FusionDirectory 1.0.x for debian ================================ Configure FusionDirectory ========================= By default you can point your favorite browser to the FusionDirectory setup by using this URL: http://you.server.address/fusiondirectory Follow the instructions on the screen. Security related information ============================== FusionDirectory is running as the www-data user. This makes it possible for other web applications (well, this is the rule for allmost every web application that stores information somewhere around) to read the fusiondirectory.conf file, which may contain vital information about your LDAP service. To make it harder to extract these passwords, they get encrypted by a master password only readable by the FusionDirectory location. You can simply migrate old existing passwords by typing: # a2enmod headers # fusiondirectory-setup --encrypt-passwords # /etc/init.d/apache2 reload If this is not enough for you (exploitable PHP code may make it possible to read the webservers memory), you can simply create another webserver instance running as a different user on different port for FusionDirectory exclusively. Or use apache2-mpm-itk and assign a different user to a virtual host. Further information =================== To improve this piece of software, please report all kind of errors using the bug tracker on https://forge.fusiondirectory.org Documentation: http://documentation.fusiondirectory.org/ Mailinglist: http://lists.fusiondirectory.org/ Irc: #fusiondirectory on freenode --- The FusionDirectory project