Table of Contents
The following instructions provide a basic installation of FusionDirectory for managing User and Group.
Installation trough the Debian Way
Just install by the debian way !
root@fusion-install:~# apt-get install fusiondirectory
Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'
root@fusion-install:~$ sudo apt-get install fusiondirectory
FusionDirectory is a web based application. So It install Apache Web server and configure it, install php dependancies… so it could take some times.
Configuration trough web interface
After installating, Apache2 is configured for starting the initial configuration of FusionDirectory. Just go to http://<your web server>/fusiondirectory
Step 1 : Secure the configuration screen
You'll see the following screen :
In order to begin FusionDirectory you have to create a temporary file with a unique number. So you need a network access on it (eg. by ssh)
root@fusion-install:~# echo -n 3l5idlumdq5ce66sklhsm3m2t6 > /tmp/fusiondirectory.auth
- click on next button
Step 2 : Choose your installation language
Step 3 : Check if PHP application server is correctly set
Normally all those parameters are correctly set.
If not the case you can modify it thanks to the fusioninventory apache file :
Step 4 : Specify the connection parameter
The user specified in this screen MUST have read/write right everywhere in Directory.
- Ldap connection
- Location is the name of FusionDirectory profile. Indeed, one FusionDirectoryServer could manage several Directory
- connection URI is the URI of LDAP server. Here you can specify if it's an Secure LDAP connection (LDAPS)
- TLS Connection : check if TLS system is used
- Base : base dn is automatically detected, but An ldap Sevrer could have several bases in one host
- Admin DN : the admin DN must be specified in order to read and write full base DN specified above.
- Admin password : the password must correspondf to the admin DN of course
- Schema base settings
- Use rfc2307bis compliant groups : LDAP user stored the DN of each group where the user belong to. It need the rfc2307.schema in Ldap server
- Current status
- Information : give you information about binding user status.
You can click on Next button after filling every field.
Step 5 : Schema checking of LDAP directory
This screen tell you if there is some missing schema in LDAP Directory. You can ask to FusionDirectory to check if all schema stored in LDAP are correct.
Step 6 : Generic settings
- Look and feel
- theme : for the moment there is only one theme. It allow you to create a more corporate one.
- People and Group storage
- people DN attribute : a DN is composed from one or several attribute and the base DN. In this case the DN will be build with the CN attribute(common name) and base DN :
- people storage subtree : this is the branch where all users will be stored. by défault it is
- groups storage subtree : this is the branch where all groups will be stored. by défault it is
- include personal title : in some company the title (Director, manager ..) could be used for identify one user( eg : the cn will be :
cn=Director John Doe)
- relaxing naming policies : this option allow you to create a template for deducing the CN attribute. For using it please see manpage of Fusiondirectory.conf
- Automatic uid : it allow you the use a template for deducing the uid fiels which MUST be unique!
- GID/UID min : it's the minimum assignable user or group id
- Number base for people/groups : you can specify a start number for gid number and uid number (useful for using Fusiondirectory in existent structure)
- Password settings
- Password encryption algorithm : You can choose what encryption algorithm you used for storing password.
- Password restrictions : You can choose length of passwords and how many characters need to be different from old password (in case of changing password)
- Password change hook : You can choose a script used after change a password (useful for password synchronisation)
- Account expiration : is a method to get account expired based on password validity
Click on Next button to continue.
Step 7 : Customization of special parameters
This screen allows you to configure FusionDirectory timezone and snapshots.
- timezone : Timezone … like writed !
- Snapshot / Undo
- Enable snapshots : FusionDirectory allow you to make snapshot of branch or ldap object before making a dangerous manipulation or just to make a backup.
- Snapshot base : You could specify the name of the branch where they will be stored snapshots.
- Server : You could specify the same LDAP server or another one.
- User : The name of the user that can write in this ldap directory.
- Password : Password of the above user.
click on Next to continue.
Step 8 : Tweaking of some core behaviour
- FusionDirectory core settings
- Enable primary group filter : all user have a primary group, it allow you to filter on it
- Display summary in listings : It adds at the end of each table, the number of item for each kind of object
- Honour administrative unit : this parameter allow you to manage your IT infrastructure by administrative unit. An administrative unit is a pool with user, group, server, printers,… . You can, trough ACL, declare an administrator on this unit, which could be different as the IT administrator. It's another method of IT management
- Enable edit locking : When someone is using an LDAP object, a flag is set. FusionDirectory could show to other people who want to edit this object a warning messages. This parameter specify the attribute to test in this case.
- Enable Copy & Paste : you can copy and paste some LDAP object (for moving a user for example)…
- FusionDirectory logging : FusionDirectory could log some actions trough the syslog system on host.
- Login ans session
- Login attribute : it could be the mail attribute or the uid attribute or both. It's used for connecting on Fusiondirectory interface
- The following parameters is easy to understand
- Those options are interesting in case of developpement and troubleshooting
click on next button to continue.
Step 9 : LDAP data Migration
FusionDirectory have its own schema so some migration is needed as object type.
Show what migration is needed
In this case there is only 2 things to migrate:
- Object Class of root object
- create an FusionDirectory Admin
As part of the migration of an existing infrastructure, a test phase is mandatory.
For each item, just click on Migrate button
Migrate root object
Create a Fusion Directory Admin
Check if Directory is ready
Step 10 : get and install the configuration file
The configuration file must be installed in /etc/fusiondirectory/ directory.
Some specific permissions muste be applied :
root@fusion-install:~# fusiondirectory-setup --check-config Checking FusionDirectory's config file /etc/fusiondirectory/fusiondirectory.conf exists… /etc/fusiondirectory/fusiondirectory.conf is not set properly, do you want to fix it ?: [Yes/No]? Yes
Ubuntu 'Precise Pangolin (12.04 LTS)', 'Quantal Quetzal (12.10)'
root@fusion-install:~$ sudo fusiondirectory-setup --check-config Checking FusionDirectory's config file /etc/fusiondirectory/fusiondirectory.conf exists… /etc/fusiondirectory/fusiondirectory.conf is not set properly, do you want to fix it ?: [Yes/No]? Yes
Step 11 : Enjoy
Once all settings are applied, you get the following screen :
After making the connection with the login and password set at Step 9 you'll have the following screen :