Fusiondirectory User Manual Documentation Release 1.3
Total Page:16
File Type:pdf, Size:1020Kb
FusionDirectory User Manual Documentation Release 1.3 Benoit Mortier Paola Penati Sep 09, 2021 Contents 1 FusionDirectory 3 1.1 What is FusionDirectory ?........................................5 1.2 Prerequisites...............................................6 1.3 Certified distributions..........................................8 1.4 Buy a subscription............................................8 1.5 Activate a subscription..........................................8 1.6 Install FusionDirectory..........................................9 1.7 Update FusionDirectory......................................... 23 1.8 Core................................................... 112 1.9 Configuration............................................... 132 1.10 ACLs................................................... 144 1.11 Plugins.................................................. 159 1.12 Templates................................................. 286 1.13 Triggers.................................................. 296 1.14 Faq.................................................... 300 1.15 Bug report................................................ 301 1.16 Release Policy.............................................. 303 1.17 License.................................................. 304 2 Schema2ldif 307 2.1 What is schema2ldif ?.......................................... 307 2.2 Prerequisites............................................... 307 2.3 Install Schema2ldif............................................ 307 2.4 ldap-schema-manager.......................................... 309 2.5 Schema2ldif............................................... 310 2.6 License.................................................. 311 3 Argonaut 313 3.1 What is Argonaut ?............................................ 315 3.2 Argonaut Components.......................................... 315 3.3 Certified distributions.......................................... 317 3.4 Buy a subscription............................................ 317 3.5 Install Argonaut............................................. 317 3.6 Configure Argonaut........................................... 322 3.7 Argonaut-server............................................. 323 3.8 Argonaut Client............................................. 324 3.9 Applications............................................... 324 i 3.10 License.................................................. 328 4 Support 329 4.1 Professional paid support........................................ 329 4.2 Community support........................................... 330 5 Security 331 5.1 Digital signature............................................. 331 5.2 Security issues.............................................. 331 6 Authors 333 6.1 Original GOsa2 AUTHORS....................................... 333 6.2 FusionDirectory AUTHORS....................................... 334 6.3 FusionDirectory libraries......................................... 337 7 Contact Us 339 8 Code of Conduct 341 8.1 Our Pledge................................................ 341 8.2 Our Standards.............................................. 341 8.3 Our Responsibilities........................................... 342 8.4 Scope................................................... 342 8.5 Enforcement............................................... 342 8.6 Attribution................................................ 342 ii FusionDirectory User Manual Documentation, Release 1.3 Contents: Contents 1 FusionDirectory User Manual Documentation, Release 1.3 2 Contents 3 FusionDirectory User Manual Documentation, Release 1.3 CHAPTER 1 FusionDirectory 4 Chapter 1. FusionDirectory FusionDirectory User Manual Documentation, Release 1.3 Contents: 1.1 What is FusionDirectory ? FusionDirectory provides a solution to daily management of data stored in an LDAP directory. Becoming the cor- nerstone of the information system, the corporate directory becomes more complex offering more data and managing more infrastructure services. This interface is simple and can be used to delegate fully or partly the data management to non-specialists. 1.1.1 Features • Users, groups, mail, ssh, personal management. • Supann norm Management. • PARTAGE mail integration • Systems management : dhcp, dns, sudo, all kind of systems. • System deployment management : FAI, OPSI • Complex Roles Management. • Access to multiple LDAP trees. • FusionDirectory Triggers 1.1.2 Acls and roles • ACLs are only used by FusionDirectory and not the underlying ldap server. • ACLs can be assigned to roles. – Global administrator : Can do everything. – Local administrator : Can manage users and groups and also a branch. – Human resources : Can create users from template to optimize the arrival of new people. – User : Will only be able to change his data permitted by an administrator 1.1.3 FusionDirectory Triggers FusionDirectory incorporates a series of triggers that can launch a specific action based on a task FusionDirec- tory must run. These triggers are associated with a content type (LDAP user, group, server, password, service and the triggering ac- tion (create, edit, delete, change password . ) For example, when creating a user, a script generation form can be executed automatically with informa- tion from the LDAP server. This can be useful for generating badges with photo, a form of access to the canteen or sending an email to warn other services of the actual arrival of the person. This system is also convenient when we want to deploy the account of that person on an application that does not sup- port LDAP. 1.1. What is FusionDirectory ? 5 FusionDirectory User Manual Documentation, Release 1.3 Another example is when a user leaves, you must: • archive and delete his mailbox • archive and remove its network space • delete him from third party applications not connected to LDAP. All of this can be easily done by shell scripts (at least in UNIX environment) and run automatically after the suppres- sion of the person by the administrator in FusionDirectory 1.1.4 The interaction with non-LDAP applications FusionDirectory stores information of a service or a server on an LDAP server. How about when this service does not have the opportunity to interact with LDAP? This question can be solved by creating: • LDAP schema suitable for application to the LDAP server • A plugin for its management in FusionDirectory with the simple plugin API • An Argonaut module for the client installed on the server 1.2 Prerequisites FusionDirectory is a Web application that will need: • a webserver; • PHP; • an ldap server; • perl 1.2.1 Web server FusionDirectory requires a web server that supports PHP, like: • Apache 2 (or more recent); • Nginx; • Microsoft IIS. 1.2.2 PHP As of 1.3 release, FusionDirectory requires PHP 5.6 until 7.4 Note: We recommand to use the most recent stable PHP release for better performances. 6 Chapter 1. FusionDirectory FusionDirectory User Manual Documentation, Release 1.3 Mandatory extensions Following PHP extensions are required for the app to work properly: • cas: for CAS authentication; • curl: to communicate with different types of servers and protocols • filter: to filters a variable with a specified filter; • fpdf: to export data in pdf format; • gd: to generate images; • iconv : for the samba integration; • imagick : to handle images; • imap: to handle imap servers management; • json: to get support for JSON data format; • mbstring: to manage multi bytes characters; • ldap: to connect and query the ldap server; • openssl: secured communications and generation of secure tokens; • session: to get user sessions support; • simplexml; • xml. Optional extensions Note: Even if those extensions are not mandatory, we advise you to install them anyways. Following PHP extensions are required for some extra features of FusionDirectory : • gettext : for an internationalized interface. • mhash : to make use of SSHA encryption • sha1 : to make use of SSHA encryption • zlib: to handle snapshots; Configuration PHP configuration file (php.ini) must be adapted to reflect following variables: expose_php= Off; implicit_flush= Off; memory_limit= 128M ; // max memory limit max_execution_time= 30 ; // not mandatory but adviced session.auto_start= off ; 1.2. Prerequisites 7 FusionDirectory User Manual Documentation, Release 1.3 1.2.3 LDAP server For FusionDirectory to work you need an ldap server. Servers know to work are : • OpenLDAP • 389DS 1.3 Certified distributions We certify FusionDirectory with all the most common distributions, here is a table which summarizes the level of support by distribution and version. Fusiondirectory need at least PHP 5.6. • Fusiondirectory 1.3 need >= PHP 5.6 • Fusiondirectory 1.4 need >= PHP 7.0 DISTRIBUTION FusionDirectory 1.2 FusionDirectory 1.3 Debian Jessie need a support contract need a support contract Debian Stretch not supported supported Debian Buster not supported supported Ubuntu 16.04 LTS need a support contract supported Ubuntu 18.04 LTS not supported supported Ubuntu 20.04 LTS not supported work in progress Centos 7 need a support contract supported Centos 8 not supported not supported 1.4 Buy a subscription FusionDirectory source code is published under the free software licence GPL 2+ and thus is freely available for download, use and share. You use your distribution package manager or inspect the code in the public code repository A FusionDirectory Subscription is an additional service program designed to help IT professionals and businesses to keep your FusionDirectory deployments up-to-date. A subscription