Table of Contents

Why FusionDirectory

Before LDAP there was NIS...

Before centralized directory such LDAP existed, there was a system on *NIX called NIS 1). This system was in fact a kind of authentification files shares such /etc/passwd for users or /etc/groups for groups and other informations as mail routing or share folders mapping In order to manage this system, several interfaces exists. One of them is Webmin 2). Webmin changed directly the configurations files trough a web interface. A lot of plugin could be used.

With this tools, Linux server management is easier, but there is a caveat : Webmin must be installed on each server and didn't speak natively LDAP

When LDAP is more and more used

Because IT infrastructure are growing up and complexifying, Information storage with LDAP technology is more and more used. FusionDirectory give a valid response to the management of a such complex and LDAP environnement. FusionDirectory suggest a web and modular interface for reading an editing LDAP Tree in order to drive LDAP based applications. FusionDirectory could manage non-LDAP applications thanks to client-server system and specific LDAP schemas.

In other word, FusionDirectory is for LDAP what Webmin is to flat file.

FusionDirectory philosophy

User interface

FusionDirectory is only a web interface in front of Directory using LDAP v3 protocol. By this way, user see only the informations stored inside tree not container, name attributes or other technical informations which could complexify informations and configuration management

Schemas

FusionDirectory use his own schemas, but they are mainly used for FusionDirectory internal usage or for non-LDAP applications. FusionDirectory make a special effort for using in some of cases already existing schema such as inetOrgPerson, posix …

Who needs FusionDirectory ?

FusionDirectory is intended for system administrators who manage lots of machines and user accounts. There is no minimum or maximum size for the number of account or computer to manage. We just need the LDAP directory (which stores the information) to be properly sized.

The system administrator problem

Actually an it infrastructure is composed of several key elements :

  • users (name, firstname, password, email, acces right)
  • groups of users (precise list of pre existing users)
  • servers (description, IP address, type of service running)
  • workstations (description, IP address, software list, licences)
  • ip telephony (phone number, voice mail)
  • web services (email, customer care …)

In such an information system, the manager faces a complex problem who is :

How to get the right information at the right place at right time ?

Creating computer account is a good example:

The new entrant needs a computer account, but very often the it service is the last service to know about it.

  • How to create a computer account in a hurry ?
  • Where is all the data necessary to create it ?
  • How can I be sure that all systems have been configured correctly for this person ?
  • How to maintain consistent information in all components of an information system ?
  • How to tell what computer station will be assigned to him ?
  • What are is need for software or network resources ?

The answer to these questions is to use a single repository for identity of the various elements of the information system.

Indeed, the use of such a system ease the work of the administrator:

  • The system administrator does not need to put the information on X systems at risk of making mistakes.
  • The administrator completed once the information on this directory, and it is the X systems who seek and retrieve information they need.

The interest of a Directory

The Directory of identities in an information system should be structured with the least possible redundancy of information to be easily searchable by applications external to the repository.

This need to manage information in a unique way and with a standardized application has resulted in the creation of a type of server called “server directory”.

This server contains only the data. Only one storage platform contains the various components of an information system. It allows the creation modification and deletion of these data by third-party applications.

Also known as LDAP, directory servers because it is the standard LDAP 3) that is used for the presentation of identity to other services.

The services associated with a directory infrastructure

As stated above, a directory serves as a basis for organized storage for the content of an information system.

This directory can supply all services required to operate the information system as long as the service has the ability to natively use this directory.

We can also mention the following services that may be associated with this directory

  • DNS / DHCP for network access client
  • user / groups for people's access to a resource data
  • Antivirus / spam email for verification
  • phone list for phone number and setup positions corporate telephone
  • a web-type address book with a user-friendly names names and phone number of a company

The daily management of a directory

The keyword in the management of a directory by a director is “ simplicity ”

A directory must be managed by persons not proficient in the information system as a whole.

When an account is created, the creator does not have to intervene in other locations to create other things such as email account, home directory or even the account on the intranet. This is the directory that deals with the spread of the data by making it available to third parties services.

Existing directory management tools

In terms of directory management there are 2 types of tools

  • Tools to manage directories
luma Based on Qt http://luma.sourceforge.net/
gq Based on GTK http://www.gq-project.org/
phpldapadmin Web based http://phpldapadmin.sourceforge.net/
ldapvi command line mode for purists :) http://www.lichteblau.com/ldapvi/
lam Web based http://www.ldap-account-manager.org/
  • Directory Management tools integrated with the tools to manage third party applications
Apache Directory studio Based on Eclipse and Java http://directory.apache.org/studio/
A mmc pour active directory Only on Microsoft Windows http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
Mandriva Directory Server Web based http://mds.mandriva.org/
Gosa2 Web Based http://www.gosa-project.org

Installation of OpenLdap server

Install openldap and releated utilities:

Debian 'wheezy' or 'squeeze'

root@fusioninstall:~# apt-get install slapd
root@fusioninstall:~# apt-get install ldap-utils

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusioninstall:~$ sudo apt-get install slapd
root@fusioninstall:~$ sudo apt-get install ldap-utils

Enter the OpenLDAP administrator password. You could enter anything, the configuration script will be reran.

   ┌─────────────────────────┤ Configuring slapd ├──────────────────────────┐
   │ Please enter the password for the admin entry in your LDAP directory.  │ 
   │                                                                        │ 
   │ Administrator password:                                                │ 
   │                                                                        │ 
   │ adminfusion___________________________________________________________ │ 
   │                                                                        │ 
   │                                 <Ok>                                   │ 
   │                                                                        │ 
   └────────────────────────────────────────────────────────────────────────┘ 

re enter the password in order to confirm it and select ok

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ Please enter the admin password for your LDAP directory again to verify   │ 
 │ that you have typed it correctly.                                         │ 
 │                                                                           │ 
 │ Confirm password:                                                         │ 
 │                                                                           │ 
 │ adminfusion______________________________________________________________ │ 
 │                                                                           │ 
 │                                  <Ok>                                     │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

Re configuration of LDAP server

In order to have a more specific installation, we will relaunch the configuration through the debian tool.

Debian 'wheezy' or 'squeeze'

root@fusioninstall:~# dpkg-reconfigure slapd

Debian Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusioninstall:~$ sudo dpkg-reconfigure slapd

On this screen, select No in order to write a new configuration:

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │                                                                           │ 
 │ If you enable this option, no initial configuration or database will be   │ 
 │ created for you.                                                          │ 
 │                                                                           │ 
 │ Omit OpenLDAP server configuration?                                       │ 
 │                                                                           │ 
 │                    <Yes>                       <No>                       │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

Write the directory name.

The following screen is the most important. It defines the tree of your directory. The tree name is base on the Domain name. acme.com will provide a tree called : dc=acme,dc=com Pay attention to this field, it could be difficult to change (All information stored inside the tree will be based on this name!)

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ The DNS domain name is used to construct the base DN of the LDAP          │ 
 │ directory. For example, 'foo.example.org' will create the directory with  │ 
 │ 'dc=foo, dc=example, dc=org' as base DN.                                  │ 
 │                                                                           │ 
 │ DNS domain name:                                                          │ 
 │                                                                           │ 
 │ acme.com_________________________________________________________________ │ 
 │                                                                           │ 
 │                                  <Ok>                                     │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

The following screen will provide the organization name:

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ Please enter the name of the organization to use in the base DN of your   │ 
 │ LDAP directory.                                                           │ 
 │                                                                           │ 
 │ Organization name:                                                        │ 
 │                                                                           │ 
 │ ACME_____________________________________________________________________ │ 
 │                                                                           │ 
 │                                  <Ok>                                     │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

Password of the Directory Administrator.

The two next screens will ask you the password of the LDAP directory . By default (In Debian), the directory admin name is “admin”. The LDAP Name (also called distinguesd name(dn) will be : cn=admin,dc=acme,dc=com.

   ┌─────────────────────────┤ Configuring slapd ├──────────────────────────┐
   │ Please enter the password for the admin entry in your LDAP directory.  │ 
   │                                                                        │ 
   │ Administrator password:                                                │ 
   │                                                                        │ 
   │ adminacme_____________________________________________________________ │ 
   │                                                                        │ 
   │                                 <Ok>                                   │ 
   │                                                                        │ 
   └────────────────────────────────────────────────────────────────────────┘ 
  
 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ Please enter the admin password for your LDAP directory again to verify   │ 
 │ that you have typed it correctly.                                         │ 
 │                                                                           │ 
 │ Confirm password:                                                         │ 
 │                                                                           │ 
 │ *********________________________________________________________________ │ 
 │                                                                           │ 
 │                                  <Ok>                                     │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

The next screen will ask you the kind of backend storage. As advised, you could choose HDB:

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ The HDB backend is recommended. HDB and BDB use similar storage formats,  │ 
 │ but HDB adds support for subtree renames. Both support the same           │ 
 │ configuration options.                                                    │ 
 │                                                                           │ 
 │ In either case, you should review the resulting database configuration    │ 
 │ for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more     │ 
 │ details.                                                                  │ 
 │                                                                           │ 
 │ Database backend to use:                                                  │ 
 │                                                                           │ 
 │                                    BDB                                    │ 
 │                                  **HDB**                                  │ 
 │                                                                           │ 
 │                                                                           │ 
 │                                  <Ok>                                     │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

The following question will ask you if you want to drop your directory if you remove Openldap software .. (if Yes I hope you have good backup …)

       ┌─────────────────────┤ Configuring slapd ├─────────────────────┐
       │                                                               │ 
       │                                                               │ 
       │                                                               │ 
       │ Do you want the database to be removed when slapd is purged?  │ 
       │                                                               │ 
       │                <Yes>                   **<No>**               │ 
       │                                                               │ 
       └───────────────────────────────────────────────────────────────┘ 
  

Purge old (dirty) directory.

The debian installer detect the old installation, it suggests you to move the old directory

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │                                                                           │ 
 │ There are still files in /var/lib/ldap which will probably break the      │ 
 │ configuration process. If you enable this option, the maintainer scripts  │ 
 │ will move the old database files out of the way before creating a new     │ 
 │ database.                                                                 │ 
 │                                                                           │ 
 │ Move old database?                                                        │ 
 │                                                                           │ 
 │                    <Yes>                       <No>                       │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

Ldap v2 protocol

Openldap can use the LDAP v2 protocol (its no longer used, but some applications may use it) You could say No.

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │                                                                           │ 
 │ The obsolete LDAPv2 protocol is disabled by default in slapd. Programs    │ 
 │ and users should upgrade to LDAPv3.  If you have old programs which       │ 
 │ can't use LDAPv3, you should select this option and 'allow bind_v2' will  │ 
 │ be added to your slapd.conf file.                                         │ 
 │                                                                           │ 
 │ Allow LDAPv2 protocol?                                                    │ 
 │                                                                           │ 
 │                    <Yes>                       <No>                       │ 
 │                                                                           │ 
 └───────────────────────────────────────────────────────────────────────────┘ 

Check if Openldap is running

Debian 'wheezy' or 'squeeze'

root@fusion-install:~# /etc/init.d/slapd status
slapd is running.
root@fusion-install:~# 

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~$ sudo /etc/init.d/slapd status
slapd is running.
root@fusion-install:~$ 

if not:

Debian 'wheezy' or 'squeeze'

root@fusion-install:~# /etc/init.d/slapd start
root@fusion-install:~# /etc/init.d/slapd status
slapd is running.
root@fusion-install:~# 

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~$ sudo /etc/init.d/slapd start
root@fusion-install:~$ sudo /etc/init.d/slapd status
slapd is running.
root@fusion-install:~$ 

Go to

Installation of FusionDirectory Schema

FusionDirectory packages can be found on the official repository : http://repos.fusiondirectory.org

Add the FusionDirectory gpg key to secure the packages:

Add the official repositories

Edit your /etc/apt/sources.list/ and add fusiondirectory repositories:

Debian 'jessie'

# fusiondirectory repository
deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie jessie main
 
# fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main

Debian 'wheezy'

# fusiondirectory repository
deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-wheezy wheezy main
 
# fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

# fusiondirectory repository
deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-wheezy wheezy main
 
# fusiondirectory extra repository
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main

Update your cache repository:

Debian 'wheezy'and 'jessie'

root@fusioninstall:~# apt-get update

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusioninstall:~$ sudo apt-get update

Check if all fusiondirectory packages could be found:

root@fusioninstall:~# apt-cache search fusiondirectory | more
fusiondirectory - Web Based LDAP Administration Program
fusiondirectory-plugin-alias - alias plugin for FusionDirectory
fusiondirectory-plugin-alias-schema - alias schema for alias plugin for FusionDirectory
fusiondirectory-plugin-argonaut - Argonaut plugin for FusionDirectory
fusiondirectory-plugin-argonaut-schema - LDAP schema for FusionDirectory Argonaut plugin
.....

As you can see some packages came with a schema package (eg. fusiondirectory-plugin-alias-schema). If your Ldap Server isn't on the same host as the FusionDirectory one, the *-schema packages must be installed on the Openldap server and the other on fusiondirectory one.

Installation of FusionDirectory Schema

Debian

root@fusioninstall:~# apt-get install fusiondirectory-schema

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusioninstall:~$ sudo apt-get install fusiondirectory-schema

This packages provide the following LDAP schema:

  • /etc/ldap/schema/fusiondirectory/rfc2307bis.schema
  • /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
  • /etc/ldap/schema/fusiondirectory/core-fd.schema
  • /etc/ldap/schema/fusiondirectory/ldapns.schema
  • /etc/ldap/schema/fusiondirectory/template-fd.schema

On Debian and ubuntu Quantal Quetzal, the default backend storage for schema is no longer flat file but the Directory himself. All configuration is stored in a special branch called cn=config

Integrating FusionDirectory Schema

Schema provided

In order to integrate all schema in LDAP server you need to have admin right on it.

FusionDirectory need the following schema in this order :

  • core schema of OpenLdap (installed by default with OpenLdap):
    • /etc/ldap/schema/core.schema
    • /etc/ldap/schema/cosine.schema
    • /etc/ldap/schema/nis.schema
    • /etc/ldap/schema/inetorgperson.schema
  • Core schema of FusionDirectory:
    • /etc/ldap/schema/fusiondirectory/core-fd.schema
    • /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
    • /etc/ldap/schema/fusiondirectory/ldapns.schema
    • /etc/ldap/schema/fusiondirectory/template-fd.schema

Integration of Schemas

install basic necessary FusionDirectory schema:

Debian

root@fusion-install:~# fusiondirectory-insert-schema

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~$ sudo fusiondirectory-insert-schema

check if schemas are installed:

Debian

root@fusion-install:~# fusiondirectory-insert-schema -l
core
cosine
nis
inetorgperson
core-fd
core-fd-conf
ldapns
template-fd

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~# fusiondirectory-insert-schema -l
core
cosine
nis
inetorgperson
core-fd
core-fd-conf
ldapns
template-fd

Integration of optional Schemas

To install optional Schemas, see their respective plugin documentation Their schemas and ldifs are availble within the repository (debian).

aptitude search fusiondirectory-plugin

After you installed them, e.g.:

aptitude install fusiondirectory-plugin-systems fusiondirectory-plugin-systems-schema

Use the fusiondirectory-insert-schema command provided by FusionDirectory to insert them, e.g.:

fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/systems-fd.schema /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema

This insertion is required in order for FusionDirectory to function normally (especialy, it avoid errors in the Configuration page).

Go to

Generic FusionDirectory Configurations

All the FD configuration is stored inside the ldap, in configs branch.

If you need to modify something, you can access to FD configuration by the 'Configuration' icon or entry in the 'Addons' section of the main page of FD GUI:

Access to configuration is read-only. If you need to make changes, then you must press the 'Edit' button at the bottom right of the window.

Below you will find an explanation of the different sections.

Look n feel

  • Language: Defines the default language used by FusionDirectory. Normally FusionDirectory autodetects the language from the browser settings. If this is not working or you want to force the language, just modify the language here.
  • Theme: (required) Defines what theme is used to display FusionDirectory pages. You can install some corporate identity like theme and/or modify certain templates to fit your needs within themes.
  • Timezone: (required) Defines the timezone used within FusionDirectory to handle date related tasks, such as password expiration, vacation messages, etc. The timezone value should be a unix conform timezone value like in /etc/timezone.

Schema setup

  • Schema validation: enables or disables schema checking during login. It is recommended to switch this on in order to let FusionDirectory handle object creation more efficiently.

Password settings

  • Password default hash: (required) Defines the default password hash to choose for new accounts.
    Valid values are crypt/standard-des, crypt/enhanced-des, crypt/md5, crypt/blowfish, crypt/sha-256, crypt/sha-512, smd5, md5, sasl, ssha, sha.
    These values will be overridden when using templates.
  • Force default hash: Enable/Disable force the use of the default password hash.
  • Password minimum length: Determines the minimum length of a new password entered to be considered valid. Note that this only affect passwords that are set by the user, not by the admins.
  • Password minimum differs: Determines how many characters that must be different from the previous password. Note that this only affect passwords that are set by the user, not by the admins.
  • Use account expiration: Enables shadow attribute tests during the login to FusionDirectory and forces password renewal or account locking.
  • SASL Realm: Defines the way the kerberos realm is stored in the userPassword attribute.
    Set it to REALM.NET in order to get {sasl}user@REALM.NET.
  • SASL Exop: Defines the attribute to be stored in the userPasword attribute. Set it to uid in order to get the {sasl}uid of the user.

Core settings

  • Display summary in listings: Determines whether a status bar will be shown on the bottom of FusionDirectory generated lists, displaying a short summary of type and number of elements in the list.
  • Edit locking: Enables FusionDirectory to check if a entry currently being edited has been modified from someone else outside FusionDirectory in the meantime. It will display an informative dialog then. It can be set to entryCSN for OpenLDAP based systems or contextCSN for Sun DS based systems.
  • Enable logging: Enables event logging on FusionDirectory side. Setting it to true, FusionDirectory will log every action a user performs via syslog. If you use rsyslog and configure it to mysql logging, you can browse all events within FusionDirectory.
  • LDAP size limit: Tells FusionDirectory to retrieve the specified maximum number of results. The user will get a warning, that not all entries were shown.

Login and session

  • Login attribute: (required) Defines which LDAP attribute is used in Fusiondirectory as the login name during login. It can be set to uid, mail or both.
  • Enforce encrypted connections: Enables PHP security checks to force encrypted access (https) to the web interface.
  • Warn if session is not encrypted: Enables PHP security checks to detect non encrypted access to the web interface. FusionDirectory will display a warning in this case.
  • Session lifetime: (required) Defines when a session will expire in seconds. For Debian systems, this will not work because the sessions will be removed by a cron job instead. Please modify the value inside of your php.ini instead.
  • HTTP authentification: Activate HTTP authentification (basic auth).
  • HTTP Header authentication: Activate HTTP header authentification (default LemonLDAP-NG method)
  • Header name: Define the name of the header you will use for HTTP Header Authentification

Snapshots / Undo

  • Enable snapshots: This enables you to save certain states of entries and restore them later on.
  • Snapshot base: Defines the base where snapshots should be stored inside of the LDAP.

SSL

  • Key path: Path of the private key for FusionDirectory on the server.
  • Certificate path: Path of the certifiate for FusionDirectory on the server.
  • CA certificate path: Path of the CA on the server.

CAS

  • Enable CAS: Enable CAS activation.
  • CA certificate path: Path of the CA for the CAS server.
  • Host: Host of the CAS Server.
  • Port: Port of the CAS Server.
  • CAS context: CAS context to be used.

People and group storage

:!: Pay attention to the changes in this section of the configuration :!:

  • People DN attribute: (required) Defines the attribute to use at the beginning of users dn. Possible values are uid and cn.
    In the first case FusionDirectory creates uid style DN entries:

     uid=superuser,ou=staff,dc=example,dc=net 


    In the second case, FusionDirectory creates cn style DN entries:

     cn=Foo Bar,ou=staff,dc=example,dc=net 


    If you choose “cn” to be your 'People DN attribute' you can decide whether to include the personal title in your dn by selecting 'Include personal title in user DN'.

  • CN pattern: The pattern to use to build the common name field.
  • Strict naming policy: Enables strict checking of uids and group names. If you need characters like . or - inside of your accounts, don't enable this option.
  • GID/UID min id: Defines the minimum assignable user or group id to avoid security leaks with uid 0 accounts. This is used for the traditional method.
  • Next id hook: Defines a script to be called for finding the next free id for users or groups externally.
    The script will receive concerned dn as first argument, and 'uid' or 'gid' as second argument, it should output a single number to use as uidNumber or gidNumber.
  • Number base for people: Defines where to start looking for a new free user id.
    This should be synced with your adduser.conf to avoid overlapping uidNumber values between local and LDAP based lookups.
    The 'Number base for people' can even be dynamic.
  • Number base for groups: defines where to start looking for a new free group id.
    This should be synced with your adduser.conf to avoid overlapping gidNumber values between local and LDAP based lookups.
    The 'Number base for groups' can even be dynamic.
  • Users RDN: (required) Defines the location where new accounts will be created inside of defined departments. The default is ou=people.
  • Groups RDN: (required) Defines the location where new groups will be created inside of defined departments. The default is ou=groups.
  • ACL role RDN: The branch where ACL roles are stored.
  • Id allocation method: Method to allocate user/group ids.
  • Pool user id min: Minimum value for user id when using pool method.
  • Pool user id max: Maximum value for user id when using pool method.
  • Pool group id min: Minimum value for group id when using pool method.
  • Pool group id max: Maximum value for group id when using pool method.
  • Restrict role members: When enabled only users from the same branch or members of groups from the same branch can be added to a role.

Debugging

  • Display errors: Defines whether to enable the display of PHP errors in the upper part of the screen. This should be disabled in productive deployments, because there might be some passwords in it.
  • Maximum LDAP query time: Tells FusionDirectory to stop LDAP actions if there is no answer within the specified number of seconds.
  • Log LDAP statistics: Tells FusionDirectory to track LDAP timing statistics to the syslog. This may help to find indexing problems or bad search filters.
  • Debug level: Display certains debug informations on each page load.
    Valid values are LDAP, Database, Shell, POST, SESSION, ACL, SI, Mail.
    The different values ​​can also be combined with each other.

Miscellaneous

  • Hooks: Defines hooks that are called when specific actions happens. Look here for more informations about hooks configuration.
  • Display hook output: Activate to display the hook output.
  • Available shells: Defines the available POSIX shells for FD users.
  • Show ACL tab on all objects: For very specific ACL rights setting where you might need to give right on a single object.
  • Available department categories: Available categories in the departments dropdown.
en/documentation/admin_installation/all_in_one.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0