Table of Contents
The following instructions provide a basic installation of FusionDirectory for managing User and Group for the moment
Installation trough the Debian Way
Just install by the debian way !
root@fusion-install:~# apt-get install fusiondirectory
FusionDirectory is a web based application. So It install Apache Web server and configure it, install php dependancies… so it could take some times.
Configuration trough web interface
After installating, Apache2 is configured for starting the initial configuration of FusionDirectory. Just go to http://<your web server>/fusiondirectory
Step 1 : Secure the configuration screen
You'll see the following screen :
In order to begin FusionDirectory you have to create a temporary file with a unique number. So you need a network access on it (eg. by ssh)
root@fusion-install:~# echo -n 1tn0iqdro8t609kj2qbn7buhn4 > /tmp/fusiondirectory.auth
- click on next button
Step 2 : Choose your installation language
Step 3 : Check if PHP application server is correctly set
Normally all those parameters are correctly set.
If not the case you can modify it thanks to the fusioninventory apache file :
Step 4 : Specify the connection parameter
The user specified in this screen MUST have read/write right everywhere in Directory.
- Location is the name of FusionDirectory profile. Indeed, one FusionDirectoryServer could manage several Directory
- connection URI is the URI of LDAP server. Here you can specify if it's an Secure LDAP connection (LDAPS)
- TLS Connection : check if TLS system is used
- base DN : base is automatically detected, but An ldap Sevrer could have several bases in one host
- authentification : the admin DN must be specified in order to read and write full base DN specified above, the password must correspondf to the admin DN of course
- Schema base settings : the rfc 2307bis specified how groups information are stored for user. Indeed, ther is two method:
- Posix method : group stored the uid of each user. It need the nis.schema in Ldap server
- Rfc2307bis : LDAP user stored the DN of each group where the user belong to. It need the rfc2307.schema in Ldap server
- The 2 method couldn't be used together, by experience, most of LDAP application use the first method
You can click on Next button after filling every field
Step 5 : Schema checking of LDAP directory
This screen tell you if there is some missing schema in LDAP Directory. You can ask to FusionDirectory to check if all schema stored in LDAP are correct.
Step 6 : Configuration about user and group storage and password settings
- theme : for the moment ther only one theme. It allow you to create a more corporate one
- comppress output : it allow your to compress data befoire sending it to your browser
- People and Group storage
- people DN attribute : a DN is composed from one or several attribute and the base DN. In this case the DN will be build with the CN attribute(common name) and base DN :
- people storage subtree : this is the branch where all users will be stored. by défault it is
- groups storage subtree : this is the branch where all groups will be stored. by défault it is
- include personal title : in some company the title (Director, manager ..) could be used for identify one user( eg : the cn will be :
cn=Director John Doe)
- relaxing naming policies : this option allow you to create a template for deducing the CN attribute. For using it please see manpage of Fusiondirectory.conf
- Automatic uid : it allow you the use a template for deducing the uid fiels which MUST be unique!
- GID/UID min : it's the minimum assignable user or group id
- Number base for people/groups : you can specify a start number for gid number and uid number (useful for using Fusiondirectory in existent structure)
- Password settings
- You can choose some rules for setting a password for each user. Thanks to Password change Hook you can choose a script used after chnage a password (useful for password synchronisation)
- SASL : you can use SASL systeme with kerberos if your infrastructure use it
- Account expiration : is a method to get account expired based on password validity
Click on Next button to continue
Step 7 : Configuration about Samba and Mail settings and specific features
This screen allow you to configure FusionDirectory if your LDAP server is used with a Samba PDC (Primary Domain Controller) and a mail server
- samba settings
- SAMBA SID : It is the unique identifier of the Windows domain, you can use it when you want to change your windows PDC to a SAMBA+LDAP PDC
- RID base : each object in a Windows domain have a unique number (which is associated to the SAMBA SID)
- Workstation container : its the branch where computer existing in a windows Domain should be stored
- Samba SID mapping : is a feature for creating a corresponding tables between unix id of computer and their windows id (useful if you have a lot of computer > 1000)
- timezone : Timezone … like writed !
- Mail settings
- Like Samba, a mail server could be managed by FusionDirectory. If you want to activate this functionnality you have to install the corresponding plugin.
- Snapshot / undo
- FusionDirectory allow you to make snapshot of branch or ldap object before making a dangerous mainpulation or just to make a backup. For that you could specifiy the same LDAP server or another one by filling, login/password and URI of this server.
click on Next to continue
Step 8 : Configuration about troubleshooting like logging and debugging
- FusionDirectory core settings
- Enable primary group filter : all user have a primary group it allow you to filter on it
- display summary in listings : It had a the end of each table, the number for item for each kind of object
- honour administrative unit : this parameter allow you to manage your IT infrastructure by administrative unit.
- An administrative unit is a pool with user, group, server, printers, …
- You can, trough ACL, declare an administrator on this unit, which couuld be different as the IT administrator. It's a another method of IT management
- Enable edit locking : When someone is using an LDAP object, a flag is set. FusionDirectory could show to other people who want to edit this object a warning messages. This parameter specify the attribute to test in this case.
- Enable Copy&Paste : you can copy and paste some LDAP object (for moving a user for example)…
- FusionDirectory logging : FusionDirectory could log some actions trouch the syslog system on host.
- Login ans session
- Login attribute : it could be the mail attribute or the uid attribute or both. It's used for connecting on Fusiondirectory interface
- The following parameters is easy to understand
- Those options are interesting in case of developpement and troubleshooting
click on next button to continue
Step 9 : LDAP data Migration
FusionDirectory have this own schema so some migration is needed as object type.
Show what migration is needed
In this case there is only 2 things to migrate
- Object Class of root object
- create an FusionDirectory Admin
For each item, just click on Migrate button
Migrate root object
Create a Fusion Directory Admin
Check if Directory is ready
Step 10 : get and install the configuration file
The configuration file must be installed in
Some specific permissions muste be applied :
root@fusion-install:~# fusiondirectory-setup --check-config Checking FusionDirectory's config file /etc/fusiondirectory/fusiondirectory.conf exists… /etc/fusiondirectory/fusiondirectory.conf is not set properly, do you want to fix it ?: [Yes/No]? Yes