Zentyal 3.3 Changelog


  • Fixed regression on restricted authentication to group


  • Fix error when initializing the framework without full environment (add the full path for id command)
  • Added Slovenian and Vietnamese languages
  • New EBox::Exceptions::Error to encapsulate generic Perl errors
  • Switch from Error to TryCatch for exception handling
  • Added EBox::NetWrappers::clean_ifaces_list_cache function
  • New urlEditions() helper method in EBox::Config
  • Truncate stack traces in Auth modules to avoid reveal credentials


  • Refactored module not enabled warning
  • Add version to header logo
  • HTML body can now have different styles based on the menu section
  • Hide close button on saving changes and backup progess dialogs. Don’t allow to close it with esc key on those cases.
  • Fix error when pageSize paramter is not supplied to the model controller
  • Workaround against modules changed when saving all changes
  • Recover from widget function exceptions
  • Use the same Mason interpreter for most HTML templates
  • Use more granular AJAX for table actions
  • Use stand-alone AJAX call to refresh save changes button
  • Allow to submit apport crash reports if debug=yes
  • Added new communityEdition() helper method in EBox::Global
  • Always reload page after saving changes
  • Use AJAX call to refresh save change buttons
  • Copy all the redis keys from ‘conf’ to ‘ro’ when saving changes of any module to prevent incoherences
  • Delete unused stopAllModules() and restartAllModules() in EBox::Global
  • Workaround against modules changed when saving all changes
  • Display remote services messages if they exist on Dashboard
  • Recover from widget function exceptions
  • Fixed mdstat output processing to remove “(auto-read-only)”
  • Fixed audit logging of delete actions
  • Fixed errors with row ID in ManageAdmins table
  • Fixed bug in selectSetter which hitted selects on DataForm with ‘unique’ option enabled
  • EBox::WebServer::removeNginxInclude does not longer throws a exception if the path to remove is not included
  • Copy all the redis keys from ‘conf’ to ‘ro’ when saving changes of any module to prevent incoherences
  • Delete unused stopAllModules() and restartAllModules() in EBox::Global
  • Use printableName in Configure Module popup
  • Replace fork of Apache2::AuthCookie with libapache2-authcookie-perl
  • Added EBox::Types::IPRange::addressesFromBeginToEnd class method
  • Set proper trial link in advertisements
  • Show register link in local backup when not registered
  • Strip the ‘C:\fakepath\’ that chrome adds to the file input
  • Make dump_exceptions key work also for mason exceptions
  • Pass HTTP_PROXY system environment variable to CGIs as they are used in Zentyal modules
  • Waiting for Zentyal ready page check is more robust now
  • Fixed error in the recursive method for getting module dependencies
  • Fixed JS typo which disabled export backup dialog
  • Added dbus dependency to avoid problems on some minimal installations
  • Make sure that we always commit/discard audit of changes when we save/revoke all modules
  • Add new row attribute “disabled”
  • Fixed JS glitch which broke the dashboard periodical updates
  • Better check of referer which skips cloud domain if it does not exists
  • Avoid warning when stopping a module without FirewallHelper
  • Include contents of /etc/resolv.conf in bug report
  • Avoid Apache error screen in login when entering through Zentyal Remote using password
  • Fix warning comparing undefined string in DomainName type
  • Rewrite row isEqualTo method using hashElements instead of elements
  • Only allow to move dashboard widget by its handle
  • Do not fail if zentyal-mysql.passwd ends with a newline character
  • Added Number.prototype.toTimeDiffString in format.js
  • Added .btn-black CSS class
  • Added enableInnoDbIfNeeded() to MyDBEngine
  • Fix loading on custom action buttons
  • Add icon for openchange module


  • Fixed regression which broke DHCP next-server options being written to config (Contributed by on-jz)


  • Fix set of dynamic attribute in domain table when samba module is enabled again
  • Enable sortlist option by default in /etc/zentyal/dns.conf
  • Added network as enabledepend, needed by the resolvconf management
  • Read DNS zones from samba database while provisioning
  • Enable resolvconf updates when starting and stopping bind9 daemon
  • Do not write reverse zone files if generate_reverse_zones is false
  • Do not set localhost as primary resolver if users module is configured
  • Update TXT _kerberos record on domain rename in external AD mode. In this case, the AD DNS server must be used
  • Enforce include of in DNS resolvers when enabling
  • Lowercase LDB domains for comparision


  • Hide password field for rsync method
  • Add date to duplicity-command.log


  • Disable seccomp sandboxing in the conf to avoid errors
  • Force depend on PPA version of vsftpd with the chroot patch
  • Added Support for chrooting users


  • Added precondition check for existing ‘external’ interface


  • Allow to use vdomains table when module is unconfigured
  • Dovecot passdb reordering and typo
  • Added required code to integrate with OpenChange
  • Preservice and postservice hooks now should work properly
  • Fixed regression which broke external account modification
  • Added openchange compatibility


  • Take in account mail dependency if mail module is enabled
  • Avoid call to mailfilter-ldap script from enableActions


  • Add module not enabled warning to interfaces page
  • Write resolvconf head, base and tail
  • Added resolvconf as dependency to avoid problems in installations without the ubuntu-minimal metapackage
  • Set proper file name for HTTP proxy configuration for APT
  • script should not regen gateway if we are saving changes
  • Set HTTP proxy wide settings in /etc/environment
  • Do not disable DNSResolver model when users mode is external AD
  • Use new resolvconf framework to manage resolvers list
  • Flush interfaces list cache after all ifups and all ifdowns
  • Fix setNameservers method in Network to avoid error in import interfaces


  • Only unroll member ip range addresses in the addresses() method


  • New module


  • Better behavior for daemons ifaceAddress methods
  • Precondition to assure there are certificates available in DownloadClientBundle model
  • In the tunnel client bundle don’t allow additional server addresses because they are not supported


  • Rename ‘Printer Sharing’ to ‘Printers’


  • Log helper changes: only check no-via lines, this avoid duplicate lines but made us lose the ‘TLS tunnel’ MAC and ‘user not found’ event. Also best treatment of MAC addresses, thanks to Gianluca Carlesso for his code for this


  • Hide close button on subscription progress dialog
  • Adapted to new AJAX update of save changes button
  • Update support information due to offer 2013
  • Update messages in info models
  • Remove useless code due to offer 2013
  • Retrieve the maximum users from Zentyal Remote
  • Added new i18n editions
  • Store an ad message instead of enforcing max number of users in the registration check
  • Now the module has support to store ad messages
  • Widget recovers from latestRemoteConfBackup connection errors
  • Fix reset URL in subscription wizard error
  • Pinning kernels so they are updated with QA updates active
  • Remove cron jobs when unregistering
  • Use latest REST Remote API to register a free account
  • Set proper trial link when a community account is registered
  • Use IPS module to know the number of IDS/IPS rules
  • Honor system-wide defined HTTP Proxy in REST client
  • Better error message when JSON credentials file is missing


  • Renamed printableName to File Sharing and Domain Services
  • Split settings in two menu entries: Domain and File Sharing
  • Provision – Clear link attribute on USERS entry when provisioning as adc
  • Provision – Remove DomainAdmins,Administrator and Guest from openLDAP when reprovisioning as additional DC
  • Do not hide domain guest account
  • Fix share guest access, based on domain guest account enabled status
  • LDB – Do not return users holding a servicePrincipalName by default
  • Provision – Improve the LDAP OUs purge after join domain
  • s4sync – Serveral fixes to make it more robust
  • OU – Improve creation code
  • LDB – Return OUs ordered, parents before childs
  • Provision – Link accounts holding zentyal service principals
  • Provision – Improve OU loading, skip zentyal internal OUs and linked
  • Provision – Link containers at provision stage, creating them if not exists. Ignore not linked OUs for sync operations
  • Provision – Set kerberos linked OU as visible only in advanced mode
  • Provision – Check no OUs are created below OU=Users. This violate the AD DIT, as OU=Users is linked to CN=Users
  • Do not import accounts while provisioning or joining a domain, rely on s4sync
  • Forbid sharing ‘/opt’
  • Add filesystem format check defining system shares
  • Update user CN on user modifications
  • Revert case sensitive shares. Use new SMB raw client library feature per packet case sensitive
  • Throw external exception instead internal if error changing user password
  • Show user friendly error creating system shares
  • Add precondition to GPO models, do not allow edition if server is ADC
  • Fix error in backup or clicking on edit GPO when server is ADC and sysvol is not yet replicated
  • Check if file system share path is a directory
  • Fixed unhandled exception when checking filesystem options
  • Group membership mapping between OpenLDAP and Samba is using now Samba’s objectGUID unique id to be 100% sure we match the right objects
  • Fixed a typo in a info message
  • Depend on the new Samba 4.1.1, also with fixed init script
  • Improve GPO models preconditions to avoid cannot connect to samba LDAP
  • Fix regression in unmanaged ACLs option
  • Prevent _postServiceHook code execution outside Save Changes
  • Fixed openLDAP -> samba integration for users, contacts and groups using non ascii characters
  • Check for acl and user_xattr mount options when adding system shares
  • Depend on new samba4 version that fixes 0-byte size problems
  • NT SD are now written to hidden and readonly files
  • Remove no longer used antivirus options
  • Get ldb object in s4sync after the initial wait
  • Use resolvconf tool to modify resolv.conf when joining as ADC
  • Set zavsd socket mode to 0777
  • Fix already defined variable warning
  • Fixed Samba share ACLs for guest-shares do not contain ‘Domain Users’ (Contributed by on-jz)
  • Disable debug to parse ldbsearch command output when looking on idmap.ldb
  • Set case sensitive on a per share basis
  • Fix netbios name no being updated when hostname change and samba module is not enabled
  • Disable debug to parse ldbsearch command output when looking for DNS zones stored in samba
  • Open files with minimal access mask to set the security descriptors
  • Added new ‘Apply ACLs recursively’ feature – one checkbox per samba share. If unchecked, changed ACLs will only be written to top-level share. Subfolders’ ACLs will be left unchanged. Default is checked. (Contributed by on-jz)
  • Fixed Samba share ACLs for ‘All users’ are not written to filesystem
  • Listen on all interfaces to avoid problems when more than one IP address is configured in the DNS module
  • Removed unnecessary FirewallHelper implementation
  • Delete unused updateHostnameFields() method
  • Mark network module as changed when upgrading from 3.0
  • Enforce set of shares ACLs when upgrading from 3.0
  • Remove old keytab when exporting new one
  • Add ForestDnsZones and DomainDnsZones partitions DNS records after join domain as additional domain controller
  • Ignore container ‘Microsoft Exchange System Objects’ when quering users stored in LDB
  • Write openchange options to smb.conf if module installed
  • Fix precondition on GPOScripts model


  • Replace select/deselect all buttons with column checkbox
  • Updated installer slides
  • Remove style in zentyal package list when sb is set as it is not longer applied
  • Remove restricted modules to get info


  • Make external AD auth available for offer 2013
  • Added http_allow to internal squid stub so proxy event does not need an explicit rule
  • Fix group based filter access rules in external AD mode, retrieving members of nested groups
  • Correctly escape DNs and search filters or external ACL helper script
  • Explicitly specify to listen on all IPv4 interfaces
  • Add new config key auth_ad_negative_acl_ttl to configure negative ACL cache time in external AD mode
  • Transparent proxy redirection for openvpn servers’ clients
  • Avoid error in access rules model when using external AD and module has not been configured
  • Improve squid group membership helper script
  • Fixed squid basic authentication to support multi-OU


  • Remove search field from usercorner menu


  • Forbid to create OUs inside Users, Groups or Computer OUs because we not support them when Samba is enabled
  • Forbid and print specific error message when trying to put two objects with the same CN in the same container
  • Show system but not internal groups in user edition form
  • Allow unsafe characters for user and password in external AD mode
  • Fixed bug in external AD connection. Reuse already estabished external AD connection
  • The “sub ous” return the OUs hierarquically ordered
  • Check for defined uidNumber and gidNumber creating users and groups
  • Wait for the services before ending the start daemon action to prevent its usage before being ready
  • Better error handling when the default group is not found
  • Fixed distribution group edition
  • Add error, errorText and errorDescription methods to EBox::Exceptions::LDAP
  • Better error handling when we get a LdapObject that doesn’t exists
  • Remove undefined warnings on users/group creation
  • Fix ‘Cannot connect to samba LDAP’ error in manage model when samba is installed but disabled
  • Force DNS restart when users mode changed
  • Force service principals update on _postServiceHook in external AD mode
  • Don’t use slave cloud sync if not subscribed
  • Adapted cloud sync to changes in user modules
  • Added childrenObjectClass parameter to EBox::Users::LdapObject::children
  • userExists and groupExists discriminates between shown objects and objects hid by SID
  • Fixed wrong path in ExternalAD::connectWithKerberos
  • Update names in tree view when either user or contact is edited
  • Fixed wizard error when setting external AD mode
  • Fixed EBox::Users::groupDn method
  • In contact edition do not store full name in cn but use givenname and sn to get fullname.
  • Use paginated search when getting children nodes in LdapObject
  • UTF8 decode DN when retrieving it from a LDAP object
  • Fixed cloud-sync script


  • Integration with the OpenChange module
  • Non-localhost IPs are used in the Roundcube config file


  • Available options correctly updated in user addon
  • Use new enableInnoDbIfNeeded() from core
To stay updated join our newsletter