Commit c63507a4 authored by bmortier's avatar bmortier
Browse files

Merge branch '51-add-what-is-fusiondirectory-prerequisite-certified-distribution' into '1.3'

Resolve "add what is fusiondirectory / prerequisite /certified distribution"

Closes #51

See merge request fusiondirectory/dev-manual!83
parents e3aac504 2b4c2c93
Certified distributions
We certify FusionDirectory with all the most common distributions, here is a table which summarizes the level of support by distribution and version.
Fusiondirectory need at least PHP 5.6.
* Fusiondirectory 1.3 need >= PHP 5.6
* Fusiondirectory 1.4 need >= PHP 7.0
================= ======================== =======================
DISTRIBUTION FusionDirectory 1.2 FusionDirectory 1.3
================= ======================== =======================
Debian Jessie need a support contract need a support contract
Debian Stretch not supported supported
Debian Buster not supported supported
----------------- ------------------------ -----------------------
Ubuntu 16.04 LTS need a support contract supported
Ubuntu 18.04 LTS not supported supported
Ubuntu 20.04 LTS not supported work in progress
----------------- ------------------------ -----------------------
Centos 7 need a support contract supported
Centos 8 not supported work in progress
================= ======================== =======================
......@@ -11,6 +11,9 @@ Contents:
.. toctree::
:maxdepth: 2
FusionDirectory is a Web application that will need:
* a webserver;
* PHP;
* an ldap server;
* perl
Web server
FusionDirectory requires a web server that supports PHP, like:
* `Apache 2 (or more recent) <>`_;
* `Nginx <>`_;
* `Microsoft IIS <>`_.
As of 1.4 release, FusionDirectory requires `PHP <>`_ 7.0 or more recent.
.. note::
We recommand to use the most recent stable PHP release for better performances.
Mandatory extensions
Following PHP extensions are required for the app to work properly:
* ``cas``: for CAS authentication;
* ``curl``: to communicate with different types of servers and protocols
* ``filter``: to filters a variable with a specified filter;
* ``fpdf``: to export data in pdf format;
* ``gd``: to generate images;
* ``iconv`` : for the samba integration;
* ``imagick`` : to handle images;
* ``imap``: to handle imap servers management;
* ``json``: to get support for JSON data format;
* ``mbstring``: to manage multi bytes characters;
* ``ldap``: to connect and query the ldap server;
* ``openssl``: secured communications and generation of secure tokens;
* ``session``: to get user sessions support;
* ``simplexml``;
* ``xml``.
Optional extensions
.. note::
Even if those extensions are not mandatory, we advise you to install them anyways.
Following PHP extensions are required for some extra features of FusionDirectory :
* ``gettext`` : for an internationalized interface.
* ``mhash`` : to make use of SSHA encryption
* ``sha1`` : to make use of SSHA encryption
* ``zlib``: to handle snapshots;
PHP configuration file (``php.ini``) must be adapted to reflect following variables:
.. code-block:: ini
expose_php = Off;
implicit_flush = Off;
memory_limit = 128M ; // max memory limit
max_execution_time = 30 ; // not mandatory but adviced
session.auto_start = off ;
LDAP server
For FusionDirectory to work you need an ldap server.
Servers know to work are :
* `OpenLDAP`_
* `389DS`_
.. _OpenLDAP :
.. _389DS :
What is FusionDirectory ?
`FusionDirectory <>`__ provides a
solution to daily management of data stored in an LDAP directory.
Becoming the cornerstone of the information system, the corporate
directory becomes more complex offering more data and managing more
infrastructure services.
This interface is simple and can be used to delegate fully or partly the
data management to non-specialists.
- Users, groups, mail, ssh, personal management.
- Supann norm Management.
- `PARTAGE`_ mail integration
- Systems management : dhcp, dns, sudo, all kind of systems.
- System deployment management : `FAI`_, `OPSI`_
- Complex Roles Management.
- Access to multiple LDAP trees.
- FusionDirectory Triggers
Acls and roles
- ACLs are only used by FusionDirectory and not the underlying ldap server.
- ACLs can be assigned to roles.
- Global administrator : Can do everything.
- Local administrator : Can manage users and groups and also a branch.
- Human resources : Can create users from template to optimize the arrival of new people.
- User : Will only be able to change his data permitted by an administrator
FusionDirectory Triggers
FusionDirectory incorporates a series of triggers that can launch a specific action based on a task
FusionDirectory must run.
These triggers are associated with a content type (LDAP user, group, server, password, service
and the triggering action (create, edit, delete, change password … )
For example, when creating a user, a script generation form can be executed automatically
with information from the LDAP server.
This can be useful for generating badges with photo, a form of access to the canteen or sending an email
to warn other services of the actual arrival of the person.
This system is also convenient when we want to deploy the account of that person on an application that
does not support LDAP.
Another example is when a user leaves, you must:
* archive and delete his mailbox
* archive and remove its network space
* delete him from third party applications not connected to LDAP.
All of this can be easily done by shell scripts (at least in UNIX environment) and run automatically after
the suppression of the person by the administrator in FusionDirectory
The interaction with non-LDAP applications
FusionDirectory stores information of a service or a server on an LDAP
server. How about when this service does not have the opportunity to
interact with LDAP?
This question can be solved by creating:
- LDAP schema suitable for application to the LDAP server
- A plugin for its management in FusionDirectory with the simple plugin
- An `Argonaut`_ module for the client installed on the server
.. _FAI :
.. _OPSI :
.. _Argonaut :
.. _API :
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment