Zentyal 3.4 Changelog

antivirus

• Make FreshclamStatus model more resilient to errors
• Fix status when the freshclam state file is empty

bwmonitor

• Show reminder to enable interfaces when there are none enabled and the usage table is empty

ca

• Migrated to use Plack / PSGI API instead of the CGI one
• Use service instead of deprecated invoke-rc.d for init.d scripts

captiveportal

• Migrated to use Plack as the application server instead of mod_perl
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Fixed CaptivePortalQUota event watcher path
• Fixed restricted login by group
• Don’t show iptables error on Captive Daemon if debug is not enabled
• Regenerate, if needed captive, portal rules on startup of captived
• Better synchronization between sessions and iptables rules
• Fixed SID generation code
• Fix missing uses in EBox::CaptivePortal::Model::BWSettings

common

• Store trace on EBox::Exceptions::Base creation and available at trace method
• Make sure commercial messages are only displayed in English or Spanish
• Set debug = yes by default for daily builds
• Added EBox::Config::psgi() to get the path where all PSGI applications are stored
• Added EBox::Config::list() to parse space-separated values
• Updated EBox::Config::TestStub::fake to override EBox::Config::home so is more easy to use EBox::Users in unit tests
• Avoid undefined $Error::Depth warning in exceptions

core

• Ask for trace object to non-handled EBox::Exceptions::Base exceptions in the UnhandledError middleware. This will gives us useful stack traces.
• When requesting from type a non-existing value use acquirer if it is a volatile type
• EBox::WebAdmin::addNginxInclude does not longer raises exception if file not yet exists
• Improve post save modules algorithm
• Added local apparmor profile for mysqld
• Avoid to show two ‘module not enabled’ messages in composites
• All non external exceptions from normal requests are now shown in the UI with the stack trace to report as a bug
• All non external exceptions from AJAX requests are now shown in the UI with the stack trace to report as a bug
• Template exceptions in normal requests are now handled in webadmin
• Set templated files encoding to UTF-8
• Send Perl warnings to Zentyal log file in webadmin app
• Added keepFile parameter to EBox::Downloader::CGI::FromTempDir
• Remove idle and dead code from EBox::Module::Service::writeConfFile
• Added auditable property to EBox::Model::DataTable
• Added HAProxyPreSetConf to HaProxy::ServiceBase
• Moved management of webadmin certificate to HAProxy module
• Enable ReverseProxy middleware always
• MySQL is restarted before creating database
• Use root ownership for webadmin certificates
• Execute change hostname actions only if the hostname has really changed
• Don’t expire session on finish software wizard page
• Fixed show help JS to avoid to have help elements with different show state
• Use window.location.replace instead of window.location.href to redirect using JS
• In EBox::Type::Select, use element value as printableValue for unknown options or options without printableValue
• Save haproxy config as changed after webadmin’s initialSetup
• Send restartUI flag to restart service when restarting a module from the UI
• Fix calculation of page number when using go to last page control
• Update tracker url in dashboard widget
• Continue installation without ads if there is a error getting them
• Added EBox::WebAdmin::Middleware::SubAppAuth to validate WebAdmin sub-app requests
• Ported restricted resources to use nginx
• Removed EBox::Base::upload method because that’s 100% handled by Plack now.
• Increased the buffer size for uwsgi applications to allow big submits like the one from automatic error report
• Added a UnhandledError middleware to catch any die or exception not handled by Zentyal
• Added a Devel::StackTrace helper view that shows pretty backtraces
• Enable crash reports by default
• Added template for download link
• Created EBox::Util::Certificate, refactored create-certificate script
• Changes in haproxy port validation and allow haproxy internal services
• Restore AdminPort model for WebAdmin to improve usability
• Added EBox::Module::Config::replicationExcludeKeys()
• Added EBox::WebAdmin::PortObserver to be used by ha and remoteservices modules by the moment
• Added EBox::GlobalImpl::addModuleToPostSave to save modules after normal save changes process
• Added a way for HAProxy to retrieve the CA certificate entry that should be used
• Added a left-right composite layout
• Search and pagination forms can be omitted using showFilterForm and showPaginationForm properties
• Show nice error when global-action fails using die * scalar
• EBox::Util::Random now accepts a set of chars to have a random string
• Notify HA when a module which must have a single instance in the cluster is enabled/disabled.
• Added enabled action to /etc/init.d/zentyal to display whether a module is enabled or disabled
• Pass model, type and id to enabled subroutine in EBox::Types::MultiStateAction to be ortoghonal to handler property
• Fixed JS error on showing errors in customActionClicked
• Added middleware to have auth based on a env variable
• Updated nginx to server static files directly always so apache shouldn’t ever get this kind of requests
• Use uWSGI instead of Apache mod_perl for running CGIs
• Updated automatic bug report URL to new bug report endpoint
• Give support to custom actions without image. Those actions will not appear in the legend.
• Added to findValueMultipleFields and findValue the nosync parameter
• Added support for haproxy 1.5
• Moved nginx to listen on localhost
• Integration with HA module in save changes process
• Added icon for new zentyal-ha module
• Migrate rs_verify_servers in remoteservices.conf to rest_verify_servers core.conf
• Include basic support to free-format Template models to be included in Composites
• Move run-pending-ops script from remoteservices to core
• Rename EBox::RemoteServices::RESTResult to EBox::RESTClient::Result
• Move EBox::RemoteServices::RESTClient to EBox::RESTClient as it is used in ha and remoteservices module.
• Adapt init.d and upstart running checks to Ubuntu 13.10
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Adapted apache configuration to 2.4
• Adapted EBox::Config::Redis to the new libredis-perl API
• Adapted redis.conf to redis 2.6
• Zentyal MySQL custom conf is now written on initial-setup of logs using a mason template
• Write logs configuration only when the module is enabled
• Use replace instead of href to redirect in Controller::DataTable (This avoids infinite loops if the user press back button)
• Move EBox::CGI::Downloader::* modules to EBox::Downloader to make file downloads work again
• Avoid division by zero while using page navigation
• Automatic report text formatting adapted to Redmine
• Fix tab selection in tabbed composite from URL path anchor, for instance, /Maintenance/Events#ConfigureDispatchers
• Avoid errors triggered on web administration port validation
• ManageAdmins model now also add/removes lpadmin group
• Show nice error when global-action fails using die * scalar
• Fixed JS error on showing errors in customActionClicked
• Fixed rethrown of exception in restartService() and EBox::CGI::Base::upload methods
• Remove lock file in EBox::Util::Lock::unlock()
• Fixed mason component root for custom stubs
• Fixed regression in clone action
• Decode to utf8 the MySQL database results
• Create log database using utf8 charset
• Better way to set MySQL password for all the root accounts
• Use same JSON reply file for changeRowForm and dataInUse
• Fixed regression in AJAX changes with raised error when a data in use exception was found
• Fixed css error that hide information in the logs tables
• Use sharedscripts in zentyal-core logrotate to avoid triggering in every log file
• Take into account view customizer on audit logging
• Show complex types (more than one field) in audit log while editing by storing the dump of the value
• Fix EBox::Types::Composite::cmp to store changes when only last type is modified
• Fixed general widget packages to avoid error on ‘packages to upgrade’ section
• Fixed regression when table size is set to ‘view all’

dhcp

• Fixed ThinClientOptions nextServer value for interfaces other than eth0
• More generic help message for thin clients options page
• Added HA floating IPs constraints when creating ranges and fixed IPs
• Use service instead of deprecated invoke-rc.d for init.d scripts

dns

• Fix nsupdate error after domain rename
• Adapted apparmor configuration to Saucy
• Avoid lame servers message
• Use proper dlz library for bind9.9
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Take in account virtual interfaces too when getting addresses for a new domain

ebackup

• Fix regression in rsync method (contribution by billfarrow)

firewall

• Added portUsedByService method
• Updated to use the new haproxy API
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Fixed crash when editing view in Summarized Report
• Added EBox::Iptables::executeModuleRules to be able to execute
• Removed code made dead by new managament of DHCP nameservers
• Select text clearer for interfaces which have virtual interfaces

ftp

• Enabled the chrootUsers optionv
• Fix the enabling of the chrootUsers option

ha

• New module

ips

• Ignore bond slaves when looking for enabled interfaces (contribution by Vsevolod Kukol)
• Depend on new tcmalloc version in saucy

jabber

• Corrected getJabberAdmins to properly provide array of admins uid’s
• Using STARTTLS instead of SSL by default

mail

• Added and used checkMailNotInUse method
• Added _delVDomainAbort to LdapVDomain base to give the opportunity to abort vdomain removals
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Added and used checkMailNotInUse method
• Don’t add mail which already exists when adding group alias
• Better integration with openchange account addon
• Remove openchange account when removing mail account
• Postfix max mail size is increased by 36% because of base64 encoding
• Better integration of group alias addon
• Added openchange outgoing mail rewriting
• Added sieve_dir plugin parameter
• Nopass dovecot policy enabled only when Openchange provisioned

mailfilter

• Changed configuration of amavis to avoid only ipv6 in Net::LDAP bug
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Fixed logs summarized report

monitor

• Migrated to use Plack as the application server instead of mod_perl
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Show save changes message advice only when it applies
• Do not show internal errors when possible and suggest an advice to fix it

network

• Import current DHCP addresses in first setup and when enabling module
• Don’t allow domain names as target of failover tests, usability changes in failover rules
• Removed DNS resolution failover test
• Save module config after initialSetup
• Added flag to notify when an ifup is set
• Wait a bit in multigwRoutes to give time to dhcp/pppoe to register addresses
• Implement replicationExcludeKeys() to avoid replication of ifaces in HA
• Migrated to use Plack / PSGI API instead of the CGI one
• When adding a new IP (viface or static iface) it is checked to avoid collision with the current HA floating IPs
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Added bonding support (contribution by Vsevolod Kukol)
• Specifiy local address in failover tests to avoid vlan interface problems
• Fix Dynamic DNS with Zentyal Remote as provider when the registration wizard is done
• Fixed bad behaviour in interfaces method wizard
• Wait a bit in multigwRoutes to give time to dhcp/pppoe to register addresses
• Don’t generate resolvconf file until all interfaces are up
• nameservers() method always return 127.0.0.1 if DNS module is installed and enabled
• Fixed dhclient configuration
• Fixed some issues with showing of DHCP nameservers and removed related dead code
• Don’t use owner module in external-ip.pl script
• Changed failover firewall rules to not use owner module
• Fixed regression in VLANs interface (contribution by Chris Pitchford)
• Fixed bug which made impossible to edit pppoe gateways
• Fix regresion in the installer wizard that made options for static interfaces be always shown

ntp

• Better control of stopping daemon before syncing time
• Adapted apparmor configuration to Saucy
• Save module config after initialSetup
• Use service instead of deprecated invoke-rc.d for init.d scripts

nut

• nut init.d script renamed to nut-server in saucy

objects

• Clearer error when calling objectMembers with a invalid object id

openchange

• Avoid to mark webadmin as changed
• Update nginx template to allow access to /ews/oof
• Added UI message with sogo webmail interface location
• Sogo webmail shared contacts unified. Contacts working properly
• Use the new EBox::Samba::Ldbobject::isCritical method
• Contacts are now shown at the webmail interface
• Zentyal internal accounts hidden from webmail interface
• Save config if it changes in migration between versions
• Adapt sogo.conf to work only with ou=Users, fixes login problem
• Don’t allow to remove outgoing mail virtual domain
• Added rpcproxy service
• Provision openchangedb with mysql as backend
• Migrated to use Plack / PSGI API instead of the CGI one
• Remove obsolete sope dependency
• Added rpcproxy service to zentyal-webserver for Outlook Anywhere
• Calendar invitations now sent via email by default
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Using Zentyal MySQL confile template
• Extracted vdomain selection for outgoing mail to a new configuration model named Configuration
• Better user addon integration
• Fixed bug which not enabled new user accounts when using different mail domain than AD domain
• Prevent OpenChange provision if we don’t have access to update the schema or it’s already extended by another OpenChange / Exchange previous installation.
• Clean all previous data before enabling the module
• Fix regression hiding from module status
• Fixed migration form that is missing a .js file to work
• Hide openchange service status from the dashboard and linked it status to the one from Samba
• User addon – remove check that require AD domain to be the same as mail virtual domain
• Added basic deprovision option
• Fixed a typo that makes openchange appear always off on Dashboard
• Added vdomain selection for outgoing mail at provision screen

openvpn

• Log audit working properly for download client bundle
• Use service instead of deprecated invoke-rc.d for init.d scripts

printers

• Skip internal groups in printer ACL model
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Implement printers() method to retrieve users permissions

remoteservices

• Port proxy redirections to Nginx from Apache
• Use the new PortObserver to report a change in the webadmin listening port
• Migrated to use Plack as the application server instead of mod_perl
• Updated to use the new haproxy API.
• Move run-pending-ops script to core
• Move EBox::RemoteServices::RESTClient and RESTResult to core and uses it as base in specific behaviour
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Remove Disaster Recovery menu entry as it is managed by cloud-prof module
• Fix restore remote backup with spaces in the backup name
• Fix: Do not subscribe to the newsletter in the wizard if the user requires so
• On initial setup, do only reload bundle and restart the service if the server is registered
• Fix warning on last inside an eval on automatic-conf-backup script

samba

• Moved to use Net::LDAP::Control::Relax object to relax LDAP restrictions and forced the critical flag to 0 so Samba accepts it
• Added EBox::Samba::LdbObject::isCritical method to simplify all checks of the isCriticalSystemObject attribute
• EBox::Samba::LdbObject::setCritical cannot use lazy flag to work correctly
• Split openchange configuration into its own config file and set correct permissions on it
• Remove printers from dependencies list if the module is not installed
• Updated EBox::Samba::Users::setCredentials to stop using the lazy flag and added a note about why it cannot be used in the method documentation
• Write openchange options to use mysql as backend
• Use new addModuleToPostSave Global interface in Provision class
• Depend on new samba packaging instead of old samba4 one
• Use service instead of deprecated invoke-rc.d for init.d scripts
• ad-migrate: Detect offline role owner and seize roles
• Fixed setting of printers permissions
• s4sync: Check samba daemon is running
• Ignored and logged as errors the users, contacts and groups in OpenLDAP that are not linked with Samba objects
• Fix edit Group Policy Link after UI changes
• Fix GPO models UI
• Fix revert resolvconf configuration after joining domain
• Fix delete GPLink: use gPLink attribute name as our checkers are case sensitive
• Set allow_non_scanned_files = True on samba.conf by default to avoid issues with antivirus when editing files
• EBox::Samba::LdbObject::setCritical cannot use lazy flag to work correctly
• Fix NT_STATUS_ACCESS_DENIED opening files quering the DOS attributes and passing them to open function
• Set OpenChange as not provisioned when Samba is reprovisioned
• Added a way to check whether we are managing the AD schema or not
• Samba provision failures when IPs are not set no longer talk wrongly about internal interfaces
• Create directories in _setConf to avoid invalid group __USERS__ error
• Clean up openchange section in stub smb.conf file
• Fixed bug in EBox::LDB::users which made the method to not return users inside Organization Units
• Fix typo in SambaLdapUser that fixes error in change email
• Change user modification hook from _modifyUser to _preModifyUser
• Throw DataExists exception if the user try to rename a user on a container and already exists
• Check for duplicated DN on user creation and show a proper error, not an internal exception
• Fixed s4sync’s breakage when tries to sync serviceprincipals to OpenLDAP. Those users are ignored on EBox::LDB::users method
• Remove group share on group deletion
• Set the setShareRightsReset flag on SambaSharesPermissions row deletion
• Samba log helper is now aware of utf8
• EBox::Samba::LdbObject::deleteObject – Delete all childs before self deletion
• User profiles are only created if the OpenLDAP sync exists, otherwise, defer it until s4sync does the synchronization
• Typo fix in netbios validation
• Check if objects are system critical before deletion

services

• Added portUsedByService method
• Updated to use the new haproxy API

software

• Don’t expire session when first time menu is visible
• When there is no action defined for EBox::Software::CGI::InstallPkgs throw a MissingArgument instead of an Internal exception
• Migrated to use Plack as the application server instead of mod_perl
• Remove useless initial-setup script
• Be able to update zentyal components when clicking select all checkbox
• Update install button when clicking select all checkbox
• Send an alert if a restart is required after performing an automatic update with auto-updater

sogo

• New module

squid

• Give support to multiple addresses for a domain in Transparent Proxy Exemptions
• Save modules configurations after initialSetup
• Added all subdomains in cache exemptions
• Deny cache explicitly from cache exemption domains
• Give support to optional ABORTED flag in denied requests when the HTTP client aborts the request
• Adapt configuration for squid 3.3.8
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Forced 644 permission on Dansguardian files to avoid zombie processes
• Remove canonical_dn call for compatibility with MS LDAP servers in external AD mode
• Synchronise AD groups every 30 min if using external AD and any filter profile includes an AD group
• Manage errors when AD failed on fulfill our requests in external AD mode
• Give support to groups with more than 1500 members and more than 1000 groups in external AD mode
• Fixed regression in authenticationMode method
• Added validation of the domains added to the transparent proxy exceptions

trafficshaping

• Unallow edition of interface in rules until it is supported
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Mark bond slaves as not shapable and use the master bond for shaping (contribution by Vsevolod Kukol)

usercorner

• Enable ReverseProxy middleware always
• Added updateSessionPassword method
• User Corner service is now managed by HAProxy Service
• Added necessary saveConfigRecursive after initialSetup
• Migrated to use Plack as the application server instead of mod_perl
• Use service instead of deprecated invoke-rc.d for init.d scripts

users

• Updated EBox::Users::Model::Password to use EBox::Usercorner::updateSessionPassword method and the new samba location
• Stop changing users and contacts’ cn field on object edition, allowed to edit the displayName field, just as Windows does
• Disable OpenLDAP users sync in favor of Samba AD replication
• Avoid warning when checking whether we are in the usercorner
• Updated to use Plack / PSGI instead of mod_perl
• Updated to use the new haproxy API
• Use service instead of deprecated invoke-rc.d for init.d scripts
• Fixed soap.conf for apache 2.4
• Depend on apache2-utils, required to run htpasswd
• Add script to update the credentials when mode is external AD
• Added and used checkMailNotInUse method
• Updated cloud sync to ignore any change done in cloud to internal users or groups
• Fixed EBox::CloudSync::Slave to sync uid and gid numbers on user update and added unit tests for it
• Added EBox::Users::Group::setInternal method
• Allow to use lazy flag with EBox::Users::User::setInternal
• Added unit tests for cloud sync code
• Check available IP addresses when enable module
• Added lock to cloud-sync script
• Better integration of edit groups for mail group aliases
• Update group icon when type of group changes
• Implement _preModifyUser on LdapUserBase
• Throw exceptions on EBox::USers::LdapObject::get when entry not exists
• Fixed regression in LDAP info page for external AD mode
• Print slave-sync output to zentyal.log instead of stdout
• Fixed excesive restrictive validation of external AD password in wizard

webserver

• Check, at least, a listening port is mandatory
• Fix when webserver is not listening in HTTP port
• Don’t regenerate certificate if it has the same CN that the virtual host name
• Register in Apache configuration the public port used to reach it so automatic redirects work behind haproxy
• Modules changed in initialSetup have now its configuration saved
• Added support for internal virtual domains (only for openchange for now)
• Updated to use the new haproxy API
• Adapt configuration for Apache 2.4