The following instructions provide a basic installation of FusionDirectory for managing User and Group.

Installation trough the Debian Way

Just install by the debian way !


root@fusion-install:~# apt-get install fusiondirectory

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~$ sudo apt-get install fusiondirectory

FusionDirectory is a web based application. So It install Apache Web server and configure it, install php dependancies… so it could take some times.

Configuration trough web interface

After installating, Apache2 is configured for starting the initial configuration of FusionDirectory. Just go to http://<your web server>/fusiondirectory

Step 1 : Secure the configuration screen

You'll see the following screen :

In order to begin FusionDirectory you have to create a temporary file with a unique number. So you need a network access on it (eg. by ssh)

root@fusion-install:~# echo -n 3l5idlumdq5ce66sklhsm3m2t6 > /tmp/fusiondirectory.auth 
  • click on next button

Step 2 : Choose your installation language

Automatic” means that the language is determined directly from web browser.

Step 3 : Check if PHP application server is correctly set

Normally all those parameters are correctly set. If not the case you can modify it thanks to the fusioninventory apache file : /etc/fusiondirectory/fusiondirectory-apache.conf

Step 4 : Specify the connection parameter

The user specified in this screen MUST have read/write right everywhere in Directory.

  • Ldap connection
    • Location is the name of FusionDirectory profile. Indeed, one FusionDirectoryServer could manage several Directory
    • connection URI is the URI of LDAP server. Here you can specify if it's an Secure LDAP connection (LDAPS)
    • TLS Connection : check if TLS system is used
    • Base : base dn is automatically detected, but An ldap Sevrer could have several bases in one host
  • authentication
    • Admin DN : the admin DN must be specified in order to read and write full base DN specified above.
    • Admin password : the password must correspondf to the admin DN of course
  • Schema base settings
    • Use rfc2307bis compliant groups : LDAP user stored the DN of each group where the user belong to. It need the rfc2307.schema in Ldap server
  • Current status
    • Information : give you information about binding user status.

You can click on Next button after filling every field.

Step 5 : Schema checking of LDAP directory

This screen tell you if there is some missing schema in LDAP Directory. You can ask to FusionDirectory to check if all schema stored in LDAP are correct.

Step 6 : Generic settings

  • Look and feel
    • theme : for the moment there is only one theme. It allow you to create a more corporate one.
  • People and Group storage
    • people DN attribute : a DN is composed from one or several attribute and the base DN. In this case the DN will be build with the CN attribute(common name) and base DN : ou=people,dc=acme,dc=com
    • people storage subtree : this is the branch where all users will be stored. by défault it is ou=people (ou=Organizational Unit)
    • groups storage subtree : this is the branch where all groups will be stored. by défault it is ou=groups (ou=Organizational Unit)
    • include personal title : in some company the title (Director, manager ..) could be used for identify one user( eg : the cn will be :cn=Director John Doe)
    • relaxing naming policies : this option allow you to create a template for deducing the CN attribute. For using it please see manpage of Fusiondirectory.conf
    • Automatic uid : it allow you the use a template for deducing the uid fiels which MUST be unique!
    • GID/UID min : it's the minimum assignable user or group id
    • Number base for people/groups : you can specify a start number for gid number and uid number (useful for using Fusiondirectory in existent structure)
  • Password settings
    • Password encryption algorithm : You can choose what encryption algorithm you used for storing password.
    • Password restrictions : You can choose length of passwords and how many characters need to be different from old password (in case of changing password)
    • Password change hook : You can choose a script used after change a password (useful for password synchronisation)
    • Account expiration : is a method to get account expired based on password validity

Click on Next button to continue.

Step 7 : Customization of special parameters

This screen allows you to configure FusionDirectory timezone and snapshots.

  • timezone : Timezone … like writed !
  • Snapshot / Undo
  • Enable snapshots : FusionDirectory allow you to make snapshot of branch or ldap object before making a dangerous manipulation or just to make a backup.
  • Snapshot base : You could specify the name of the branch where they will be stored snapshots.
  • Server : You could specify the same LDAP server or another one.
  • User : The name of the user that can write in this ldap directory.
  • Password : Password of the above user.

click on Next to continue.

Step 8 : Tweaking of some core behaviour

  • FusionDirectory core settings
    • Enable primary group filter : all user have a primary group, it allow you to filter on it
    • Display summary in listings : It adds at the end of each table, the number of item for each kind of object
    • Honour administrative unit : this parameter allow you to manage your IT infrastructure by administrative unit. An administrative unit is a pool with user, group, server, printers,… . You can, trough ACL, declare an administrator on this unit, which could be different as the IT administrator. It's another method of IT management
    • Enable edit locking : When someone is using an LDAP object, a flag is set. FusionDirectory could show to other people who want to edit this object a warning messages. This parameter specify the attribute to test in this case.
    • Enable Copy & Paste : you can copy and paste some LDAP object (for moving a user for example)…
    • FusionDirectory logging : FusionDirectory could log some actions trough the syslog system on host.
  • Login ans session
    • Login attribute : it could be the mail attribute or the uid attribute or both. It's used for connecting on Fusiondirectory interface
    • The following parameters is easy to understand
  • Debugging
    • Those options are interesting in case of developpement and troubleshooting

click on next button to continue.

Step 9 : LDAP data Migration

FusionDirectory have its own schema so some migration is needed as object type.

Show what migration is needed

In this case there is only 2 things to migrate:

  • Object Class of root object
  • create an FusionDirectory Admin

As part of the migration of an existing infrastructure, a test phase is mandatory.

For each item, just click on Migrate button

Migrate root object

This screen show you the change before it's applied.

Create a Fusion Directory Admin

Check if Directory is ready

You need to have a green check everywhere in order to continue.

Step 10 : get and install the configuration file

The configuration file must be installed in /etc/fusiondirectory/ directory.

Some specific permissions muste be applied :

Debian 'Squeeze'

root@fusion-install:~# fusiondirectory-setup --check-config
Checking FusionDirectory's config file
/etc/fusiondirectory/fusiondirectory.conf exists…
/etc/fusiondirectory/fusiondirectory.conf is not set properly, do you want to fix it ?:  [Yes/No]?

Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'

root@fusion-install:~$ sudo fusiondirectory-setup --check-config
Checking FusionDirectory's config file
/etc/fusiondirectory/fusiondirectory.conf exists…
/etc/fusiondirectory/fusiondirectory.conf is not set properly, do you want to fix it ?:  [Yes/No]?

Step 11 : Enjoy

Once all settings are applied, you get the following screen :

After making the connection with the login and password set at Step 9 you'll have the following screen :

More about Configuration

en/documentation/admin_installation/core_installation.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0