrate FusionDirectory from 1.0.11 to 1.0.12¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Mail¶
In this version the mail plugin has been cleaned and his dependency to the systems has been removed. In the mean time the postfix and spamassassin service have been moved in their own plugins. The antivirus service have been removed.
The old spamassasin settings from the mail user tab have been rewritten and moved to a spamassasin plugin, they now support the real LDAP backend of spamassasin. So you will need to move your data to the new format before using them.
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
if your are using the mail plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd-conf.schema
if your are using the system plugin you have to update its schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
Postfix plugin¶
if you where using the postfix service in 1.0.11, you need to install the postfix plugin and insert the postfix schema
apt-get install fusiondirectory-plugin-postfix
apt-get install fusiondirectory-plugin-postfix-schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/postfix-fd.schema``
spamassasin plugin¶
if you where using the spamassin service in 1.0.11, you need to install the spamassassin plugin and insert the spamassasin schema
apt-get install fusiondirectory-plugin-spamassassin
apt-get install fusiondirectory-plugin-spamassassin-schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/spamassassin-fd.schema
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.12 to 1.0.13¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
if your are using the alias plugin you have to update its schema
fusiondirectory-insert-schema-m /etc/ldap/schema/fusiondirectory/alias-fd.schema``
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.13 to 1.0.14¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Plugin deprecated¶
The game plugin as been removed in this version
Upgrade of LDAP directory¶
if your are using the community plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/community-fd.schema``
if your are using the systems plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema``
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
New Breezy Theme¶
In this version by default there is a new more modern theme called breezy. To active it completely go to the configuration plugin, click edit and in the « Look and feel » section select breezy
Enjoy :)
Migrate FusionDirectory from 1.0.14 to 1.0.15¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Plugin deprecated¶
The apache2 plugin as been removed in this version
apt-get remove fusiondirectory-plugin-apache2
apt-get remove fusiondirectory-plugin-apache2-schema
After removing you apache2 data from the LDAP, you may empty the schema
fusiondirectory-insert-schema -e mod_vhost_ldap
Upgrade of LDAP directory¶
Upgrade the core template schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema``
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema``
if your are using the systems plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema``
if your are using the personal plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/personal-fd.schema``
Remove old schema from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf if they still exist
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Hook¶
You must modify your hook so that they don’t use quotes. The attributes are now automatically quotes and escape.
New Breezy Theme¶
In this version by default there is a new more modern theme called breezy. To active it completely go to the configuration plugin, click edit and in the « Look and feel » section select breezy
Enjoy :)
Migrate FusionDirectory from 1.0.15 to 1.0.16¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
The lock attribute and objectClass has been changed so you need to run fusiondirectory-setup –delete-gosa-locks to remove them
fusiondirectory-setup --delete-gosa-locks
Delete lock tokens using old gosaLockEntry class
Deleted lock 'cn=df0c0960f4202f794a331f07f3fbcccd,ou=locks,ou=fusiondirectory,dc=org'
Deleted lock 'cn=157dc41f15328c6ae3f1a2542c0dd481,ou=locks,ou=fusiondirectory,dc=org'
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate FusionDirectory from 1.0.16 to 1.0.17¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
if your are using the fai plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai.schema
if your are using the personal plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/personal-fd.schema
if your are using the dhcp plugin you have to install a new schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/dhcp-fd-conf.schema
Remove old ldif from /etc/ldap/schema/fusiondirectory¶
The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove /etc/ldap/schema/fusiondirectory/ppolicydefault.ldif
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Migrate your DHCP entries¶
if you where using the DHCP plugin in 1.0.16, you need to migrate your entries to the dhcp branch, run the fusiondirectory-setup –migrate-dhcp for this
fusiondirectory-setup --migrate-dhcp
Checking your indexed attributes¶
Check that all you index still match with valid attributes present in your ldap directory
Enjoy :)
Migrate FusionDirectory from 1.0.17 to 1.0.18¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
Upgrade of LDAP directory¶
if your are using the systems plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Correcting acl editownpwd¶
Avertissement
To fix the error in the installed editownpwd, you need to go :
Acl roles
Open the editownpwd acl
Save it
Its very important you do it, to know why look at the users must update his role editownpasswd
Checking your indexed attributes¶
Check that all you index still match with valid attributes present in your ldap directory
Enjoy :)
Migrate FusionDirectory from 1.0.18 to 1.0.19¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
No upgrade
Upgrade of LDAP directory¶
No Upgrade
Correcting acl editownpwd¶
Avertissement
To fix the error in the installed editownpwd, you need to go :
Acl roles
Open the editownpwd acl
Save it
Its very important you do it, to know why look at the users must update his role editownpasswd
Enjoy :)
Migrate FusionDirectory from 1.0.19 to 1.0.20¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/template-fd.schema
Upgrade of LDAP directory¶
if your are using the argonaut plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Correcting acl editownpwd¶
Avertissement
To fix the error in the installed editownpwd, you need to go :
Acl roles
Open the editownpwd acl
Save it
Its very important you do it, to know why look at the users must update his role editownpasswd
Checking your indexed attributes¶
Check that all you index still match with valid attributes present in your ldap directory
Enjoy :)
Migrate FusionDirectory from 1.0.20 to 1.1¶
Ubuntu 12.0.4 TLS users¶
Avertissement
Since 1.0.9.2 FusionDirectory need the php-cas library for CAS server support. This library can normally found in universe in the Ubuntu repositories.
In case you did not find it, grab the deb from here and install it
http://packages.ubuntu.com/trusty/all/php-cas/download
and select your preferred mirror
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Removed plugins¶
If you used kolab2 plugin you need to remove the plugin and its schema with the following command
apt-get remove fusiondirectory-plugin-kolab2
apt-get remove fusiondirectory-plugin-kolab2-schema
Splitted plugins¶
The posix tab of fusiondirectory is now a plugin by itself, if you use posix attributes install the corresponding plugin
apt-get install fusiondirectory-plugin-posix
Upgrade schema2ldif¶
For Jessie distribution add extra repository
#fusiondirectory debian-extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main
Update the package list and upgrade schema2ldif
apt-get update
apt-get install schema2ldif
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade the core schemas
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
Upgrade of LDAP directory¶
if you are using the argonaut plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema
if you are using the dhcp plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/dhcp-fd.schema
if you are using the fai plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai.schema
if you are using the mail plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema
if you are using the systems plugin you have to update its schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema
Migrate old objects¶
If you have systems use this command to migrate them
fusiondirectory-setup --migrate-systems
If you have phones use this command to migrate them
fusiondirectory-setup --migrate-phones
If you have winstations use this command to migrate them
fusiondirectory-setup --migrate-winstations
Check for deprecated attributes and objectClasses in your LDAP¶
The list-deprecated option of fusiondirectory-setup show deprecated attributes and objectClasses for FusionDirectory
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
gotoModules (GOto - Gonicus Terminal Concept, value kernel modules.) - 1.3.6.1.4.1.10098.1.1.1.32``
fdPasswordHook (FusionDirectory - Password hook (external command)) - 1.3.6.1.4.1.38414.8.13.4``
fdSnapshotURI (FusionDirectory - Snaphost URI) - 1.3.6.1.4.1.38414.8.17.3``
gotoXVsync (GOto - Gonicus Terminal Concept, value xVsync.) - 1.3.6.1.4.1.10098.1.1.1.19``
ghSoundAdapter (Hardware definitions, value soundAdapter) - 1.3.6.1.4.1.10098.1.1.2.7``
gotoXMouseport (GOto - Gonicus Terminal Concept, value xMouseport.) - 1.3.6.1.4.1.10098.1.1.1.22``
gotoXMonitor (GOto - Gonicus Terminal Concept, value xMonitor.) - 1.3.6.1.4.1.10098.1.1.1.17``
gotoAdaptPath (GOto - Gonicus Terminal Concept, value adaptpath.) - 1.3.6.1.4.1.10098.1.1.1.33``
gotoScannerClients (GOto - Gonicus Terminal Concept, value scannerClients.) - 1.3.6.1.4.1.10098.1.1.1.11``
gotoHardwareChecksum (GOto - quick way to see if something has changed) - 1.3.6.1.4.1.10098.1.1.2.12``
gotoRootPasswd (GOto - Gonicus Terminal Concept, value rootPasswd.) - 1.3.6.1.4.1.10098.1.1.1.14``
gotoXKbLayout (GOto - Gonicus Terminal Concept, value xKblayout.) - 1.3.6.1.4.1.10098.1.1.1.26``
gotoProfileServer (GOto - specifies the profile server) - 1.3.6.1.4.1.10098.1.1.11.8``
fdAccountRDN (FusionDirectory - use a placeholder pattern for generating account RDNs) - 1.3.6.1.4.1.38414.8.12.2``
gotoScannerEnable (GOto - Gonicus Terminal Concept, value scannerEnable.) - 1.3.6.1.4.1.10098.1.1.1.10``
ghGfxAdapter (Hardware definitions, value Grafikkarte) - 1.3.6.1.4.1.10098.1.1.2.9``
gotoFontPath (GOto - Gonicus Terminal Concept, value fontPath.) - 1.3.6.1.4.1.10098.1.1.1.5``
ghIdeDev (Hardware definitions, value ideDev) - 1.3.6.1.4.1.10098.1.1.2.4``
gotoLpdEnable (GOto - Gonicus Terminal Concept, value lpdEnable.) - 1.3.6.1.4.1.10098.1.1.1.9``
gotoXKbVariant (GOto - Gonicus Terminal Concept, value xKbvariant.) - 1.3.6.1.4.1.10098.1.1.1.27``
fdRfc2307bis (FusionDirectory - rfc2307bis) - 1.3.6.1.4.1.38414.8.10.1``
gotoAutoFs (GOto - Gonicus Terminal Concept, value autofs.) - 1.3.6.1.4.1.10098.1.1.1.31``
gotoSndModule (GOto - Gonicus Terminal Concept, value sound Modules.) - 1.3.6.1.4.1.10098.1.1.1.29``
gotoCdromEnable (GOto - Gonicus Terminal Concept, value cdromEnable.) - 1.3.6.1.4.1.10098.1.1.1.8``
gotoScannerModel (GOto - Gonicus Terminal Concept, value scannerModel.) - 1.3.6.1.4.1.10098.1.1.1.40``
gosaLoginRestriction (GOsa - Multivalue attribute to carry a number of allowed ips/subnets) - 1.3.6.1.4.1.10098.1.1.12.46``
gotoXColordepth (GOto - Gonicus Terminal Concept, value xColordepth.) - 1.3.6.1.4.1.10098.1.1.1.21``
academicTitle (Field to represent the academic title) - 1.3.6.1.4.1.10098.1.1.6.2``
fdSnapshotAdminDn (FusionDirectory - Snaphost admin dn) - 1.3.6.1.4.1.38414.8.17.4``
gotoFilesystem (GOto - Gonicus Terminal Concept, value filesystem.) - 1.3.6.1.4.1.10098.1.1.1.6``
ghInventoryNumber (Unique number for inclusion in an inventory) - 1.3.6.1.4.1.10098.1.1.2.10``
gosaSubtreeACL (GOsa - ACL entry) - 1.3.6.1.4.1.10098.1.1.12.1``
fdIdGenerator (FusionDirectory - An automatic way to generate new user ids) - 1.3.6.1.4.1.38414.8.12.4``
ghUsbSupport (Hardware definitions, value usbSupport) - 1.3.6.1.4.1.10098.1.1.2.3``
gotoSysStatus (Keeps current system status - info shown in GOsa) - 1.3.6.1.4.1.10098.1.1.2.11``
fdCopyPaste (FusionDirectory - (de)Activate copy/paste) - 1.3.6.1.4.1.38414.8.14.5``
gotoXDriver (GOto - Gonicus Terminal Concept, value xDriver.) - 1.3.6.1.4.1.10098.1.1.1.28``
gotoXKbModel (GOto - Gonicus Terminal Concept, value xKbmodel.) - 1.3.6.1.4.1.10098.1.1.1.25``
fdPersonalTitleInDN (FusionDirectory - Personal title in dn) - 1.3.6.1.4.1.38414.8.12.5``
gotoLpdServer (GOto - Gonicus Terminal Concept, value lpdServer.) - 1.3.6.1.4.1.10098.1.1.1.4``
gotoXHsync (GOto - Gonicus Terminal Concept, value xHsync.) - 1.3.6.1.4.1.10098.1.1.1.18``
gotoProfileFlags (GOto - Flags for Profile handling - C is for caching) - 1.3.6.1.4.1.10098.1.1.11.7``
ghCpuType (Hardware definitions, value cpuType) - 1.3.6.1.4.1.10098.1.1.2.1``
gotoXResolution (GOto - Gonicus Terminal Concept, value xResolution.) - 1.3.6.1.4.1.10098.1.1.1.20``
gotoShare (GOto - specifies a share) - 1.3.6.1.4.1.10098.1.1.11.9``
gotoScannerBackend (GOto - Gonicus Terminal Concept, value scannerBackend.) - 1.3.6.1.4.1.10098.1.1.1.39``
fdSnapshotAdminPassword (FusionDirectory - Snaphost admin password) - 1.3.6.1.4.1.38414.8.17.5``
fdVoicemailContexts (FusionDirectory - available voicemail contexts) - 1.3.6.1.4.1.38414.19.11.2``
gosaDefaultLanguage (GOsa - Defines the default language for a user) - 1.3.6.1.4.1.10098.1.1.12.14``
ghMemSize (Hardware definitions, value memSize) - 1.3.6.1.4.1.10098.1.1.2.2``
gotoProfileQuota (GOto - save quota for home) - 1.3.6.1.4.1.10098.1.1.11.15``
fdSipContexts (FusionDirectory - available sip contexts) - 1.3.6.1.4.1.38414.19.11.1``
fdPhoneConferenceRDN (FusionDirectory - Phone conference RDN) - 1.3.6.1.4.1.38414.19.10.3``
ghScsiDev (Hardware definitions, value scsiDev) - 1.3.6.1.4.1.10098.1.1.2.5``
fdPhoneMacroRDN (FusionDirectory - Phone macro RDN) - 1.3.6.1.4.1.38414.19.10.2``
ghNetNic (Hardware definitions, value Network Device) - 1.3.6.1.4.1.10098.1.1.2.8``
gotoFloppyEnable (GOto - Gonicus Terminal Concept, value floppyEnable.) - 1.3.6.1.4.1.10098.1.1.1.7``
gotoXMouseButtons (GOto - Gonicus Terminal Concept, value xMouseButtons.) - 1.3.6.1.4.1.10098.1.1.1.23``
gotoXMouseType (Hardware definitions, value Type of mouse) - 1.3.6.1.4.1.10098.1.1.1.34``
Deprecated objectClasses:
goCupsServer (CUPS server description) - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry (GOsa - Class for GOsa caching) - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate (GOsa - Class for GOsa User Templates) - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount (GOsa - Class for GOsa Accounts) - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject (GOsa - Class for GOsa settings) - 1.3.6.1.4.1.10098.1.2.1.19.1``
The check-deprecated option will output a list of dn using old attributes and objectClasses of they are present in your ldap server
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
There are no entries in the LDAP using obsolete attributes
There are no entries in the LDAP using obsolete classes
The ldif-deprecated option will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes.
fusiondirectory-setup --ldif-deprecated > remove_deprecated.ldif
If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
Avertissement
Please read it carefully before applying !!
Checking your indexed attributes¶
Check that all you index still match with valid attributes present in your ldap directory
New format for repository service¶
If you have a repository service. Open and save it back so it will use the new format
Enjoy :)
Migrate FusionDirectory from 1.1 to 1.1.1¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Upgrade schema2ldif¶
For Jessie distribution add extra repository
#fusiondirectory debian-extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main
Update the package list and upgrade schema2ldif
apt-get update
apt-get install schema2ldif
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Enjoy :)
Migrate FusionDirectory from 1.1.1 to 1.2¶
New Depot Configuration¶
Avertissement
The repositories have been cleaned and reorganized please update your configuration accordingly
Avertissement
The gpg keys for FusionDirectory and Argonaut have been renewed so you need to install the new keys for the packages to install correctly
Upgrade schema2ldif¶
For Jessie distribution add extra repository
#fusiondirectory debian-extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main
Update the package list and upgrade schema2ldif
apt-get update
apt-get install schema2ldif
Upgrade FusionDirectory first¶
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
Upgrade FusionDirectory core package before other ones to avoid dependencies errors:
apt-get install fusiondirectory
Upgrade FusionDirectory schema package too.
apt-get install fusiondirectory-schema
Upgrade of LDAP directory¶
Upgrade core schema of FusionDirectory
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema
if you are using the renater plugin you have to add its new schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/renater-partage-fd.schema
if you are using the sympa plugin you have to update its schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/sympa-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/sympa-fd.schema
In case you use system template that have a DNS tab, you need to remake it because the separator « | » is changed to « ^ »
Enjoy :)
Core¶
FusionDirectory Core
Main menu¶
Once logged in into FusionDirectory, you get to the main menu. Here is what it looks like with core view:
Users and groups¶
This section contains most plugins allowing to manage objects in your LDAP, by default mainly users and groups as the name suggest, but as you install plugin you may end up handling other types of objects.
In our example, this user can access the following Users and groups sections:
Departments : manage Departments, countries, domain components, domains, localities and organization nodes
Here is an overview of Departments section details
Users : manage user accounts and their properties
Here is an overview of Users section details
Groups and roles : allows you to manage objects groups, POSIX groups and roles
Here is an overview of Groups and roles section details
ACL roles : manage ACL roles
Here is an overview of ACL roles section details
ACL assignments : manage ACL roles assignments to users
Here is an overview of ACL asignments section details
Configuration¶
This section contains the configuration page of your FusionDirectory installation, and it may contain configuration screen for other plugins as you install them.
Here is an overview of configuration section details
My account¶
This special category shows you the user tabs for the user account you signed in as. It’s in this section that your users will be able to edit their own informations if you give them ACL rights to do so.
Here is an overview of user section details
Departments¶
This page allows you to manage your LDAP tree structure, so that you may sort the other objects in branches later.
Click on Departments icon on FusionDirectory main page
Your will be directed to Departments management page
The following actions are available:
Create Department: Think of this as the LDAP equivalent of a folder, it’s the basic container for organizing objects in your LDAP.
Create Country: You may use this if your activity is spread over several countries and you want to reflect that in your tree.
Domain Component: You may use that to reflect your DNS in your tree
Domain: Same as above but if you want to put the whole domain as only one node (ie d=example.com instead of dc=example,dc=com)
Locality: You may use this if your activity is spread over several locations and you want to reflect that in your tree.
Organization: May represent a company or any other kind of organization.
Export list:
PDF: Export the current object list as a PDF document
CSV: Export the current object list as a CSV file
Remove: Delete an existing department
Users¶
This page is for user management.
You can access Users management in two ways : either by clicking Users icon on FusionDirectory main page
or by clicking Users entry in Users and Groups Menu on the left
You will be directed on users management page
Note
All management pages you will see in FusionDirectory look like this. This one allows to manage users.
Click on one user entry in order to access this user’s information overview
FusionDirectory is based on tabs. You will find the same tab-system in plugins, configuration etc.
Activated tabs are always in black and non-activated tab are gray.
Actions¶
The following actions are available:
Create User: Create a new user
Create From template: Create a new user from a template
Create Template: Create a user template
Edit: Edit an existing user
Remove: Delete an existing user
Lock users: Lock existing users
Unlock users: Unlock existing users
Apply template: Apply a template to an existing user
Export list
PDF: Export the current object list as a PDF document
CSV: Export the current object list as a CSV file
Copy: Copy users
Cut: Cut users to move them
Paste: Paste copied or cut users to the current base
Restore snapshots: Restore snapshots of users
Filter¶
On the right, you have a very practical Filter menu. The filter box let you filter what you are listing.
You can select which object types you want to list or hide, if you want to show templates or hide them.
You can also filter objects depending on which tabs are activated on them.
You can also you the text box to do a text search.
Click on the filter you are interested in in order to show all the users that apply to that filter.
For example, if you select « Show Templates » filter, you will see the list of user’s template
Checking the « Search in subtrees » checkbox allows to search in the whole subtree under the current base.
List¶
In the list you see objects matching current filter options under the currently selected base.
In this example, we selected the three following filters : SHow functional users, SHow Mail users and Show Samba users
You can click on column headers to sort the list
and you can quickly access actions on an object using the icons in the last column
You may also check several objects in the first column and apply an action to all of them using the actions menu.
Under the list is a summary of how many objects of each type are shown (in this example there is 1 Department and 3 Users
Note
In FusionDirectory you can show each icon description by simply putting the cursor on the concerned icon
For example, the « floppy disk » icon means « Create a new snapshot from this object »
Groups¶
This page is for groups and roles management.
Click on Groups and roles icon on FusionDirectory main page
You will be directed to Groups and roles management page
Click on one group entry in order to access this group’s information overview
On the previous page, the following actions are available:
Create Template Group: Create a group template
Create Template Role: Create a role template
Create POSIX Group: Create a POSIX group template
Create From Template Role: Create a role using a template
Create From Template POSIX Group: Create a POSIX group using a template
Of course, you can also create groups, roles and POSIX groups from scratch, by clicking on Actions–> Create –> Group, Actions–> Create –> Roles, Actions–> Create –> POSIX Groups
Edit: Edit an existing group
Remove: Delete an existing group
Export list
PDF: Export the current object list as a PDF document
CSV: Export the current object list as a CSV file
Copy: Copy groups
Cut: Cut groups to move them
Paste: Paste copied or cut groups to the current base
Restore snapshots: Restore snapshots of groups
ACL Roles¶
This page allows to manage ACL Roles
Click on ACL roles icon on FusionDirectory main page
You will be directed to ACL roles management page, where you can see the list of all created ACL roles
Note
ACL roles can be used to give rights to users through ACL assignment. Setup offers to create a few default roles for you with common usecases.
If you click on one ACL role, you will see the rights of this role
The following actions are available:
Create ACL role: Create a new ACL role
Edit: Edit an existing ACL role
Remove: Delete an existing ACL role
Export list
PDF: Export the current object list as a PDF document
CSV: Export the current object list as a CSV file
Copy: Copy ACL role
Cut: Cut ACL roles to move them
Paste: Paste copied or cut ACL roles to the current base
Restore snapshots: Restore snapshots of ACL roles
ACL Assignments¶
Click on ACL assignments icon on FusionDirectory main page
This page allows to assign ACL roles to user and manage existing assignments.
Note
Note that only existing assignments are shown here, if you want to add ACL assignment on a department which has none yet, you need to go in Departments, edit this object and go to the ACL tab.
Click on an ACL assignments to see its assignments
The following actions are available:
Create ACL assignment: Create a new ACL assignment
Edit: Edit an existing ACL assignment
Remove: Delete an existing ACL assignment
Export list
PDF: Export the current object list as a PDF document
CSV: Export the current object list as a CSV file
Restore snapshots: Restore snapshots of ACL assignments
Dashboard¶
Click on Dashboard icon on FusionDirectory main page
The dashboard screen allows you to consult statistics about the content of your LDAP tree.
The first tab shows the number of objects for each type known to your FusionDirectory installation. Clicking them will lead you the management page for them, if any.
Users¶
User tab shows more detailed statistics about users.
It is especially useful to track expired on soon-to-expire users, when using posix plugin.
Users statistics : it shows you the number of users and the e-mail account type of each user
Groups statistics : it shows you how many groups there are
Expired accounts : It shows you the expired accounts and the accounts that will expire soon
Passwords¶
Passwords tab shows statistics about passwords, and it is especially useful for tracking old accounts still using an obsolete password method in order to update them.
Configuration¶
FusionDirectory Configuration
Configuration¶
All the configuration is stored inside the ldap, in FusionDirectory branch.
If you need to modify something, you can access to FD configuration by the « Configuration » entry in the « Addons » section of the main menu.
You need to click on « Edit » first to access edition and then « Ok » once you’ve finished.
Look and feel¶
Language: Defines the default language used by FusionDirectory. Normally FusionDirectory autodetects the language from the browser settings. If this is not working or you want to force the language, just modify the language here.
Theme: (required) Defines what theme is used to display FusionDirectory pages. You can install some corporate identity like theme and/or modify certain templates to fit your needs within themes.
Timezone: (required) Defines the timezone used within FusionDirectory to handle date related tasks, such as password expiration, vacation messages, etc. The timezone value should be a unix conform timezone value like in /etc/timezone.
Core settings¶
LDAP size limit: Tells FusionDirectory to retrieve the specified maximum number of results. The user will get a warning, that not all entries were shown.
Edit locking: Enables FusionDirectory to check if a entry currently being edited has been modified from someone else outside FusionDirectory in the meantime. It will display an informative dialog then. It can be set to entryCSN for OpenLDAP based systems or contextCSN for Sun DS based systems.
Enable logging: Enables event logging on FusionDirectory side. Setting it to true, FusionDirectory will log every action a user performs via syslog. If you use rsyslog and configure it to mysql logging, you can browse all events within FusionDirectory.
Schema validation: Validate the installed schema before connecting to FusionDirectory
Enable snapshots: This enables you to save certain states of entries and restore them later on.
Snapshot base: Defines the base where snapshots should be stored inside of the LDAP.
Wildcard foreign keys: Whether to activate foreign key handling in cases where a wildcard filter is needed. For instance when moving a department containing users, this will make sure any reference to a user in this department is updated. This maintain consistency but may be a bit slow on big trees.
Password settings¶
Password default hash: (required) Defines the default password hash to choose for new accounts.
Valid values are :
crypt/standard-des
crypt/enhanced-des
crypt/md5
crypt/blowfish
crypt/sha-256
crypt/sha-512
smd5
md5
sasl
ssha
sha
These values will be overridden when using templates.
Force default hash: Enable/Disable force the use of the default password hash.
Password minimum length: Determines the minimum length of a new password entered to be considered valid. Note that this only affect passwords that are set by the user, not by the admins.
Password minimum differs: Determines how many characters that must be different from the previous password. Note that this only affect passwords that are set by the user, not by the admins.
Use account expiration: Enables shadow attribute tests during the login to FusionDirectory and forces password renewal or account locking.
SASL Realm: Defines the way the kerberos realm is stored in the userPassword attribute. Set it to REALM.NET in order to get {sasl}user@REALM.NET.
SASL Exop: Defines the attribute to be stored in the userPasword attribute. Set it to uid in order to get the {sasl}uid of the user.
Login and session¶
Login attribute: (required) Defines which LDAP attribute is used in Fusiondirectory as the login name during login. It can be set to uid, mail or both.
Enforce encrypted connections: Enables PHP security checks to force encrypted access (https) to the web interface.
Warn if session is not encrypted: Enables PHP security checks to detect non encrypted access to the web interface. FusionDirectory will display a warning in this case.
Session lifetime: (required) Defines when a session will expire in seconds. For Debian systems, this will not work because the sessions will be removed by a cron job instead. Please modify the value inside of your php.ini instead.
HTTP authentification: Activate HTTP authentification (basic auth).
HTTP Header authentication: Activate HTTP header authentification (default LemonLDAP::NG method)
Header name: Define the name of the header you will use for HTTP Header Authentification
SSL¶
Key path: Path of the private key for FusionDirectory on the server.
Certificate path: Path of the certifiate for FusionDirectory on the server.
CA certificate path: Path of the CA on the server.
CAS¶
Enable CAS: Enable CAS.
CA certificate path: Path of the CA for the CAS server.
Host: Host of the CAS Server.
Port: Port of the CAS Server.
CAS context: CAS context to be used
People and group storage¶
Pay attention to the changes in this section of the configuration
People DN attribute: (required) Defines the attribute to use at the beginning of users dn.
Possible values are uid and cn
uid style DN:
uid=superuser,ou=staff,dc=example,dc=netcn style DN:
cn=Foo Bar,ou=staff,dc=example,dc=net
CN pattern: The pattern to use to build the common name field.
Strict naming policy: Enables strict checking of uids and group names. If you need characters like . or - inside of your accounts, don’t enable this option.
Users RDN: (required) Defines the location where new accounts will be created inside of defined departments. The default is ou=people.
ACL role RDN: The branch where ACL roles are stored.
Restrict role members: When enabled only users from the same branch or members of groups from the same branch can be added to a role.
Separate address fields: When enabled, expose street, postOfficeBox and postalCode fields instead of postalAddress.
Postal address pattern: When Separate address fields is enabled, filling this allows to fill postalAddress using values from the separate fields in a pattern.
Debugging¶
Display errors: Defines whether to enable the display of PHP errors in the upper part of the screen. This should be disabled in productive deployments, because there might be some passwords in it.
Maximum LDAP query time: Tells FusionDirectory to stop LDAP actions if there is no answer within the specified number of seconds.
Log LDAP statistics: Tells FusionDirectory to track LDAP timing statistics to the syslog. This may help to find indexing problems or bad search filters.
Debug level: Display certains debug informations on each page load. Valid values are LDAP, Database, Shell, POST, SESSION, ACL, SI, Mail. The different values can also be combined with each other.
Miscellaneous¶
Display summary in listings: Determines whether a status bar will be shown on the bottom of FusionDirectory generated lists, displaying a short summary of type and number of elements in the list.
Show ACL tab on all objects: For very specific ACL rights setting where you might need to give rights on a single object.
Available department categories: Available categories in the departments category dropdown.
Plugin menu blacklist: A list of plugins to hide from FusionDirectory menu for a given group of users.
Hooks¶
Hooks: Defines hooks that are called when specific actions happens.
Each hook is defined by:
Tab: The plugin tab triggering this hook
Mode: When this hook is triggered
Command: The executed command when this hook is triggered. Use the placeholder syntax to pass attribute values to the hook.
Display hook output: Activate to display the hook output.
Configure Password recovery¶
FusionDirectory has a password recovery fonction.
If the Mail plugin is installed it can use the mail attribute
If the Personal plugin is installed it can use the fdPrivateMail
If the Supann plugin is installed it can use the supannMailPerso
In the login window of the user’s connection, you will find the option “I forgot my password”.
This option allows your users to generate a new password.
If you click on “I forgot my password” now, the following window appears :
To activate the recovery of the password, the administrator must set it up
Configuration
Connect as administrator and click on Configuration button in FusionDirectory
Go to Password recovery tab
In the next windows click on “Edit” button bottom right
To activate password recovery you must check the box next to “Activate password recovery”
Sender email address : e-mail address from which e-mails will be sent (required)
Link validity (minutes) : number of minutes before a recovery link expires (required)
Salt for tokens : just a security measure, you can put anything in there, even random characters (required)
Allow the use of alternate addresses : if checked, users will also be able to enter one of theirs alternate addresses to recover their password
Fill-in First email settings
Subject : subject of the first e-mail (required)
Body (first %s is login, second is link) : body of the first e-mail, sent when the users asks for a new password. Use % for the login and the recovery link (required)
Fill-in Second email settings
Subject : subject of the second e-mail (required)
Body (%s is login) : body of the first e-mail, sent to confirm that the password has been changed. Use % for the user login (required)
Use it
Now your users can be able to use password recovery. When they will click on “I forgot my password” this windows will appear
They will enter their full e-mail address and after click on “Change”
A message will appear on the screen informing your user of sending an e-mail to his address, with a link to change his password.
Your user will receive a mail like this :
[FusionDirectory] Password recovery link
From: reset@fusiondirectory.org
To: myname@acme.org
Hello,
Here are your informations :
- Login : myname
- Link : http://fusiondirectory.org/fusiondirectory/recovery.php?uniq=KSDnZ31AYR7psZETCtHNGyNkzMKfZKOXP9xpTAF5nprwwMnwF3ZH28EL9&uid=tototot&address_mail=myname@acme.org
This link is only valid for 10 minutes.
When user will browse to the link sending him by e-mail, a message like this will appear on the screen
Now the user need to fill the required new password and then click on “Change”. A confirmation email is sent to his mailbox :
[FusionDirectory] Password Changed recovery successful
From: reset@fusiondirectory.org
To: myname@acme.org
Hello,
Your password has been changed.
Your login is still myname.
He just needs to click on “Return to login screen” to connect with his new password
ACLs¶
FusionDirectory ACLs
Introductions¶
FusionDirectory ACLs can be used to give rights on FusionDirectory content to other users than the admin. They can be used to allow users to edit their own information for instance, or to allow a project manager to edit the users from his team.
For example, here is the Admin view of the interface. As you can see, the Admin has access to all the plugins
And here is the Manager view. As you can see, the Manager can only access Users and groups, account and Unix
Functionalities¶
ACL roles¶
What can a person do in FusionDirectory?
Click on ACL roles icon on the main page of FusionDirectory
The ACL role groups all the rights you want to give to a group or a user
You will see the list of created roles.
Each role has two columns :
Name : this is the name of the role
Description : a short description of what can be done by this role
Click on a role, in this example manager; you will be on Role tab
Properties settings
Base : object base
If you put the cursor on the base field, you will see all the base objects and you will be able to choose the one that you need.
Name : a name for this role (required)
Description : short description of this role
ACLs settings
This field is very important because it defines the settings of the rights that this role has and the objects that it can manage
In order to see the list of ACL categories assigned to this role, click on the little pencil on the right
This will bring you to the whole list of available ACL categories. Scroll down to see the categories assigned to this role.
In this example, User is assigned to this role and it is marked as « ACL for these objects: posixAccount, user ».
Click on the little pencil next to User category on the right
This will give you a simplified view of Object User attributes, highlighted in purple
The beauty and the strength of FusionDirectory is that you can also play on each single attribute of the object.
To do this, click on « Show/hide advances settings » button on next to the object you are interested in
This wil open a dialog incliding all the object settings and you can check/uncheck the ones you need
Then you have a part for each user tab depending on your installed plugins. The Create right on a tab allows to activate it while the Remove one allows to deactivate.The Grant permission to owner checkbox allows to give rights only on the user’s own node as in the editowninfos role we used earlier.
Special cases about rights¶
Template¶
The template part is available for objects which support templates and allow to give rights on templates, and control rights on the template_cn field.
To be able to create a user using a template, the connected user needs:
Read right of user/template:template_cn on the template object (or any parent department)
Create right of user/user on the base the user is created in (or any parent department)
Write right of the fields required by the templates on the base the user is created in (or any parent department)
Snapshot¶
There is a Snapshot part for objects which supports snapshots.
Create right means the user will be able to take new snapshots
Delete right means he will be able to delete existing snapshots
Write right on restore_over field means he will be able to restore snapshots of an existing object
Write right on restore_deleted field means he will be able to restore snapshots of deleted objects
ACL assignments¶
How to assign ACLs
After the creation of a role, we can say what a person has the right to do.
Click on ACL Assignments icon in FusionDirectory
You will see the list of ACL Assignments
Click on an ACL Assignment, in thie example test42 and you will see three columns
first column : on what mode of operation the LDAP will work
second column : the dn of the role. It defines the rights assigned to the person in column 3 in relation to the ACLs assigned to him
third column : person to which the ACL is assigned
Create ACLs¶
How to create an ACL role
To give rights to users, the first step is to define an ACL role which will list the permissions you want to give.
Now let’s get more into the details of which kind of permission an ACL role can give.
Click on ACL roles icon on FusionDirectory main page
Click on Actions –> Create –> ACL role
Fill name and description as you see fit.\
Click Add button bottom left ACLs
You will see a screen listing the ACL categories:
Click on pencil icon next to User category
Then you have a part for each user tab depending on your installed plugins. The Create right on a tab allows to activate it while the Remove one allows to deactivate.
The Grant permission to owner checkbox allows to give rights only on the user’s own node as in the editowninfos role we used earlier.
In this case we want to create a role named student having the rights to read and write his phone number.
Check the box against Grant permission to owner
Go to object User and click on Show/hide advanced settings button
Check read and write options in Business mobilenumber
Click on Apply button
Now, on the List of available ACL categories you can see that User category changed to ACL for these objects: user
Click on Apply button
Now you can see that ACL’s settings are filled-in
Click on Ok button bottom right
Use ACLs¶
ACLs Assignment¶
Click on ACL assignments on FusionDirectory main page
Click on the ACL assignment that you need
ACL Assignment tab you can see all the assignments
Click on Add button bottom left
Select ACL Assignment properties as follows
Mode : subtree
Role : student
Select a user by clicking on Add button under Members field
Select the user to whom you wish to assign student role (in this example, leheros toto)
Click on Add button bottom right
In ACL Assignment tab you can now see toto in Members field
Click on Add button bottom right
You can see that ACL Assignment tab is now correctly filled
Click on Ok button bottom right to save
Result¶
User view
Now let’s see how the ACL has been applied to our User
Login as toto
Click on User icon
Click on Edit button bottom right
You will see that the only editable field is Mobile (this user can only modify his mobile number as per the ACL that we set earlier)
Use ACLs with department¶
delegate department management¶
So, let’s say you want to give manager rights to user Richard Hollandais to the branch ou=test42,dc=demo-fusiondirectory,dc=org
Start by clicking on Departments icon on FusionDirectory main page
Then click on edit icon (pencil) against test42 department line
Go to ACL Assignment tab.
Click on Add button bottom left
Fill-in ACL Assignment tab settings
Mode : subtree
Role : manager
Members : rhollandais
In order to select members, click on add button against member
Select user Richard Hollandais from the users list
Click on Add button bottom right
Click again on Add button bottom right
You can now see the ACL Assignment tab filled with role manager for user Richard Hollandais
Click on Ok button bottom right
Result¶
Now in order to see that Manager Richard Hollandais can manage student Paola Italienne, let’s sign in FusionDirectory as rhollandais
As manager role, he can see Users icon on his interface
Click on Users icon and you will see the users Richard can manage
Plugins¶
FusionDirectory Plugins
Alias¶
FusionDirectory Plugins Alias
Description¶
This plugin is used in the management of two types of aliases:
Mailbox redirection (e.g. when a person leaves the company) from alias FORWARD TO another/s mail address
Mailbox distribution when receive a message for alias SEND TO mailbox in mail-server
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-alias
apt-get fusiondirectory-plugin-alias-schema
RHEL¶
yum install fusiondirectory-plugin-alias
yum install fusiondirectory-plugin-alias-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/alias-fd-conf.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/alias-fd.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/alias-fd-conf.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/alias-fd.schema
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Alias create temporary mail
For example, we need that all mails send to:
myboss.sharedbox@acme.com (mail attribute)
myboss@acme.com (gosaMailAlternateAddress)
are delivered to:
bigboss@acme.com (mail Attribute) mailbox on mailbox.server.com (gosaMailServer)
Click on the “Aliases” entry or icon, in administration section, to join the “Alias management” page. Now you can add a new Mailbox distribution via “Actions –> Create –> Temporary Mail distribution” (or modify the existing ones)
A new dialog is open:
Alias create temporary mail wiew
Base: Object base
Name: Name to identify this alias (required)
Description: Description of this alias
Email address: Email address (required)
Email aliases: Aliases of this email address (required)
Mail server: Mail server for this alias (required)
Expiration date: Date after which the distribution should be deleted. Leave empty for no deletion.
Alias create temporary mail redirection
For example we need to forward (duplicate and send) all mails send to :
towards:
-
Click on the entry or on the icon in administration section to join the “Alias management” page. Now you can add a new Mailbox redirection via “Actions –> Create –> Temporary Mail redirection” (or modify the existing ones):
Alias create temporary mail redirection view
Base: Object base
Name: (required) Name to identify this redirection.
Description: Description of this redirection.
Redirect from: (required) Mail address from which you want to redirect. This means the mail alias.
Redirect to: (required) Destination of this redirection.
Expiration date: Date after which the redirection should be deleted. Leave empty for no deletion.
Fill the required information, for the above example :
Alias create temporary mail redirection filled
Applications¶
FusionDirectory Plugins Applications
Description¶
The application plugin is used to add the definition of web and desktop applications. The web applications can be used on a roles or used to make a portal where users can click on icons. The Desktop applications can be used with deployment systems to create desktop entries
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-applications
apt-get install fusiondirectory-plugin-applications-schema
RHEL¶
yum install fusiondirectory-plugin-applications
yum install fusiondirectory-plugin-applications-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/applications-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/applications-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/applications-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/applications-fd-conf.schema
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Add a web application¶
A new dialog box will open, fill the forms and save your application :
Base: where is the application entry in the LDAP
Name: applications name
Description: description of the application
URL: URL of the application
Display Name: the name that we display (FusionDirectory portal)
Set your icon for you application (FusionDirectory portal)
Click « ok », and you will see the wordpress line created in the application
Now, if you click on the menu entry « Groups and roles » on the left, you will find a « role-test » group
If you click on the role-test group, you will see the Applications tab
Click on the entry that you created before and click « add », and you will see your webapplication added
Now go to LDAP tab and click on the entry you see
This will give you an overview of attributes fdApplicationAllowed that you will be able to use in a filter to restrict who can login
Use FusionDirectory as portal¶
Activate portal mode
Go in configuration
Click on plugins section and then click edit in the bottom right corner
Select your portal mode in the « Show web applications in menu » drop-down menu
None: no use portal mode
Only allowed: only allow user that are in a role that have your application
All: the icons are displayed for everyone
Audit¶
FusionDirectory Plugins Audit
Description¶
This plugin is used to audit all the operation done from FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-audit
apt-get install fusiondirectory-plugin-audit-schema
RHEL¶
yum install fusiondirectory-plugin-audit
yum install fusiondirectory-plugin-audit-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/audit-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/audit-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/audit-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/audit-fd-conf.schema
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Audit list
Create a filter
Audit filter result
Audit event
If you click on the author icon, you will get the author information
Audit author
Autofs¶
FusionDirectory Plugins Supann
Description¶
The Autofs plugin is used to manage autofs through an LDAP directory.
Autofs is a program for automatically mounting directories on an as-needed basis.
Auto-mounts are mounted only as they are accessed, and are unmounted after a period of inactivity.
Because of this, automounting NFS/Samba shares conserves bandwidth and offers better overall performance compared to static mounts via fstab.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Access to configuration is read-only. If you need to make changes, then you must press the “Edit” button at the bottom right of the window.
Functionalities¶
In your FusionDirectory web interface you have now, in the “Administration” section, a new tab and a new icon called “Autofs” that you can use to manage auto-mounts in your infrastructure :
Create Mount Point
Fill the different informations and click on ok to save it.
Create a directory
Fill the different informations and click on ok to save it.
Certificates¶
FusionDirectory Plugins Supann
Description¶
The Certificates plugin is used to to store private certificates in pem format.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Functionalities¶
Add a certificate
Select an user an click on certificate tab
Activate certificate tab
Add a browsable crt or pem certificate
Community¶
FusionDirectory Plugins Community
Description¶
The Community plugin is used to manage user communities in FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-community
apt-get install fusiondirectory-plugin-community-schema
RHEL¶
yum install fusiondirectory-plugin-community
yum install fusiondirectory-plugin-community-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/community-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/community-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/community-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/community-fd-conf.schema
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Go to Plugins tab
Click on Edit button bottom right
Fill-in Community options
Click on OK button bottom righ to save your options
Functionalities¶
Create a department
Click on Departments icon in FusionDirectory
Click on Actions –> Create –> Department
Go to Community Project tab
Click on Add Community projects settings
Fill-in all required fields
Click on OK button bottom right to save settings
Create an organization
Click on Departments icon in FusionDirectory
Click on Actions –> Create –> Organization
Click on Community organization tab
Click on Add Community organization settings
Fill-in all required fields
Click on OK button bottom right to save settings
Cyrus¶
FusionDirectory Plugins Cyrus
Description¶
This plugin is used to manage Cyrus mailboxes with FusionDirectory.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Cyrus mail configuration
Access to configuration is read-only. If you need to make changes, then you must press the “Edit” button at the bottom right of the window.
In Mail tab you will find the configuration of the cyrus plugin.
Mail settings
Account identification attribute: (required) Determines which attribute FusionDirectory will use to create accounts. Valid values are mail and uid.
Mail user template: Allows to override the user account creation syntax. See the “Mail folder template” description for more details.
Examples:
%prefix%%uid% => user.foobar
my-prefix.%uid%%domain% => my-prefix.foobar@example.com
Mail folder template: Allows to override the methods default account creation syntax.
Examples:
%prefix%%cn% => shared.development
my-prefix.%cn%%domain% => my-prefix.development@example.com
Placeholders for the Mail folder template usage:
%prefix% The methods default prefix. (Depends on 'Use cyrus UNIX style')
%cn% The groups/users cn.
%uid% The users uid.
%mail% The objects mail attribute.
%domain% The domain part of the objects mail attribute.
%mailpart% The user address part of the mail address.
%uattrib% Depends on mailAttribute (uid/mail).
Use cyrus UNIX style: Determines if FusionDirectory should use “foo/bar” instead of “foo.bar” namespaces in IMAP. Unix style is with slashes.
To use this option, you must set “unixhierarchysep” parameter to “yes” in your imap.conf configuration file.
unixhierarchysep: yes
Delete mailbox on account deletion: Determines if FusionDirectory should remove the mailbox from your IMAP server or keep it after the account is deleted in LDAP.
Cyrus autocreate folders: Contains a comma separated list of personal IMAP folders that should be created along initial account creation.
IMAP timeout: Sets the connection timeout for imap actions. Default value is 10 seconds.
Shared prefix: Defines the prefix to add for mail shared folders.
Functionalities¶
Add Cyrus service
Click on the System button located in the System section of FusionDirectory main page
Click on the server you wish to configure cyrus service, in this exemple we assume that the server name is “demo-fixes”
Click on “Services” tab and click on “action - create - cyrus IMAP/POP3:
Fill in required fields then click “Save”:
Cyrus settings
Hostname: Hostname of the Cyrus server.
Port: Port number on which Cyrus server should be contacted.
Option: (required) Options for contacting Cyrus server. Valid values are notls, tls and ssl.
Valide certificats: Whether or not to validate server certificate on connexion. Valid values are validate and no-validate.
Admin user: (required) Imap server admin user.
Password: (required) Admin user password.
Sieve settings
Hostname: Hostname of the Cyrus Sieve server.
Port: Port number on which Cyrus Sieve server should be contacted.
Option: (required) Options for contacting Cyrus Sieve server. Valid values are notls, tls and ssl.
Click on “save”
Now, in services column, you can see the cyrus icon:
From now you can create User Mailbox
Developers¶
FusionDirectory Plugins Developers
Description¶
The Developers plugin gives information for developers in FusionDirectory.
Installation¶
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Debug help
In the Reporting section in FusionDIrectory, click on Debug help icon
You can download a diagram and see the content of all object types
When you click on an object type, in this example FusionDirectory configuration, you can see the content of this object
Dovecot¶
FusionDirectory Plugins Supann
Description¶
The Dovecot plugin allows to manage Dovecot mailbox in FusionDirectory.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Functionalities¶
Add Dovecot service
Go to Systems
Create your server or edit an server
Click on services tab
Add Dovecot service
Fill the fields for the Dovecot plugin and save it:
Hostname: the hostname of the server
Port: port for the connexion
Option: tls or not
Validate certificate: if we validate the certificate or not
Fill in Dovecot connections
Fill in Dovecot master credentials
Click on ok to save your server
Dsa¶
FusionDirectory Plugins Dsa
Description¶
The dsa plugin is used to to create Directory Service Accounts for administrative purpose (like pam_ldap, dns, nssldap, smbldap-tools, argonaut etc.) inside the LDAP directory.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Access to configuration is read-only. If you need to make changes, then you must press the “Edit” button at the bottom right of the window.
In Plugins tab you will find the block DSA, which is related to the configuration of the Dsa plugin
DSA RDN: (required) Branch in which Directory Service Account (dsa) will be stored
Functionalities¶
How use custom the DSA plugin¶
In your FusionDirectory Web interface, in the « Users and Groups » section, you will find an icon called “DSA” that you can use to manage service accounts in your ldap directory :
Create a DSA account
Click on the “DSA” entry or icon, in users and groups section, to join the “DSA management” page.
Now you can add a new account (simple security object) via “Actions –> Create” (or modify the existing ones):
A new dialog is open, fill at least in required fields:
Base : object base
Entry Name : (required) Service Account name
Change password
Fill in the required fields :
Password method: (required) Password hash method to use
Password: (required) Service Account password
Password again: (required) Same password as above, to avoid errors
EJBCA¶
FusionDirectory Plugins EJBCA
Description¶
The EJBCA plugin is used to read ssl certificates published by EJBCA into LDAP with FusionDirectory.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Go to Plugins tab
Click on Edit button bottom right
Fill-in EJBCA RDN
Click on OK button bottom right to save
Functionalities¶
Assign a certificate at a user
Click on Users icon in FusionDirectory
Click on Actions –> Edit
Activate EJBCA tab
Click on EJBCA settings button
Select a certificate from the list
Click on Apply button bottom right to save
Assign a certificate at a system
Click on Systems icon in FusionDirectory
Click on Actions –> Create –> Server
Activate EJBCA tab
Click on EJBCA settings button
Select a certificate from the list
Click on Apply button bottom right to save
Click on OK button bottom right to save
Add a certificate
Click on EJBCA icon in FusionDirectory
EJBCA part in FusionDirectory
You can download your certificate here, but you may click on his name and see more info
GPG¶
FusionDirectory Plugins GPG
Description¶
The GPG plugin is used to store GPG keys in your directory through FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-gpg
apt-get install fusiondirectory-plugin-gpg-schema
RHEL¶
yum install fusiondirectory-plugin-gpg
yum install fusiondirectory-plugin-gpg-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/gpg-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/pgp*
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/gpg-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/pgp*
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Functionalities¶
Create a user
Click on « users » icon in FusionDirectory
Click on Actions –> create –> user
Activate GPG tab
Click on Add GPG settings
Add a key that is in your LDAP
Thick the key and save it
Ipmi¶
FusionDirectory Plugins Ipmi
Description¶
This impi plugin is used to store the impi credentials to connect to the impi component inside your systems.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Functionalities¶
How to add an Ipmi client
Go to Systems
Edit a server
Click on Ipmi client tab
Click on Add Ipmi client settings button
Fill IP, user login and user password Click on ok to save it
Ldapdump¶
FusionDirectory Plugins Ldapdump
Description¶
The Ldapdump plugin gives all the information from an object that is stored in the LDAP.
Installation¶
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Functionalities¶
How to use the LDAP Dump plugin
For example to see the ldapdump of a user object
Click on Users icon in FusionDirectory
Select a user by thicking the little box
Click on Actions –> Edit
Go to LDAP tab at the bottom
In the LDAP tab, you can see the DN of your element
If you click on your element, you will see all the informations that the LDAP contains
Ldap manager¶
FusionDirectory Plugins Ldap manager
Description¶
The LDAP Manager plugin is used to export/import ldif and csv with/without templates in FusionDirectory.
Installation¶
Configuration¶
There is no configuration for ldap manager
Functionalities¶
In your FusionDirectory web interface you have now, in the Configuration section, a new tab and a new icon called “Ldap import/export” that you can use to manage ldif in your infrastructure :
When you click on this tab or icon, then you can:
Export ldif
Import ldif
Import CSV
Export ldif
The LDIF export plugin provides methods to download a complete snapshot of the running LDAP directory as ldif. You may save these files for backup purpose or when initializing a new server.
« Export single entry » allows you to export a single ldap record. For example, in my ldap directory, if I ask to export the sales group:
cn=sales,ou=groups,dc=fusiondirectory,dc=org
the result is an ldif file with this content:
dn: cn=sales,ou=groups,dc=fusiondirectory,dc=org
cn: sales
gidNumber: 1105
memberUid: Homer.Sympson
memberUid: gmarquez
objectClass: top
objectClass: posixGroup
« Export complete LDIF for » allows you to export all records of your ldap directory.
Import ldif
The LDIF import plugin provides methods to upload a set of entries to your running LDAP directory as ldif. You may use this to add new or modify existing entries. Remember that FusionDirectory will not check your ldifs for FusionDirectory conformance.
Import LDIF File (Modify existing objects, keep untouched attributes)
For example, in FusionDirectory, I have this posixgroup-test group:
which corresponds at this entry in my ldap directory:
dn: cn=posix-group,ou=groups,dc=fusiondirectory,dc=org
cn: posix-group
gidNumber: 1105
memberUid: durieux.Bcarole
objectClass: top
objectClass: posixGroup
CSV import
The CSV import plugin provides methods to generate user accounts from a file containing Semi-Colon Seperated Values. The administrator can decide which columns should be transfered to which attribute and select a template to apply.
Note that the file must not contain a header line, all lines are treated as data to import, except if they start with a #.
Mail¶
FusionDirectory Plugins Mail
FusionDirectory mail concept¶
Mail methods
FusionDirectory supports different ways to manage your mail accounts, each type of mail account is represented by a so called mail method.
Every method implements a specific storage of mail accounts. The mail methods can also add functionalities specific for each kin of server we manage.
For now we support :
The base method explained in the mail plugin you are reading
The basic method just store the data that can be used by other service like postfix for example. The other method like cyrus, dovecot, renater-partage need the corresponding server
Description¶
The Mail plugin is used to manage basic mail attributes in FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-mail
apt-get install fusiondirectory-plugin-mail-schema
RHEL¶
yum install fusiondirectory-plugin-mail
yum install fusiondirectory-plugin-mail-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/mail-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/mail-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/mail-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/mail-fd-conf.schema
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Access to configuration is read-only. If you need to make changes, then you must press the “Edit” button at the bottom right of the window.
In Mail tab you will find the configuration of the plugin
Mail settings
Account attribute Identification : (required) Determines which attribute FusionDirectory will use to create accounts. Valid values are mail and uid
Mail user template : Allows to override the user account creation syntax. See the “Mail folder template” description for more details
Examples:
%prefix%%uid% => user.foobar
my-prefix.%uid%%domain% => my-prefix.foobar@example.com
Mail folder template : Allows to override the methods default account creation syntax
Examples:
%prefix%%cn% => shared.development
my-prefix.%cn%%domain% => my-prefix.development@example.com
Placeholders
%prefix% The methods default prefix. (Depends on 'Use cyrus UNIX style')
%cn% The groups/users cn.
%uid% The users uid.
%mail% The objects mail attribute.
%domain% The domain part of the objects mail attribute.
%mailpart% The user address part of the mail address.
%uattrib% Depends on mailAttribute (uid/mail).
Use cyrus UNIX style : Determines if FusionDirectory should use “foo/bar” instead of “foo.bar” namespaces in IMAP. Unix style is with slashes. To use this option, you must set “unixhierarchysep” parameter to “yes” in your imapd.conf configuration file.
Delete mailbox on account deletion : Determines if FusionDirectory should remove the mailbox from your IMAP server or keep it after the account is deleted in LDAP
Cyrus autocreate folders : Contains a comma separated list of personal IMAP folders that should be created along initial account creation
IMAP timeout : Sets the connection timeout for imap actions. Default value is 10 seconds
Shared prefix: Defines the prefix to add for mail shared folders
Functionalities¶
Basic service provided¶
Services installed
From now, you have this new services available for every system server:
IMAP/POP3 generic service.
Click on Systems icon in FusionDirectory
Select a server (in this example demo-dev)
Go to Services tab
In the drop-down menu click on Actions –> Create –> IMAP/POP3 generic service
If you choose this service, a new dialog is opened
You just need to click on « Save » button bottom right
Click on Apply button
Now, in services column, you can see the imap/pop3 icon
Newsletter¶
FusionDirectory Plugins Newsletter
Description¶
The Newsletter plugin is used to tell to which newsletter a user has subcribed to in FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-newsletter
apt-get install fusiondirectory-plugin-newsletter-schema
RHEL¶
yum install fusiondirectory-plugin-newsletter
yum install fusiondirectory-plugin-newsletter-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/newsletter-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/newsletter-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/newsletter-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/newsletter-fd-conf.schema
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Go to Plugins tab
Click on Edit button bottom right
Go to Newsletter choices and fill-il as required
Click OK to save your settings
Functionalities¶
Create Newsletter for a user
Click on Users icon in FusionDirectory
Select a user
Go to Newsletter tab
Click on Add Newsletter settings button
Fill-in Personal info
Click on Apply button bottom right to save your settings
Personal¶
FusionDirectory Plugins Personal
Description¶
The personal plugin is used to store all kind of personal information that are not standardized in the core LDAP schemas.
It stores social accounts, nicknames, private email, start and end date of contract, if the photo should be visible in a white page applications etc…
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-personal
apt-get install fusiondirectory-plugin-personal-schema
RHEL¶
yum install fusiondirectory-plugin-personal
yum install fusiondirectory-plugin-personal-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/personal-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/personal-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/personal-fd.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/personal-fd-conf.schema
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
You can thick the « Allow use of private email for password recovery » option, so that the personal address can be used for password recovery: configuration -> plugins -> personal in FusionDirectory
Functionalities¶
Edit a user
In FusionDirectory, click on users icon
This will bring you to the users overview
Click on a user and go to Personal tab
In this example, I selected peter antoine’s profile
Activate the personal tab, fill it like you want and save it
Click on « Apply » button bottom right
Now, if you go back to user list, you will see a new icon that defines that personal plugin is activated for your user
Pureftpd¶
FusionDirectory Plugins Pureftpd
Description¶
The Pureftpd plugin is used to manage pureftpd account inside the LDAP directory.
Installation¶
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Create Pureftpd User
In order to create a pureftpd user, you need to have a valid pureftpd server in your structure environnement.
Click on existing user or create a new one
Click on “Ftp” tab
Click on « Add Ftp settings » button
Fill the desired fields
Bandwidth :
Upload bandwidth (kb/sec) : Maximum upload bandwidth in Kb/sec
Download bandwidth (kb/sec) : Maximum download bandwidth in Kb/sec
Ratio :
Uploaded files : Defines upload ratio
Downloaded files: Defines download ratio
Quota :
Files : restrict the maximum number of files of a user directory
Size (MB) : restrict the maximum size, in MB, of a user directory
Miscellaneous :
Enable FTP access : thick the box if needed
Click on « Apply » button bottom right to save your settings
Renater Partage¶
FusionDirectory Plugins Renater Partage
Description¶
The RENATER Partage plugin manages the email component of the Partage de RENATER system, used by the research and education community in France.
To use it you need to be a Renater Partage partner and have a valid contract with a domain name and API key.
Installation¶
In order to install renater-partage plugin, you need to have installed and configured mail plugin.
Functionalities¶
Add Renater Partage service¶
Go to Systems
Create your server or edit an existing server
Click on services tab
Add the Renater Partage service
Fill the fields for the Renater plugin and save it
Global settings :
URI: url of the webservice
User Agent: name of the user agent
Mailbox deletion: should i delete the mailbox after removing the account
Per domains settings :
Domain: mail domain ex: acme.com
Key: API key received from Renater
Class of service: Service class name | cos id (zimbra cos id)
Click on « save » button bottom right to save your server
Add Renater Partage to a user¶
Click on « users » button in FusionDirectory main page
Select a user
Go to Mail tab and click on « Add mail settings »
Fill in all the required information : mail account and other addresses and redirections
Click on « Apply » button bottom right to save your settings
Add Renater Partage to a group¶
In the same way you can use the mail tab of a user group to synchronize it with PARTAGE. In this case you can activate and use the PARTAGE tab of the group to fill additional information.
Fields synchronised by renater-partage plugin¶
Here are the fields which are synchronized for users:
PARTAGE |
LDAP |
Notes |
|---|---|---|
zimbraCOSId |
COS id from Renater Partage service |
|
zimbraMailQuota |
gosaMailQuota |
Converted to Mio |
zimbraPrefMailLocalDeliveryDisabled |
Checkbox « No delivery to own mailbox » |
|
zimbraPrefMailForwardingAddress |
gosaMailForwardingAddress |
Only one value |
description |
description |
|
displayName |
displayName |
|
facsimileTelephoneNumber |
facsimileTelephoneNumber |
|
givenName |
givenName |
|
homePhone |
homePhone |
|
l |
l |
|
mobile |
mobile |
|
ou |
ou |
|
pager |
pager |
|
sn |
sn |
|
st |
st |
|
telephoneNumber |
telephoneNumber |
|
title |
title |
|
street |
street |
Activate « Separate address fields » configuration to see this field |
postalCode |
postalCode |
Activate « Separate address fields » configuration to see this field |
postOfficeBox |
postOfficeBox |
Activate « Separate address fields » configuration to see this field |
company |
o |
|
physicalDeliveryOfficeName |
roomNumber |
|
zimbraAccountStatus |
Computed from FD lock status |
|
initials |
Computed from givenName and sn |
|
carLicense |
eduPersonPrincipalName |
From SupAnn tab |
zimbraHideInGal |
supannListeRouge |
From SupAnn tab |
co |
co |
From personal tab |
Here are the fields which are synchronized for groups:
PARTAGE |
LDAP |
|---|---|
description |
description |
displayName |
displayName |
zimbraMailStatus |
fdRenaterPartageGroupMailStatus |
zimbraNotes |
fdRenaterPartageGroupNotes |
zimbraHideInGal |
fdRenaterPartageGroupHideInGal |
zimbraDistributionListSendShareMessageToNewMembers |
fdRenaterPartageGroupSendShareMessageToNewMembers |
Attributes¶
Attributes synchronised by renater-partage plugin¶
Here are the fields which are synchronized for users:
PARTAGE |
LDAP |
Notes |
|---|---|---|
zimbraCOSId |
COS id from Renater Partage service |
|
zimbraMailQuota |
gosaMailQuota |
Converted to Mio |
zimbraPrefMailLocalDeliveryDisabled |
gosaMailDeliveryMode |
Checkbox « No delivery to own mailbox » |
zimbraPrefMailForwardingAddress |
gosaMailForwardingAddress |
Only one value |
description |
description |
|
displayName |
displayName |
|
facsimileTelephoneNumber |
facsimileTelephoneNumber |
|
givenName |
givenName |
|
homePhone |
homePhone |
|
l |
l |
|
mobile |
mobile |
|
ou |
ou |
|
pager |
pager |
|
sn |
sn |
|
st |
st |
|
telephoneNumber |
telephoneNumber |
|
title |
title |
|
street |
street |
Activate « Separate address fields » configuration to see this field |
postalCode |
postalCode |
Activate « Separate address fields » configuration to see this field |
postOfficeBox |
postOfficeBox |
Activate « Separate address fields » configuration to see this field |
company |
o |
|
physicalDeliveryOfficeName |
roomNumber |
|
zimbraAccountStatus |
Computed from FD lock status |
|
initials |
Computed from givenName and sn |
|
carLicense |
eduPersonPrincipalName |
From SupAnn tab |
zimbraHideInGal |
supannListeRouge |
From SupAnn tab |
co |
co |
From personal tab |
Here are the fields which are synchronized for groups:
PARTAGE |
LDAP |
|---|---|
description |
description |
displayName |
displayName |
zimbraMailStatus |
fdRenaterPartageGroupMailStatus |
zimbraNotes |
fdRenaterPartageGroupNotes |
zimbraHideInGal |
fdRenaterPartageGroupHideInGal |
zimbraDistributionListSendShareMessageToNewMembers |
fdRenaterPartageGroupSendShareMessageToNewMembers |
Supann¶
FusionDirectory Plugins Supann
Description¶
The Supann plugin is used to store Supann data’s in FusionDirectory.
The plugin support Supann 2009.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-supann
apt-get install fusiondirectory-plugin-supann-schema
RHEL¶
yum install fusiondirectory-plugin-supann
yum install fusiondirectory-plugin-supann-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/internet2.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/supann_2009.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/supann-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/internet2.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/supann_2009.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/supann-fd-conf.schema
Configuration¶
The SupAnn standard specifies how to fill cn attribute: https://services.renater.fr/documentation/supann/supann2018/recommandations2018/attributs/cn
You can change how FusionDirectory fill cn attribute by modifying CN Pattern by « %t[fr_FR]|sn% %t[fr_FR]|givenName% » in the configuration backend People and group storage
Functionalities¶
Create an entity
Create an establishement
Create an user with supann informations
How use custom lists¶
For some attributes like diplome you can extend them with a custom file in /etc/fusiondirectory/supann/
This process work for the following attributes:
supannTypeEntiteAffectation (entite) only from FD 1.3
supannEtuDiplome_diplome (diplome)
supannEtuEtape (etuetape is default empty)
supannEtuElementPedagogique (etuelementpedagogique is default empty)
supannActivite (activite)
supannRoleGenerique (role)
You need to do the following to make it work.
Add a file like
diplome_CUSTOM in 
/etc/fusiondirectory/supann/Fill your file with your customs entries
In FusionDirectory you will need to select your « CUSTOM » part before selecting your entry that are in your file
Sinaps¶
FusionDirectory Plugins Sinaps
Description¶
The Sinaps plugin is used to synchronize user and structures information from Sinaps: http://www.amue.fr/pilotage/logiciels/sinaps/presentation/
Installation¶
Configuration¶
Basic configuration¶
Enable SINAPS integration: This can be unchecked if you need to deactivate SINAPS integration for some time, or before you finished configuration for instance.
Dry run mode: Can be used for tests, this deactivates sinaps integration but still dumps XML received and what would be send in the dump folder.
Acknowledgement URL: The URL for the acknowledgement end point of Sinaps
Dump folder: If this is set to a directory path, all messages sent to or received from sinaps will be dumped here. Can be useful for debugging.
Application identifier: String that identifies this FusionDirectory instance in Sinaps. This what will be looked for in cross references.
Applications identifiers to sync: Identifiers of other applications for which we want to store cross references in supannRefId field.
UUID prefix: The prefix you want to be added before the UUID in the supannRefId field.
User base: The base in which users created by sinaps will be stored.
User template: The template to use for creating such users.
API Tokens: A list of valid API tokens to be accepted by the sinaps end point. You can put what you want in here, but using long strings generated by cryptographically strong random sources is better.
Acquisition configuration¶
Acquisition URL: The URL for the acquisition end point of Sinaps
Login: The login to use to contact this end point
Password: The password to use
Acquisition external type: The string that will be put in typeExterne tag in the XML
Contact methods: Which LDAP fields to be send for acquisition, and as which Sinaps contact method
Functionalities¶
Once your FusionDirectory instance is correctly set to be receiving user and structures diffusion events in Sinaps and Sinaps plugin is up and running (see Configuration ), creation and modification on Sinaps objects will be applied in FusionDirectory with the following rules.
Diffusion¶
When a Diffusion event is received :
FusionDirectory first looks at the cross references and search for the application identifier set in the configuration
If no reference is found or the reference found is not found in the LDAP, an object is created.
Otherwise the matching object is updated.
Structure¶
Structures are synchronized as Supann entities.
FusionDirectory field |
Sinaps XML field |
Details |
|---|---|---|
ou |
libelle20 |
|
description |
descriptifLong |
|
supannCodeEntite |
codeStructure |
Must be unique as it’s used in the dn |
supannTypeEntite |
codeSousType |
You need to configure Sinaps to transcode this into a valid value |
supannRefId |
referenceCroisee |
Formated as {identifiantApplication}identifiantExterne |
telephoneNumber |
methodesDeContact/methodeDeContact/valeur |
If codeTypeMethodeContact is TEL |
facsimileTelephoneNumber |
methodesDeContact/methodeDeContact/valeur |
If codeTypeMethodeContact is FAX |
postalAddress |
methodesDeContact/methodeDeContact/* |
If codeTypeMethodeContact is ADR and temoinAdressePrincipale is true |
supannCodeEntiteParent |
liensStructure/lienStructure/codeStructureMere |
If codeTypeLien is HIE |
fdSupannStartDate |
dateDebutValidite |
|
fdSupannEndDate |
dateFinValidite |
Personne¶
Persons are synchronized as users.
If rattachements is empty, the event is considered as a deletion, in which case:
The current date is stored in fdContractEndDate
The account is locked
The fields telephoneNumber, facsimileTelephoneNumber and mobile are emptied
The mail tab is removed
Otherwise the following fields are sychronized:
FusionDirectory field |
Sinaps XML field |
Details |
|---|---|---|
supannCivilite |
civilite |
|
sn |
nomUsage |
|
description |
descriptifLong |
|
dateOfBirth |
dateNaissance |
|
gender |
sexe |
|
supannRefId |
referenceCroisee |
Formated as {identifiantApplication}identifiantExterne |
givenName |
prenoms |
Cut at first “;” |
homePhone |
methodesDeContact/methodeContact/valeur |
If typeMethodeContact is TELPERSO. Can only have one value. |
fdPrivateMail |
methodesDeContact/methodeContact/valeur |
If typeMethodeContact is MAILPERSO. Can have multiple values. |
postalAddress |
methodesDeContact/methodeContact/* |
If codeTypeMethodeContact is ADR and temoinAdressePrincipale is true, and codeTypeAdresse is not ADRPERSO |
homePostalAddress |
methodesDeContact/methodeContact/* |
Same as above but codeTypeAdresse is ADRPERSO |
supannEntiteAffectationPrincipale |
rattachements/rattachement/roles/role/personneRessource/affectations/affectation |
Only if role/typeRole is PR and the cross reference is found in the LDAP |
supannEntiteAffectation |
rattachements/rattachement/roles/role/personneRessource/affectations/affectation |
Same as above |
supannEmpCorps |
rattachements/rattachement/roles/role/personneRessource/elementsDeCarriere/elementCarriere/corps |
Only if role/typeRole is PR |
supannActivite |
rattachements/rattachement/roles/role/personneRessource/elementsDeCarriere/elementCarriere/bapReferens |
Only if role/typeRole is PR |
supannRoleGenerique |
rattachements/rattachement/fonctionsOccupees/fonctionOccupee/fonctionRh |
|
supannTypeEntiteAffectation |
rattachements/rattachement/fonctionsOccupees/fonctionOccupee |
If the cross reference is found in the LDAP |
supannEntiteAffectation |
rattachements/rattachement/fonctionsOccupees/fonctionOccupee |
If the cross reference is found in the LDAP |
supannRoleEntite |
rattachements/rattachement/fonctionsOccupees/fonctionOccupee |
Groups values from the three fields above |
Acquisition¶
Once FusionDirectory is properly configured to send Acquisition events to Sinaps, it will do so when a user is modified, with the following rules:
Fields listed in Contact methods in the configuration are sent as the indicated contact methods
supannEntiteAffectationPrincipale is send as a rattachement with roles/role/typeRole = EXT and roles/role/externe/typeExterne the value configured in Acquisition external type in the configuration
Sogo¶
FusionDirectory Plugins Sogo
Description¶
The SOGo plugin is used to manage location (thing and group) in FusionDirectory.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-sogo
apt-get install fusiondirectory-plugin-sogo-schema
RHEL¶
yum install fusiondirectory-plugin-sogo
yum install fusiondirectory-plugin-sogo-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/sogo-fd-conf.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/calEntry.schema
fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/calRessources.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/sogo-fd-conf.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/calEntry.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/calRessources.schema
Configuration¶
If you need to modify something, you can access to FD configuration of the plugin by the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory Configutation Interface:
Click on Plugins tab
Click on Edit button bottom right and fill in SOGo settings
SOGo RDN : (required) Branch in which SOGo resources will be stored
Click on Ok button bottom right to save settings
Functionalities¶
How to use SOGo plugin
In your FusionDirectory web interface you have now, in the “Systems” section, click on SOGo icon
Click on Actions –> Create –> SOGo resource
Fill-in the required information
Click on Ok button bottom right to save your settings
Squid¶
FusionDirectory Plugins Squid
Description¶
The Squid plugin provides management for squid proxy users in FusionDirectory.
Installation¶
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Create Squid User
Click on Users icon in FusionDirectory
Click on an existing user
Click on “Proxy” tab
Click on “Add Proxy Settings” button
Fill the desired fields then click “Ok” to save
Proxy account
Filter unwanted content (i.e. pornographic or violence related) : Check if you want enable filtering unwanted content (i.e. pornographic or violence related) for this user.
Limit proxy access to working time : Check if you want enable limit proxy access to working time. Choose the start and the end of working time beside, once enabled.
Restrict proxy usage by quota : Check if you want enable restrict proxy usage by quota. Choose the quota amount beside, once enabled.
Now, in Properties tab, you can see the squid icon
SSH¶
FusionDirectory Plugins SSH
Description¶
The SSH plugin provides management for ssh public key in FusionDirectory.
Installation¶
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Create SSH user
Click on Users icon in FusionDirectory
Click on a user
Click on SSH Tab
Click on « Add SSH settings » button
Load the user’s ssh public key and click “Add” to upload the key
Click on « Ok » button bottom right to save your settings
Now, in Properties tab, you can see the ssh icon
Subcontracting¶
FusionDirectory Plugins Subcontracting
Description¶
The Subcontracting plugin is used to manage user from your company but who works in other companies for long periods of time in FusionDirectory.
Installation¶
Configuration¶
No configuration needed for this plugin.
Functionalities¶
Create a subcontracting user
In FusionDirectory, click on Users icon
Select a user
Go to Subcontracting tab
Click on « Add Subcontracting settings » button
Fill-in SubContracting Information
Intermediate : Contact to the Final Customer
Final Customer : Final Customer for this mission
Mail Address : mail address assigned for this mission
Phone : phone number assigned for this mission
Street Address : address where this mission is executed
Click on Apply button bottom right to save your settings
Now, on your user profile line you can see the Subcontracting icon
User-reminder¶
FusionDirectory Plugins user-reminder
Description¶
The user-reminder plugin is a plugin that reminds the users that their account will expire.
Installation¶
Configuration¶
How to configure User-Reminder plugin
Click on COnfiguration icon in FusionDirectory
Go to User reminder tab
Click on the edit button at the bottom right
Fill-in user-reminder settings:
Delay before expiration: days before expiration when we send the email
Delay before sending again: days before sending a second email
Extension of the validity: number of days for the postpone
Sender email address: sender e-mail address
Allow use of alternate addresses: thick this box if needed
Fill-in Ppolicy email settings:
Forward alerts to the manager : thick to send alert to manager
Subject : subject of the e-mail
Body (%s are cn and login) : content of the e-mail
Fill-in Alert email settings:
Forward alerts to the manager : thick to send alert to manager
Subject : subject of the e-mail
Body (%s are cn and login) : content of the e-mail
Fill-in Confirmation email settings:
Forward alerts to the manager : thick to send alert to manager
Subject : subject of the e-mail
Body (%s are cn and login) : content of the e-mail
Click on « ok » to save your configuration
/!Don’t forget to add password expiration date in Unix tab. /!
Functionalities¶
The user reminder plugin is used in conjunction with the argonaut-user-reminder program
Weblink¶
FusionDirectory Plugins Weblink
Description¶
The weblink plugin gives a link to simply access your configuration interface of your device, system, etc.
Installation¶
Install packages¶
Debian¶
apt-get install fusiondirectory-plugin-weblink
apt-get install fusiondirectory-plugin-systems-schema
RHEL¶
yum install fusiondirectory-plugin-weblink
yum install fusiondirectory-plugin-systems-schema
Install schemas¶
Debian¶
fusiondirectory-insert-schema -i /etc/ldap/schema/
fusiondirectory/systems-fd.schema /etc/ldap/schema/
fusiondirectory/systems-fd-conf.schema
RHEL¶
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/systems-fd.schema
fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/systems-fd-conf.schema
Configuration¶
No configuration needed for this plugin.
Functionalities¶
How to use the weblink plugin
Click on Systems icon in FusionDirectory
Create a workstation
Click on Action –> Create –> Workstation
Click on the web link tab
Click on Add Web link settings
Choose the protocol for your link
Click on OK button bottom right to save
Webservice¶
FusionDirectory Plugins Webservice
Description¶
The Webservice plugin is used to configure webservice of FusionDirectory.
Installation¶
Configuration¶
Webservice configuration
Go to Configuration
Open Plugins tab
Click on Edit button bottom right
«Force SSL» option is on by default, you can unthick it if you want to call the webservice over HTTP
Click on OK button bottom right to save it
Functionalities¶
FusionDirectory WebService plugin exposes a JSONRPC webservice you can use if you want to access LDAP content through FusionDirectory system. This way, you ensure that things like foreign keys are kept consistent, and you have a nicer API than the low-level LDAP one.
It is a standard JSONRPC server served on HTTPS protocol.
Note that you can allow HTTP in plugin configuration, but please avoid doing so except for testing purposes.
Templates¶
FusionDirectory Templates
Functionalities¶
FusionDirectory user template’s, you can give the possibility to automatically create some entries during your new user creation process.
The concept of templates in FusionDirectory is to allow you to automatically create any objects stored inside Fusiondirectory in a programmable way.
Define precisely how the attributes will be constructed, uppercase, lowercase, first letter of an attribute+4 letters of another attribute …
Fill other attributes based on value stored elsewhere
Generate random password
Calculate date / time for account expiration
and so much more …
Create a user template¶
Click on tab or icon Users, in the Users and groups section in FusionDirectory
Click Actions –> Create –> Template
Depending on which other plugins you have installed, you can configure your template like you need. Below, you can find some exemple.
You can find the documentation on how to create a macro here Macros.
User¶
The user tab is the base of your template, click on User tab
Generic User tab : this is the base tab to create a user template.
In this example we set the following macros to create a user :
Login : %alps[1]|givenName%%alp|sn% meaning that login will be first letter of first name in low character followed by last name in low characters
Password : %r[12]|% meaning that password will contain 12 random characters
Unix¶
When you are creating or editing your template, click on Unix tab Then click on Add Unix settings. A new dialog is opened
Then click on Add Unix settings. A new dialog is opened
Fill-in Unix settings
Home directory : the path to the home directory of this user (required).
You can use macro to automatically build the name of home directory users
For example : /home/%uid%
Mail¶
When you are creating or editing your template, click on Mail tab
Then click on Add Mail settings. A new dialog is opened
Fill-in Mail account settings
Primary address : primary mail address (required)
You can use the macros to automatically build the name of mail user account.
In this example we set macro %uid%@acme.com meaning that the mail account will be userid@acme.com
Click on Ok button bottom right
Now on the main page, on you template line, you will see the mail icon
Use a user template¶
How to apply a template
Here is an example of how templates works.
We will take the most common example of creating a user from a template.
Click on tab or icon Users, in the Users and groups section in FusionDirectory
Click on Actions –> Create –> From template
A new page called Creating a new object using templates will appear. Choose the template the you wish to use from the drop-down menu
Click on Continue button bottom right
Fill-in the required information
Last name : last name of this user (required)
First name : first name of this user (required)
Base : object base
Click on Continue button bottom right
You will now automatically see the User tab filled as per the macros you have put in your template.
See how to use macros : (url à mettre)
In this example, the user personal info look like this :
And the Unix info look like this :
And the Mail info look like this :
Click on Ok button bottom right
Now on the main page you can see the new user, with the Unix and Mail icons
Macros¶
You can use macros to automate the creation of attributes based on rules inside the templates.
How to use a macro
macro must always be enclosed in %.
%sn% The value of "Last name" field, entered during account creation.
Macros
a
The a macro can be used to return the unaccented version of the parameter.
Examples:
%a|sn% "Last name" field returned in unaccented.
If "sn=Valérie" then the returned value is "Valerie"
b
The b macro can be used to convert to base64.
c
The c macro can be used to put a comment. An example :
%c|this is just a comment% returns an empty string.
It can also be used to make a template uid unique when 2 templates have the same uid pattern:
%al|sn%%c|template1%
%al|sn%%c|template2%
d
The d macro can be used to generate dates and times.
First parameter is date string (defaults to “now”)
Second one is date format (defaults to “d.m.Y”, to be used in date fields).
Examples:
%d|% 15.03.2017
%d[tomorrow]|% 16.03.2017
%d[today+6days]|% 21.03.2017
%d[now,l jS \of F Y h:i:s A]|% Wednesday 15th of March 2017 02:12:18 PM
as POSIX date fields expects a specific format you need to add “epoch” as second parameter to the d modifier.
%d[today+30days,epoch]|% 15.04.2017
i
The i macro can be used to have the first letter of a word in capital letters and the rest in lower case letters.
Examples:
%i|sn% if our sn is "MY LAST NAME" we will have "My Last Name" in description.
We do not allow element to be transformed by itself.
Example : we cannot do %i|sn% in %sn% because it would make a loop.
If we try it we will have this kind of error
Recursive dependency in the template fields: "givenName" cannot depend on "givenName" as "givenName" already depends on "givenName".
l
The l macro can be used to return the lowercase version of the parameter.
%l|sn% "Last name" field returned in lowercase.
If "sn=Valérie" then the returned value is "valérie"
p
The p macro can be used to remove whitespaces. It can also be used for any search and replace based on preg_replace.
For this provide 2 arguments
first one is regexp
second one is replacement string.
Default values are /s/ and empty string, to remove all whitespaces as in previous behavior.
Examples:
%p|sn% "Last name" field, without whitespaces. "O Connor" becomes "OConnor".
%p[/\s/,-]|sn% "Last name" field, with whitespaces replaced by dashes. "O Connor" becomes "O-Connor".
r
The r macro can be used to generate random strings, for instance for passwords.
It can take up to three arguments
min length
max length
character type.
Third argument should be either
l for letters
d for digits
b for both.
Default is both.
The default length is 8 and if there is only one argument it will be used as a fixed length.
Examples:
%r[6,10]|% a random string with a random length between 6 and 10 chars containing both letters and digits
%r|% a random string of length 8
%r[12]|% a random string of length 12
%r[5,10,d]|% a random string of a random length between 5 and 10 containing only digits
s
The s macro can be used to generate substrings.
Examples:
%s[1,3]|sn% a substring of "Last name" field, taking 3 characters and starting at position 1.
%s[0,1]|sn% the first character of "Last name" field.
%s[1]|sn% the first character of "Last name" field (short syntax).
%s[5]|sn% a substring of "Last name" field, taking 5 first characters.
%s[2,4-8]|sn% a substring of "Last name" field, taking minimum 4 characters (more if needed for unicity)
and starting at position 2.
%s[4-8]|sn% a substring of "Last name" field, taking minimum 4 characters (more if needed for unicity).
%s[-5,2]|sn% a substring of "Last name" field, taking 2 characters and starting 5 characters from the end.
%s[-5,5]|sn% a substring of "Last name" field, taking the last 5 characters.
t
The t macro can be used to return the transliterated version of the parameter. The parameters are the list of locales to use for transliteration (first one will be used by non-interactive uses of the template).
Examples:
%t[de_DE]|sn% "Last name" field returned transliterated.
If "sn=Süßkartoffel" then the returned value is "Suesskartoffel"
Note that the locale used must be installed on the server (and web server needs to be restarted after locale installation).
Array macro
C
The C macro (added in version 1.0.10) returns the count of values in the attribute. It can be 0.
%C|arrayAttribute% returns the number of values in arrayAttribute
F
The F macro returns the first value of the array
J
The J macro returns the values joined together. It takes the separator as parameter.
%J[:]|arrayAttribute% returns the values joined and separated by : character
L
The L macro returns the last value of the array
Combining examples
%al|sn% "Last name" field returned in lowercase unaccented.
If "sn=Valérie" then the returned value is "valerie"
%au|sn% "Last name" field returned in uppercase unaccented.
If "sn=Valérie" then the returned value is "VALERIE"
%alp|sn% "Last name" field returned in lowercase unaccented without whitespaces.
If "sn=Valérie DUPONT" then the returned value is "valeriedupont"
%us[0,4]|sn% a substring of "Last name" field, taking 4 characters, starting at position 0 and converting in uppercase.
If "sn=Valérie" then the returned value is "VALÉ".
%ls[1,4]|sn% a substring of "Last name" field, taking 4 characters, starting at position 1 and converting in lowercase.
If "sn=Valérie" then the returned value is "alér".
%las[4]|sn% a substring of "Last name" field, taking the first 4 characters and converting in unaccented lowercase.
If "sn=Valérie" then the returned value is "vale".
%r[8,8,l]u|% a random string of length 8, containing uppercase letters.
Triggers¶
FusionDirectory Triggers
Functionalities¶
All plugins can run external scripts when an action is triggered for creating, modifying or deleting. You can use pre and post events depending when you want to run the script.
Pre triggers¶
precreate : Execute the script before creation.
premodify : Execute the script before editing.
preremove: Execute the script before removing.
The trigger works well and does not display information if it returns 0 On error, prevents save and displays error.
Post triggers¶
postcreate : Execute the script after creation.
postmodify : Execute the script after editing.
postremove : Execute the script after removing.
The hook works well and does not display information if it returns 0 On error, displays command output.
Check triggers¶
Execute the script in the check step (before saving), if it outputs anything, prevent save and show output as an error.
The trigger is considered to have passed if it returns 0 and does not display any message. (If it outputs anything it appears as a check failure, if it returns anything other than 0 it is considered a script error, for instance if the script was not able to do the check for some reason).
LDAP attributes¶
You can use ldap attributes as command line options. Use the macro syntax.
LDAP arrays¶
If you put a var that is an array in the args of the hook, gosaAlternateMailAddress for instance, only the first value will be returned unless you use a modifier: macro
Special variables¶
%callerDN% gives the DN of the author of the modification
%callerCN% gives the CN of the author of the modification
%callerUID% gives the UID of the author of the modification
%callerSN% gives the SN of the author of the modification
%callerGIVENNAME% gives the GIVENNAME of the author of the modification
%dn% gives the dn of the modified object
%location% gives the name of the location of the LDAP
On users you get these extra variables available:
%userPassword% to get password hash
%passwordMethod% to get password method (usually ssha)
%passwordClear% to get clear password
%userLocked% to get user lock status (0 or 1)
Complete saving cycle¶
When an object is saved, all check triggers are run first, then if no errors were returned, the plugin is moved if the dn changed, and then each tab is saved separately, running its precreate/premodify triggers, saving itself to the LDAP, and then running its postcreate/postmodify. This means that when your trigger is called, the tabs after the one that triggered it are not saved yet. Any trigger error (code returned other than 0) will interrupt the saving cycle.
There is no specific order between triggers on the same event of the same tab. If you need several triggers to run in a specific order on a same tab, call them from a script that you set as trigger, allowing you to control the order.
Also note that the save will only happen if something changed in the tab. If no data was modified, no saving is needed, and thus the triggers won’t get called.
Configuration¶
How you can use a trigger
You can access to triggers management via the “Configuration” icon or entry in the “Addons” section of the main page of FusionDirectory
Access is read-only. If you need to make changes, then you must press the “Edit” button at the bottom right of the window.
In Hooks section you can define all your triggers
Hooks : triggers that are called when specific actions happens
Tab : the tab that this triggers concerns (mandatory)
Mode : when to call this command (required)
Command: the command that will be called (mandatory)
Display hook output : when enables successful trigger execution output is displayed to the user using a dialog
Note
The arguments are automatically escape and surrounds by quote so you may not use quote in command.
Example
The line :
check sudo /usr/local/sbin/fd-userCheckHookSendMail.sh %dn% %fdPrivateMail% %givenName% %sn% %uid% %callerGIVENNAME% %callerSN% %passwordClear% %nbCheckErrors%
This will generate an automated e-mail like this :
Hello bilbo the hobbit,
Your account hbilbo has been created with password "vegOtNubraw7"
Please follow the next steps:
- Go to https://acme.fusiondirectory.org/
- Modify your password.
- Fill your infos if you want
- You can access the gitlab at https://gitlab.fusiondirectory.org
Enjoy,
FusionDirectory's Team
Most frequent mistakes¶
Nothing happens, the script seems not to be called
Check the sudoers entry for the webserver user (www-data, wwwrun, ..) and don’t forget to use “NOPASSWD”
Try to run the script as webserver user, use the complete command used in fusiondirectory configuration(/usr/bin/sudo …).
Ensure that you have placed the post event correctly in the fusiondirectory configuration.
Example
%www-data ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/hook.sh
Faq¶
FusionDirectory Frequent asked Questions
Acls Issues¶
How can I let a person do administrative tasks under a specific department?
FusionDirectory implements a flexible but complex ACL management, please have a look at the following wiki page: FusionDirectory Acls
How can I permit users to change some of their own attributes?
FusionDirectory implements a flexible but complex ACL management system, please have a look at the following wiki page: FusionDirectory Acls
Additionally you have to check the option “Apply this acl only for users own entries”.
How can I disable ACLs in case of misconfiguration?
The ignoreAcl value tells FusionDirectory to ignore complete ACL sets for the given DN. Add your DN and you’ll be able to restore accidently dropped ACLs.
You need to add ignoreAcl in the main section of your fusiondirectory.conf like in this exemple :
<main default="default">
<!-- ... -->
ignoreAcl="put_the_desired_dn"
<!-- ... -->
</main>
Migrations issues¶
After installing FusionDirectory using an existing LDAP tree, my user accounts are not listed.
You need to add the following objectClasses to your accounts:
objectClass: person
objectClass: organizationalPerson
if you follow the fusiondirectory web setup those accounts will be migrated automatically
Administrators issues¶
I can’t logon as Administrator, what is wrong ?
It looks like you are missing an fusiondirectory administrative account.
fusiondirectory-setup --check-ldap
Bug report¶
Welcome¶
«Here’s a list of our guidelines, If you want to share a best practice, or think one of these guidelines should be removed, feel free to share it with us.»
🎉 First off, thanks for taking the time to report bug and missing features !
Now, sit comfortably at the fireplace, grab your glasses and immerse yourself in our documentation.
Code Of Conduct¶
All projects and everyone participating in it is governed by FusionDirectory Code of Conduct
By participating, you are expected to uphold this code. Please read this before.
I just have a question!¶
Note
Please don’t file an issue to ask a question. You’ll get faster results by using the resource below.
We have an various channel of communications
Reporting bug or missing features¶
Register for a FusionDirectory project account¶
To create a FusionDirectory project Account you must go to
Put FusionDirectory in debug mode¶
Go into FusionDirectory configuration
Activate the displaying of PHP errors, and the TRACE debug level
Finding Wonderful Bugs¶
Note
This section guides you through submitting a bug report. Following these guidelines helps maintainers and the community understand your report, reproduce the behavior, and find related reports.
When you are creating a bug report, please include as many details as possible. Fill out the Bugs template to create issues, the information it asks for helps us resolve issues faster.
Explain the problem and include additional details to help maintainers reproduce the problem:
Use a clear and descriptive title for the issue to identify the problem.
Describe the exact steps which reproduce the problem in as many details as possible. For example, start by explaining wich brower and it’s version. When listing steps, don’t just say what you did, but explain how you did it. For example, if you moved the cursor to the end of an input, explain if you used the mouse, or a keyboard.
Describe the behavior you observed after following the steps and point out what exactly is the problem with that behavior.
Explain which behavior you expected to see instead and why.
Include screenshots and animated GIFs which show you following the described steps and clearly demonstrate the problem. You can use this tool to record GIFs on macOS and Windows, and this tool on Linux.
Include the PHP errors and trace collected at the debug step above
If the problem is linked to a specific LDAP entry attach its LDAP dump.
Fill in a report on :
FusionDirectory for the core program
FusionDirectory Plugins for plugins.
Any Feedback To Enhance FusionDirectory¶
Note
This section guides you through submitting an enhancement suggestion, including completely new features and minor improvements to existing functionality. Following these guidelines helps maintainers and the community understand your suggestion and find related suggestions.
When you are creating a enhancement report, please include as many details as possible. Fill out the Enhancement template to create thoses issues, the information it asks for helps us resolve issues faster.
FusionDirectory for the core program
FusionDirectory Plugins for plugins.
Use a clear and descriptive title for the issue to identify the suggestion.
Provide a step-by-step description of the suggested enhancement in as many details as possible.
Describe the current behavior and explain which behavior you expected to see instead and why.
Include screenshots and animated GIFs which help you demonstrate the steps which the suggestion is related to. You can use this tool to record GIFs on macOS and Windows, and this tool on Linux.
Explain why this enhancement would be useful to most FusionDirectory users.
This document is strongly inspired by the following resources: ovh-ux-guidelines, project-guidelines, Atom Guidelines, Angularjs guidelines.
With love ❤️
Release Policy¶
This section explain the release cycle and where contributions, fixes will be merged
FusionDirectory Version policy¶
Versioning¶
FusionDirectory can have 3 digits at maximum in a version : X.Y.Z
Z version increments (X.Y.Z1 –> X.Y.Z2, for example 1.2.1 to 1.2.2) are minor bug fix only releases.
Y or X version increments are major releases (X.Y1.Z -> X.Y2.Z, for exemple 1.1 to 1.2) are major releases.
Major Release¶
Can contain any type of bugfix, new features and code refactor.
Can remove attributes or objectclasses from the schema only if they were declared OBSOLETE in the previous major release.
Can put OBSOLETE attributes and classes which are no longer used by the code.
Two 2 major releases are needed before removing OBSOLETE attributes and objectClass.
Can provide migration scripts in fusiondirectory-setup if needed for those, and/or migration instructions in the documentation.
Have to provide migration instruction from previous major release.
Minor release¶
Minor release are small releases containing only bugfix to the last major release. It should be numbered with 3 digits.
Minor release cannot contain :
Schema changes
New features
Code refactor
Poorly tested code
Changes which may break existing plugins or themes for previous release (or scripts based on the webservice)
Minor release contain :
bugfix : should fix a bug observed in a previous release, something which did not work as intended.
Exceptions can be made :
New feature can be included if it does not require any schema change and does not interfere with existing features
Code refactor can be included if it leads to a significant performance gain and is thoroughly tested
New plugin may be added if it does not require schema change (but it can add new schemas as this is non-intrusive)
Minor release must be released as soon as possible when :
Security breach is found in the last stable release
Regression (a bug which was not there in previous releases) is found in the last stable release
Major bug is found in the last stable release
FusionDirectory Life Cycle¶
A maintained version is a major version for which we release minor bug fix releases and communicate about security vulnerabilities.
Our general support policy is to maintain major releases until 12 months after the next major version is released to give some time for upgrading.
License¶
License¶
FusionDirectory is available under the GNU General Public License 2.0
FusionDirectory documentation is under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Schema2ldif¶
Contents:
What is schema2ldif ?¶
Schema2ldif provides a solution to the conversion and management of schema inside an OpenLDAP directory.
OpenLDAP since version 2.4 has a backend named cn=config where everything is stored in ldif format including schemas.
Schemas must therefore be converted from schema format to ldif format to be inserted in the directory, you must also be able to update, delete, add schemas during the life of your directory.
To simplify all these operations we have written two utilities that can be used by everyone, including those that would not use FusionDirectory.
ldap-schema-manager: list, insert, modify, insert diagrams
schema2ldif: which converts your schemas to ldif
Install Schema2ldif¶
Install Schema2ldif
Getting the official GPG keys to active package signature¶
Our packages for Debian and Centos/RHEL are signed with the official gpg key of the project.
Getting the new official gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xD744D55EACDA69FF
gpg --export -a "FusionDirectory Project Signing Key <contact@fusiondirectory.org>" > FD-archive-key
Getting the development gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xADD3A1B88B29AE4A
gpg --export -a "FusionDirectory Packagers <fusiondirectory-packages@lists.fusiondirectory.org>" > FD-archive-dev-key
Adding the key to apt for Debian/Ubuntu¶
apt-key add FD-archive-key
Adding the key to RPM for Centos / RHEL / Scientific Linux¶
cp FD-archive-key /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Debian Repository¶
Debian Stretch¶
To use the lastest published version for stretch put this in your /etc/apt/sources.list
#fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main
Debian Jessie¶
To use the lastest published version for jessie put this in your /etc/apt/sources.list
#fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main
RPM Repository¶
A repository is available for Centos7
CentOS 7 / RHEL 7¶
To use the lastest published version put this
[fusiondirectory-extra]
name=Fusiondirectory Extra Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/fusiondirectory-extra/rhel7/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Install Schema2ldif on Debian¶
Install schema2ldif
Installing Dependencies¶
All The needed dependancies are resolved by the debian packages
Note
The repositories are in https for Debian so you will need to install apt-transport-https
Install the Schema2ldif Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your Debian version
Create one new .list file fusiondirectory-extra with your favorite text editor in /etc/apt/source.list.d
Install Schema2ldif on Centos¶
Install Schema2ldif
Installing Dependencies¶
Install the FusionDirectory Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your centos version
Create one new repo file for fusiondirectory-extra with your favorite text editor in /etc/yum.repos.d/
ldap-schema-manager¶
Description¶
This program will list, insert, empty or modify the ldap schemas into the ldap server.
Functionalities¶
How it works¶
List schemas already installed :
ldap-schema-manager -l
Insert a new schema :¶
ldap-schema-manager -i /path/to/your/file.schema
If a schema of the same name is already present the insertion will fail. If the file doesnt have a .schema extension added to the name, ldap-schema-manager will add .ldif
Update a schema :¶
ldap-schema-manager -m /path/to/your/file.schema
If a schema of the same name is not present the update will fail.
Empty a schema :¶
ldap-schema-manager -e schema_name
Avertissement
This will clean the schema but it stay inside your ldap server in de cn=schema,cn=config. It’s impossible right now to remove a node from cn=schema,cn=config. ldap-schema-manager provide this solution to be able to remove a schema without stopping the ldap server, but the schema will still be listed by running -l.
Note
The conversion is done by schema2ldif. The only constraint is that the schema first list attributes then objectclass, which is the case in all the standard schema we saw.
Note
If you want to insert again a schema emptied by -e, you should use -m and not -i.
Schema2ldif¶
Description¶
Schema2ldif will read the given input file and convert it to an LDIF file that you can insert into your LDAP directory.
Functionalities¶
schema2ldif <options> <FILE> > file.ldif
How it works¶
convert a schema :¶
schema2ldif cosine.schema > cosine.ldif
the name of the file (without extension) will be used as cn.
options :¶
-c
Use CN as cn for the schema (mandatory if no file provided)
-b
Use BRANCH instead of cn=schema,cn=config
Note
If <FILE> is not provided, it will read from standard input. In this case, the -c option is mandatory.
License¶
Schema2ldif is available under the BSD 3 Clause
FusionDirectory documentation is under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Argonaut¶
What is Argonaut ?¶
Argonaut is the companion of FusionDirectory , is goal is to allow the management of services and integrate the deployment system(s) from FusionDirectory.
Features¶
Argonaut is composed of a client Argonaut Client and a server Argonaut Server
Both client and server sides can load modules at start, those modules are strongly related to a FusionDirectory plugin.
Modules can be classified into three categories :
FusionDirectory integration
argonaut-user-reminder to manage the accoun reminder plugin of FusionDirectory
argonaut-clean-audit to clean the audit branch of FusionDirectory
Services management
argonaut-ldap2zone: update a dns zone, create view, create acls for Bind
argonaut-quota: apply a quota
argonaut-dovecot: create the mailbox quota and applies it Dovecot
argonaut-fuse : create on the fly pxelinux.cfg file that matches the type of machine to be deployed, allowing automatic boot during an install by pxe
Integration with deployment tools
argonaut-fai-nfsroot : Tools, queues and status management for FAI (Fully Automated Install) installations.
argonaut-fai-mirror: create a synchronization script Mirror of debian or RPM packages
argonaut-fai-monitor: follow FAI installation and report states to FusionDirectory
argonaut-fai-server : Argonaut server module to manage FAI
argonaut-server-module-opsi : queues, profiles management
Install Argonaut¶
Install Argonaut
Getting the official GPG keys to active package signature¶
Our packages for Debian and Centos/RHEL are signed with the official gpg key of the project.
Getting the new official gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xD744D55EACDA69FF
gpg --export -a "FusionDirectory Project Signing Key <contact@fusiondirectory.org>" > FD-archive-key
Getting the development gpg key¶
gpg --keyserver keys.gnupg.net --recv-key 0xADD3A1B88B29AE4A
gpg --export -a "FusionDirectory Packagers <fusiondirectory-packages@lists.fusiondirectory.org>" > FD-archive-dev-key
Adding the key to apt for Debian/Ubuntu¶
apt-key add FD-archive-key
Adding the key to RPM for Centos / RHEL / Scientific Linux¶
cp FD-archive-key /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Debian Repository¶
Debian Stretch¶
To use the lastest published version for stretch put this in your /etc/apt/sources.list
#fusiondirectory repository
deb https://repos.fusiondirectory.org/argonaut-current/debian-stretch/ stretch main
#fusiondirectory extra repository
deb https://repos.fusiondirectory.org/argonaut-extra/debian-stretch/ stretch main
RPM Repository¶
A repository is available for Centos7
This repository contains the stable version of Argonaut. It also contains the extra packages needed to use Argonaut.
To use the lastest published version put this in your yum config :
CentOS 7 / RHEL 7¶
To use the lastest published version put this
[argonaut]
name=Argonaut Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/argonaut-current/rhel7/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
[argonaut-extra]
name=Argonaut Extra Packages for RHEL / CentOS 7
baseurl=http://repos.fusiondirectory.org/argonaut-extra/rhel7/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
SRPMS are also available in the following repo :
[argonaut-src]
name=Argonaut Packages for RHEL / CentOS 7
baseurl=https://repos.fusiondirectory.org/argonaut-current/rhel7/SRPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
Install Argonaut on Debian¶
Install FusionDirectory
Installing Dependencies¶
All The needed dependancies are resolved by the debian packages
Install the Argonaut Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your Debian version
Create 2 new .list file your favorite text editor in /etc/apt/source.list.d
One for argonaut
One for argonaut-extra
Install Argonaut on Centos¶
Install FusionDirectory
Installing Dependencies¶
Argonaut requires the EPEL repository
To install epel
yum install epel-release
Install the FusionDirectory Repos¶
To easily install the latest version, you can install the fusion directory repos
Chose the repositories that goes with your centos version
Create 2 new repo file your favorite text editor.
One for argonaut
One for argonaut-extra
Configure Argonaut¶
Argonaut use a global configuration file that is used by all programs : /etc/argonaut.conf. This file is composed of various sections, all sections are filled with correct basic values.
Note
To function correctly Argonaut need a correclty configured /etc/ldap/ldap.conf or /etc/openldap/ldap.conf
Argonaut configuration files section¶
[server]¶
This section contains all the argonaut server parameters :
server_ip = 172.16.0.1
The ip address the server listen to. This address must match with the MAC address of argonaut server provided in FusionDirectory interface.
[client]¶
This section contains all the argonaut server parameters :
client_ip = 172.16.0.1
The ip address the server listen to. This address must match with the MAC address of argonaut server provided in FusionDirectory interface.
[ldap]¶
This section contains all the ldap parameters :
config = /etc/ldap/ldap.conf
Where is stored your ldap.conf configuration file.
dn = cn=admin,dc=fusiondirectory,dc=org
What is your bind dn.
password = secret
What is the password for the provided bind dn.
tls = off
whether communication should be encrypted or not
Applications¶
Argonaut Components¶
Global components¶
Argonaut Libraries¶
Argonaut Server and Client¶
argonaut-server : server that receive orders from FusionDirectory (interact with clients in JSON RPC)
argonaut-client : client to interact with argonaut-server
argonaut-fuse : FUSE tftp component that manage pxelinux.cfg directory and create files for PXE boot from LDAP
Argonaut Modules¶
argonaut-server-module-fai : FAI module for argonaut-server, it add FAI deployment functions
argonaut-server-module-opsi : OPSI module for argonaut-server, it add OPSI deployment functions
argonaut-fuse-module-fai : FAI module for argonaut-fuse, create files for PXE boot from LDAP for FAI
argonaut-fuse-module-opsi : OPSI module for argonaut-fuse, create files for PXE boot from LDAP For OPSI
argonaut-dovecot : Dovecot module that create users directories for the mailbox from FusionDirectory
Argonaut Applications¶
argonaut-ldap2zone : tool that create bind files with information from FusionDirectory
argonaut-quota : tool that grab quota information from FusionDirectory and create it on the system
argonaut-samba : program to create samba share from FusionDirectory
argonaut-fusiondirectory : program that complement a plugin in FusionDirectory, currently has argonaut-user-reminder and argonaut-clean-audit
Debian components¶
argonaut-fai-server : package to install on FAI server (not in NFSROOT)
argonaut-fai-nfsroot : integration package for FAI NFSROOT
argonaut-fai-mirror
argonaut-repository : create script to update local mirrors (cron.daily) that are in FusionDirectory
argonaut-debconf-crawler : extract debconf from packages in a distant repository
User-Reminder¶
Argonaut User-Reminder
Description¶
The user-reminder application is used to send mail to users warning that the account will expire and provide a way of extending it if needed
Installation¶
Functionalities¶
The user-reminder application is used to send mail to users warning that the account will expire and provide a way of extending it if needed
You will need the user-reminder plugin installed into FusionDirectory to make it work
How it works¶
Argonaut-user-reminder look at different source (posix, ppolicy, supann) and can send a mail or make the account expire
The arguments are the following:
–help
–verbose
–posix
–ppolicy
–supann
–all (posix, ppolicy and supann)
–supan-update (maintain the supann workflow through webservice it need the REST configuration in argonaut.conf)
Depend on which source you want to use you also need the FusionDirectory plugin that match (posix, ppolicy, supann)
You run argonaut-user-reminder in a cron so that it keep all the informations updated
Examples¶
# Expiration for all
argonaut-user-reminder --verbose --all
# Expiration for ppolicy
argonaut-user-reminder --verbose --ppolicy
# Expiration for posix
argonaut-user-reminder --verbose --posix
# Expiration for supann
argonaut-user-reminder --verbose --supann
# Maintain supann workflow through webservce
argonaut-user-reminder --verbose --supann-update
Clean-Audit¶
Argonaut Clean-Audit
Description¶
The clean-audit application is used to purge old audit entries stored by the FusionDirectory audit plugin
Installation¶
Functionalities¶
The clean-audit application is used to purge audit entries after a selected amount of time
You will need the audit plugin installed into FusionDirectory to make it work
How it works¶
Argonaut-clean-audit look at conservation delay in FusionDirectory configuration, by default its 120 days
When run argonaut-clean-audit it will purge all the entries older than the number of days mentionned in FusionDirectory config
The arguments are the following:
–verbose
You run argonaut-clean-audit in a cron so that it purge older audit entries
Examples¶
# Basic clean audit run
argonaut-clean-audit
# Clean audit run in verbose mode
argonaut-clean audit --verbose
Contribute¶
There is a complete set of guidelines that you should read
License¶
FusionDirectory is available under the GNU General Public License 2.0
FusionDirectory documentation is under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
- orphan
Support¶
FusionDirectory Support Options
Professional paid support¶
FusionDirectory helps you keep FusionDirectory running smoothly
Why choose FusionDirectory ?
You are the publishers of FusionDirectory.
We have over 16 years experience in the support of LDAP directories and applications directory management.
We support and maintains OpenLDAP architectures for various entities from small to very big on a daily basis
We maintain and develop the PHP LDAP module
You are sure to get :
Answers to your questions about FusionDirectory by phone, email or web,
Packages containing bug fixes between two stable versions
Assistance for the development of FusionDirectory modules tailored to your needs,
Assistance on the update of FusionDirectory
A technician on site if the situation requires.
Support Options :
Get support for your FusionDirectory instance
Get training for your daily use of FusionDirectory
Get support on specialized plugins of FusionDirectory
Community support¶
For any question regarding FusionDirectory support (installation, configuration, usage, etc…), the preferred way to get some support is through the mailing list or irc.
Security¶
Digital signature¶
Our official packages for Debian and Centos/RHEL are signed with the official gpg key of the project.
Official gpg key¶
pub rsa4096/0xD744D55EACDA69FF 2017-07-02 [SC] [expire : 2022-07-01]
A94DE63F2EDB5F0DC0785EBBD744D55EACDA69FF
uid [ totale ] FusionDirectory Project Signing Key <contact@fusiondirectory.org>
Our official development packages for Debian and Centos/RHEL are signed with the official development gpg key of the project.
Development gpg key¶
pub rsa2048/0xADD3A1B88B29AE4A 2014-02-25 [SC]
8ABF887BF6254D6F57B82069ADD3A1B88B29AE4A
uid [ totale] FusionDirectory Packagers <fusiondirectory-packages@lists.fusiondirectory.org>
Security issues¶
If you find a security issue inside FusionDirectory you can report it to directly to security team security@fusiondirectory.org.
you can sign your message with the public key from
Benoit Mortier 0xEF2FF1E48638EAD1
Authors¶
This is the alphabetical list of all people that have contributed to the FusionDirectory project, beeing code, translations, documentation and additional help.
As FusionDirectory is originaly a fork from GOsa² you also have a list of GOsa² Contributors
Original GOsa² AUTHORS¶
This is the alphabetical list of all people that have contributed to the original GOsa² project before the fork to FusionDirectory
Markus Amersdorfer <der.plusch@subnet.at>
Wiki setup, Testing, hints, proposals
Alessandro Amici <a.amici@bopen.it>
Italian translation
Craig Chang <craig0310@gmail.com>
Fixes for magic_quotes_qpc
Guillaume Delecourt <guillaume.delecourt@opensides.be>
Setup fixes, nagios tab plugin, xls addons ldapmanager
pptp connectivity option, phpscheduleit connectivity option
Alejandro Escanero Blanco <aescanero@chaosdimension.org>
Fixes, improvements, translation, netgroup plugin, Guide and some extensions
Fabian Hickert <hickert@gonicus.de>
Improvements for setup, various fixes and plugins
Niels Klomp <nk@careworks.nl>
Dutch translation
Steve Moitozo <god at zilla dot us>
Password checker
Benoit Mortier <benoit.mortier@opensides.be>
Butracking, QA, French translation
Igor Muratov <migor@altlinux.org>
Various fixes and speed enhancements
Michael Pasdziernik <mp@secio.de>
Documentation for GOsa and safe-mode, fixes
Cajus Pollmeier <pollmeier@gonicus.de>
Virtually everyting which is GOsa related
Piotr Rybicki <meritus@innervision.pl>
Polish translation
Henning Schmiedehausen <hps@intermeta.de>
Various fixes, support for user defined people/group base
Alfred Schröder <schroeder@gonicus.de>
German translation
Jan Wenzel <jan.wenzel@gonicus.de>
Implementation and research for samba munged dial support,
fixing of « Fiptehlers »(TM) in the german translations.
Leila El Hitori <leila.elhitori@opensides.be>
French online documentation
English online documentation
Vincent Seynhaeve <vincent.seynhaeve@opensides.be> * Xls export plugin
Leonid Bogdanov <leonid_bogdanov@mail.ru>
patch for the manager fonctionnality in the General user tab
Olivier BONHOMME <obonhomme@nerim.net>
Corrected RPM building
FusionDirectory AUTHORS¶
This is the alphabetical list of all people that have contributed to the FusionDirectory project, beeing code, translations, documentation and additional help.
Benjamin Carpentier <carpentierbenjamin@gmail.com>
Tested FusionDirectory, corrected copyright issues and locales
Written fusiondirectory-setup
Giuliano Di Vito <guiliano@opensides.be>
Italian Translator and bug finder
Roman Widmann <archme.mail@gmail.com>
Arch linux packager
Bernigaud Côme <come.bernigaud@laposte.net>
New daemon code class_supportDaemon.inc, and all the new deployment stuff :)
Simple plugin framework developper
Alexis Michon <alexis.michon@ibcp.fr>
Testing, First version of Password reset
Support for two or more MAC address for a system
Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Various patches from debian-edu
Apache 2.4 support
Mcrypt decrypt enhancement
Browsing inactive tab
Jeremy Williame <williamejeremy@hotmail.com>
Cleanup and writer of the FusionDirectory doxygen api documentation
Rudy Hardeman <zarya@gigafreak.net>
Option to remove sambaLMpassword storage
Feth Arezki <feth@majerti.fr>
First version of the autofs plugin
Daniel B <daniel@firewall-services.com>
Cleanup of the sambaPwdMustChange, sambaPwdCanChange
Regis patronix <regis.patroix@thecosmocompany.com>
Allow special characters in passwords
Antoine Gallavardin <antoine.gallavardin@free.fr>
Add support for social network ORCID in personal
Dhcp plugin patch to manage key and update zone in dhcp for dyndns
First version of the quota plugin
First version of the supann plugin
First version of the board plugin
Sergio Talens-Oliag <sto@iti.es>
Configuration setting to force the use of a hash when setting or changing passwords
Add support for crypt/sha-256 and crypt/sha-512
Use the passwordDefaultHash for new users
Fix for icons in core plugins
Provide a way to show hook execution results to the user via web
Hide userPassword on change_password postmodfy hook error message
Stefan Krüger <shadow_7@gmx.net>
Add support for various database to the rsyslog plugin
Guillaume Chéramy <guillaume@cheramy.name>
Patches for the template system
Mathias Friman mathias.friman@knorca.se
Translation to swedish
Alexandre Magnat <alexandre.magnat@mecaprotec.fr>
Snapshot bug reporter
Guillaume RODRIGUEZ <rodriguez.guillaume@icloud.com>
asterisk plugin error reporter
Guillard Olivier <fd@guillard.nom.fr>
SSH plugin key storage problem reporter
Fabien Brachere <fabien.brachere@e-tera.com>
Fix support for special caracters in password
Arnaud Patard <apatard@hupstream.com>
Fix for Invalid uri in the password recovery mail
Fix for start tls on fusiondirectory setup and gnutls
Adrian Reyer <are+fd@lihas.de>
Modifier for templates to convert german umlauts to 7-bit ASCII
Samuel Bosquin <samuel.bosquin@ibcp.fr>
Plugin FAI - LVM partitions
IOhannes umlaeute <noc@iem.at>
generateLdif() fails with bind-passwords containg “$” patch
Karsten Becker <karsten.becker@ecologic.eu>
Suse install from tarballs Documentation
Felix Weissbeck <contact-fusiondirectory@w7k.de>
Method to add a change password dialog on sasl+kerberos
Tobias Göbel
Fixes for PHP7 compatibility
Christian Kreidl <christian.kreidl@ziti.uni-heidelberg.de>
ppolicy improvement
Martin Hamant <mh@ow2.org>
Coded the LockUser fonction for the webservice
Jonathan Swaelens <jonathan@opensides.be>
QA on FusionDirectory
RPM packaging maintener and ArchLinux Packager
Timothée Giet <timo@timotheegiet.com>
New breezy icon Theme
Clement Oudot <clem.oudot@gmail.com>
HTTP header authentication
Password expiration date in dashboard
Thomas Niercke <thomas@niercke.de>
Code and ideas for making Argonaut Events Extensible
Paola Penati <paolapenati@hotmail.com>
Italian translation of FusionDirectory and the website
Martin Hamant <mh@ow2.org>
Adding DSA accounts into groups
Mathias Soupault <mathias.soupault@inalco.fr>
Making supannAliasLogin usage possible in password recovery
Patzke Thomas <thomas.patzke2@thyssenkrupp.com>
Security and vulnerabitity testing
Janne Heß
Enhance the login and password reset theme
Peter Linss
Added catchall table to postfix plugin
FusionDirectory libraries¶
This is the alphabetical list of libraries and their authors that FusionDirectory is using
Dan Ellis <danellis@rushmore.com>
class_sieve.inc
Eric Kilfoil <eric@ipass.net>
ldap.inc
Thomas Schüßler <tulpe@atomar.de>
debuglib.inc
Wouter Verhelst <wouter@debian.org>
accept-to-gettext.inc
Steve Moitozo <god@zilla.us>
pwdStrength.js
Roland Gruber
class_smbHash.inc
Knallgrau New Medias Solutions GmbH
pulldown.js
Mathieu Jondet <mathieu@eulerian.com>
datepicker.js
Contact Us¶
We are also contactable on:
Mailing list: https://lists.fusiondirectory.org/wws/lists
IRC: #fusiondirectory on irc.freenode.org irc://irc.freenode.org/fusiondirectory
Follow Us
On twitter: https://twitter.com/fusiondirectory
On linkedin: https://www.linkedin.com/company/fusiondirectory
Code of Conduct¶
Our Pledge¶
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
Our Standards¶
Examples of behavior that contributes to creating a positive environment include:
Using welcoming and inclusive language
Being respectful of differing viewpoints and experiences
Gracefully accepting constructive criticism
Focusing on what is best for the community
Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
The use of sexualized language or imagery and unwelcome sexual attention or advances
Trolling, insulting/derogatory comments, and personal or political attacks
Public or private harassment
Publishing others’ private information, such as a physical or electronic address, without explicit permission
Other conduct which could reasonably be considered inappropriate in a professional setting
Our Responsibilities¶
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
Scope¶
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
Enforcement¶
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at coc@fusiondirectory.org. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership.
Attribution¶
This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4
- orphan