Cerb

Release notes for Cerb 6.2 Cerb (6.2) is a major functionality update in development as of December 6, 2012. It contains over 77 new features and usability tweaks from community feedback. [Dashboards/Pie Charts/Subtotals] Subtotal widgets on ... [More] dashboards can now be configured to display their values as a pie chart instead of a frequency table. There are default wedge colors for up to 20 values, and they've been selected for clean visual separation as well as aesthetics. While following a rainbow pattern, the colors begin at green rather than red, ensuring the largest wedges are one of the green-blue-violet spectrum subdued colors instead of an alarming large red block on a dashboard. A list of subtotal values is displayed below the chart. The pie charts also have mouse interaction. Hovering over a wedge will render a slightly transparent bumper at the edge, and it will display a highlighter style on the appropriate subtotal; making it very easy to identify which value is associated with the selected pie wedge. [Dashboards/Subtotals] Subtotal widgets can now limit their results to the top 3-20 subtotal categories. This is useful when you want to build a 'Top 10' list, even though there may be extra results. [Community Portals/Proxy] Moved the visitor cookie handling into the Community Portals functionality. It was originally in the deployed index.php per portal, but this made it difficult to replace the PHP reverse proxy with other proxy software. It's now trivial to forego the index.php file and deploy Community Portals with more capable proxies like Apache mod_proxy or Nginx instead. The index.php deployment is no longer recommended, but it will remain available because it's the easiest option that is supported in nearly all environments (including shared hosting). [Dashboards/Plugins] Plugins can contribute new datasources for dashboard widgets. [Dashboards/Charts] Each series on a dashboard chart widget may now specify its own datasource. This makes it possible to plot data from multiple sources on a single chart. Previously charts were limited to just worklist data, but additional sources may be now implemented through plugins. Existing charts will be migrated automatically to the new format. [Dashboards/Plugins] Implemented dashboard widget datasource extensions for worklist, url, and manual entry. These behave comparably to the earlier built-in options; however, they can now be reused in new types of widgets (even in third-party plugins). A datasource extension can specify in its manifest which widgets it knows how to provide data for. [Dashboards/Counters] Counter widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Gauges] Gauge widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Usability] Some friendly instructions are now provided on gauge and counter widgets when they have no data source configured. This helps disambiguate true values of zero in those widgets from a non-configured widget. [Dashboards/Counters/Usability] Improved the usability when setting up a new counter on a dashboards. You no longer have to click into multiple tabs to configure its style and data source. [Dashboards/Counters/Usability] When setting up a counter, the data format for 'seconds' has been renamed to 'time elapsed' to make its purpose more intuitive. [Dashboard/Gauges/Usability] When setting up a gauge on a dashboard you can now always override the data format (e.g. number, decimal, percentage, time elapsed), or prepend and append text to the label. Previously these options were only available when using the 'manual' data source. This improves the flexibility of other data sources (especially arbitrary ones like 'URL'). [Dashboards/Charts/Usability] Improved the usability of configuring charts on dashboards. You now no longer have to click into multiple tabs to set the type of chart and pick a data source. [Dashboards/Bar Charts] Bar charts on dashboards are now capable of displaying a mix of positive and negative values. This is especially useful when plotting changes (i.e. deltas) in some metric over time. [Dashboards/Bar Charts/Usability] Bar charts on dashboards now display a line through zero on the y-axis. For regular bar charts with all positive values this improves readability when some bars may represent a zero values (and appear to have gaps). For charts with positive and negative values the origin line draws a clear distinction between them. [Dashboards/Charts] Line charts on dashboards can now be used to plot negative values. This is especially useful on time series charts where the y-axis value may be a positive or negative change (i.e. delta) in value. [Dashboards/Platform/Usability] Improved the mouseover tooltips for dashboard charts. They used to be printed directly on the chart, which meant they didn't handle long values well, and they also partially obscured the upper bounds of the data. Now the tooltips are handled by jQuery and CSS, so they could float or be stylized however we want. Eventually these will be exposed as custom events in the charting library, but the new defaults are more useful than the previous behavior. [Dashboards/Scatterplots/Usability] Scatterplots on dashboards are now their own widget. Previously they were a rendering option on charts, but their usage is different and it was confusing to many people that some line or bar charts couldn't display as a scatterplot without modification. It's now possible for datasource extensions to treat scatterplots specially; they're designed to visualize non-linear clusters of data. Existing scatterplots will be automatically migrated to the new format and shouldn't require any modification. [Dashboards/Scatterplots] Scatterplots will now scale their axes based on the given data. Previously, all scatterplots had (0,0) in the bottom left and if data was significantly larger (or negative) then most of the chart was wasted whitespace. Now you can use dates and timestamps on an axis and the chart will be scaled to the time between the min/max date, rather than showing 'all time'. [Dashboards/Scatterplots] Scatterplots can now display negative values. This is useful when plotting deltas where a trend may be decreasing. [Dashboards/Pie Charts] A new pie chart widget has been added to dashboards. This can be used to visualize distributions for external datasources. The subtotals widget is still the easiest way to render a pie chart from a worklist. [Dashboards/Pie Charts] The legend on pie charts can be set visible or hidden. When hidden, only the label and value of the currently focused wedge will be displayed. This is useful when there are many wedges and displaying the values all the time would clutter the dashboard. [Dashboard/Pie Charts] The value for pie chart wedges can be given a specific type (e.g. seconds elapsed, bytes, number, percentage, decimal) as well as a prefix and/or suffix. This makes it easier to discern units and whether you're looking at frequencies, averages, or sums. [Dashboards/Charts] Added a slight margin to the top and bottom of line charts so their min/max plots aren't cut in half. The y-zero line is also adjusted by -0.5 if it was on an odd numbered pixel, since this gives sharper straight lines w/o anti-aliasing. [Dashboards/Counters/Gauges/Usability] Dashboard counters and gauges may now display their values in 'bytes', which will display human readable units of storage space (e.g. 50KB, 270MB, 4.7GB). [Performance/Platform/Plugins] Prior to version 6.2, viewing the Plugins page in Setup would automatically scan the filesystem for new plugins or updates. This had a considerable performance impact because it reloaded every feature and plugin, including some expensive database operations (ACL, translations, etc). The process because generally unnecessary due to the introduction of the Plugin Library in version 5.7. Given those factors, this functionality has now been optimized in two ways: (1) Cerb will only scan for new plugins and changes in the storage/plugins/ directory when visiting the plugin page; (2) only plugins with a new version number in their plugin.xml will be re-synchronized. For most visits to the plugins page there should be a dramatic reduction in the amount of REPLACE queries run against the database. During development, the DEVELOPMENT_MODE flag circumvents this behavior to make it more convenient to edit code and view the results without constantly running the /update page. [Platform/Plugins] Fixed a bug in the DevblocksPlatform::sortObjects() method that forced all numbers to be compared as integers, thus rendering it incapable of properly sorting decimals (e.g. 0.5 and 0.3 were both rounded to zero). Numbers are now properly compared as floating point values. [Platform/Usability/Plugins] Added a 'TB' (terabytes) grouping to the 'bytes' format options and DevblocksPlatform::strPrettyBytes(). [Dashboards/Scatterplots] Multiple series on a dashboard scatterplot widget can now be plotted on independent or shared axes. Independent axes are useful when you want to look for relative trends between series on different scales. Shared axes compares each series on the same scale. [Dashboards/Scatterplots/Usability] Scatterplots now make a clearer distinction between plots from different series by using as a different symbol (e.g. o, +, x, *) as well as color. [Platform/Dependencies] Upgraded to jQuery UI 1.9 from 1.8.18 [CHD-3144] [Autocomplete/Usability] FIXED: Autocompletes overwrite input. [Devblocks/Platform] Added DevblocksPlatform::strBase32Encode() and ::strBase32Decode() helper functions. This is an uncommon encoding, but it's used for integration with Google Authenticator and there aren't built-in functions to base32 encode/decode (RFC-4648) in PHP5. [Login/Security/Usability] The login system has been renovated to support different authentication methods per worker. Previously, a worker had to know to switch between password, LDAP, OpenID, etc. Now, admins assign a specific method to a worker. The login form has two steps: in the first the worker provides their email address, and then they are routed to the appropriate login method for their account. This makes it much easier to standardize authentication on something like LDAP and hide normal Cerb password logins entirely. [Login/Security/Usability] When a new worker is invited to Cerb, or a worker's authentication method changes, they will be given the opportunity to set up their account's credentials on the next login. Previously an admin had to establish the initial password for new workers, and it was sent in plaintext through email -- and was possibly communicated in other ways between the admin and worker (SMS, email, chat room, etc). This process was a weak link in security. Now the worker can verify their identity through a one-time code, and they can set up a secure password right from their browser. This process also works for the advanced authentication methods like OpenID or Password+GoogleAuth. [Login/Security/Usability] When a login authentication method other than 'password' is in use, workers will not be shown the 'change password' option. Additionally, if the OpenID plugin is installed but not activated for a given worker, they will not be shown the OpenID options in their preferences. This should reduce confusion. [Login/Security/Recover] Each worker may now configure up to three 'secret questions' that are used to verify their identity when recovering their account's login information. In the past, all a worker needed to do to reset their login information was receive a code to their email address. The secret questions add an extra layer of security, because even if the code is intercepted (e.g. man-in-the-middle attack, packet sniffer, key logger) the attacker would need to know secret information about the worker to assume their identity. The page for setting up these questions makes recommendations about secure questions, but they should be open-ended non-quantitative questions like "What is your favorite sentence in your favorite book?". Answers to such questions are incredibly difficult to research or guess compared to "How old were you when…" or "What is your father's middle name?". Secret questions shouldn't have answers that can be found with a Google search or through social media. The wording of the answer much be exact, with all punctuation; although answers are case insensitive. An optional hint may be provided for each question and answer pair. [Login/Security/Recover/Plugins] A new centralized system for recovering an a worker account has been implemented. This saves plugin developers from having to implement redundant or inconsistent recovery methods. When a worker starts the account recovery process they are sent a one-time code through email and they are asked their secret questions (if configured). Once identified, their login method is instructed to reset their credentials and their next login will run through the set up process again. [Login/Security] When an invalid worker email address is typed into the login form, the password form will always be shown to make it more difficult for an attacker to discover valid logins. If the login form specified "Invalid worker" then an attacker could guess valid email addresses by using known worker names. They may still be able to guess worker email addresses, but the system will not confirm if they are valid or not. [Login/Security] Invalid email addresses or failed authentication (i.e. bad password) will now cause Cerb to pause for two seconds before reporting an error. This slows down brute force attempts (at least on a single connection). In a near future update this delay could become longer with each successive failure, and lock the account. [Login/Plugins] The login process may now be asynchronous. For example, with the OpenID plugin there are multiple URL redirects before authentication is successful or fails. Previously, Cerb expected an immediate answer from $extension->authenticate(). Plugins that need to redirect the browser before proceeding may redirect to the new /login/authenticated endpoint to finalize the new session. [Devblocks/Platform/QR] The jquery.qrcode plugin by Jerome Etienne is now available in the global jQuery environment. This is useful to quickly send information to mobile phones from the screen. See: http://jeromeetienne.github.com/jquery-qrcode/ [CHD-3099] [Login/Security/Google Authenticator] Implemented a new worker login plugin for two-factor authentication using 'Password + Google Authenticator'. This plugin requires workers to provide both their password and a time-based one-time password from the Google Auth mobile app (available for iOS, Android, and Blackberry). Cerb supports configuring Google Authenticator with a QR code that is displayed on the screen during a worker's first login. This significantly improves security by requiring both "something you know" (the password) and "something you have" (the physical mobile phone) in order to log in; and it's unlikely an attacker will have both. Each worker's mobile device is configured (via QR code) with a different random 16-character secret. [Mail/Peek/Usability] The peek popup for tickets now displays the Messages and Properties content on the same screen. Previously you had to switch between tabs to either preview the conversation or make changes to its properties. This removes extra clicks from one of the most frequently used interface elements. [Dashboards/Widgets/Custom HTML] Added a new 'Custom HTML' widget to dashboards. This provides a block of user-defined HTML/CSS/Javascript. There are countless uses for this: displaying external images, rendering charts from the Google Charts API, sharing announcements, posting todo lists, displaying widgets from Twitter/GitHub/Facebook, etc. Previously these things would need to be implemented as widget plugins. [Login/Usability] The login form now provides a "remember me" option which saves the current worker's email address in a cookie for two weeks. When enabled, subsequent requests to /login will automatically be redirected to the appropriate login form for the worker with the email address pre-filled. This streamlines the two-step login process on trusted computers. [Security/Sessions/Usability/Mobile] In Setup->Security admins may now determine when session cookies should expire in worker browsers. Previously these cookies were always removed when the browser was closed, but on mobile devices this distinction isn't always dependable. This resulted in session cookies that could expire many times per day on a mobile device despite never logging out or closing the mobile browser tab. Session cookies may now also be set to expire after 1 day, 1 week, 2 weeks, or 1 month. [Security/Session] Signing out will now destroy the current session's cookie. [CHD-3194] [Mail/History/Usability] The 'Recipient History' tab on ticket profiles now shows a count of the total number of rows in the worklist. The count reflects the scope (recipients, org, domain) and any active worklist filters. For example, to see the open ticket count on the history tab when viewing tickets you just need to filter the history worklist to status=open. The count will then automatically reflect open tickets on all subsequent pages. This should speed up workflows where multiple open tickets from the same sender are reviewed and potentially merged. Previously, workers always had to click into the history tab to see if anything needed their attention. [CHD-2783] [Mail/Merge/Usability] When merging tickets from a worklist, a confirmation popup is now displayed to verify the action. Previously, the merge action took place immediately. This should help prevent accidental merges from workers clicking on the wrong button. [CHD-3081] [Dashboards/Worklists/Usability] The 'add record' popup is now available from worklist widgets on dashboards. When you hover over a worklist the (+) icon will appear. This allows new records of any type to be created from dashboards without having to navigate to the search page. [Dashboards/Worklists/Usability] The 'peek' button will no longer wrap to the next line and leave gaps in worklist widget rows on dashboards. [Dashboards/Worklists/Usability] Worklist widgets on dashboards will no longer underline record links unless they're hovered over. This reduces visual clutter, as too many links on the screen can be overwhelming. [Mail/Reply/Usability] The snippet search box on the mail reply screen now shows a hint of "(Ctrl+Shift+I)" as the placeholder. This lets workers know that a keyboard shortcut is available. [Dashboards/Workspaces/Activity Log] Activity Log worklists may now be added to dashboards and workspaces. [Activity Log/Worklists] Activity Log worklists may now be filtered to specific actors or targets. For example, this can create a list of all the activity performed by a specific worker. Alternatively, you may create a list of all the activities that happened to a worker (e.g. assignments). This is especially useful when activity log worklists are added to dashboards. [Activity Log/Worklists] Activity Log worklists may be filtered by actor or target contexts. The available options are now displayed in a multiple selection list. For example, a worklist may be created that displays all the activity that happened to task records, or activities that were performed by workers (rather than groups or the system). This is especially useful when activity log worklists are added to dashboards. [Activity Log/Worklists] Activity Log worklists may be filtered by activity. The available options are now displayed in a multiple selection list. Previously, the person setting up the worklist had to know the internal IDs for the various events (which is unlikely). This change makes it easy to create a worklist of a specific kind of activity; for example, a list of comments posted on any record over the past week. [CHD-2464] [Activity Log/Security/Logins] The Activity Log will now record worker login and logout activity. Both logins and logouts record the IP address in use at the time. The login event also records the user-agent (platform, browser, version). This is especially useful when combined with workspace dashboards to perform security oversight. [Activity Log/Impersonation/Security] The Activity Log now records worker impersonation by administrators. The entry links to the administrator as the 'actor' with the worker they're impersonating as the 'target'. This provides accountability for impersonation events. [CHD-3182] [CHD-3057] [Snippets/Worklists/Usability] The green (+) add button is now available at the top of all snippet worklists. This consistency improvement enables the quick creation of snippets from arbitrary workspaces. [CHD-2756] [CHD-2915] [Activity Log/Mail] The Activity Log now records when a ticket is moved between groups or buckets. This is useful for SLAs and accountability. [Subtotals/Platform/Plugins] Implemented an abstract getSubtotalDataForContextAndIdColumns() method on C4AbstractView for subtotaling a combination of context/context_id fields for any table. This makes it easy to implement a two-step subtotal process (e.g. first pick 'Worker', then pick a specific worker) for any record type. This was first implemented for use by snippets (owners) and the Activity Log (actors, targets). [Activity Log/Subtotals] Activity Log worklists can now be subtotaled by 'Actor' or 'Target' using the two-step filtering process from context links. First a record type is selected (e.g. worker, task, ticket), then a specific record of that type may be selected. This replaces the 'Actor Context' and 'Target Context' subtotal fields because they're redundant with the first part of this new process. [Snippets/Subtotals] Snippet worklists can now be quickly filtered using owner subtotals. This uses a two-step subtotal process where the first step selects the owner type (e.g. worker, group, role) and the second step can optionally pick a specific owner of that type. This is more flexible than the 'owner' filter, which doesn't currently provide the option to find any worker-owned snippets. [Workspaces/Subtotals/Code Cleanup] Broken context links (e.g. links to records that have been deleted) will no longer be included in subtotal counts. [CHD-2822] [Choosers/Usability] Chooser popups opened from other choosers will now behave properly. For example, you can filter tickets by watchers using a chooser, and from there you can filter the worker list by a group chooser. Previously, the nested choosers would replace the first popup, making it impossible to complete the desired action. [Activity Log/Virtual Attendants/Worklists] Virtual Attendants can now manage worklists and behavior variables using Activity Log data. For example, a VA can send a daily report about worker login activity to a manager's email address. This could also be used to build a list of comments (e.g. comments by a particular worker, any comments about tickets, etc). [Virtual Attendants/Links] Virtual Attendants can now set dynamic links on any related records, custom fields, or behavior variables. Previously, each event only had a few actions like 'set ticket links', and the records to link had to be selected ahead of time with a chooser. Now, there is an 'On:' option for selecting the target record (which could be a ticket's sender's organization), and links can be set using placeholders and behavior variables, as well as choosers. For example, a VA behavior can read new ticket subjects looking for a domain to be mentioned, and it can automatically link that domain to the ticket. There could be thousands of possible domains and they don't have to be specified in the VA behavior ahead of time. This enables much more sophisticated workflow automation. Existing 'set links' actions will be automatically converted to the new format. [Virtual Attendants/Links/Simulator] The Virtual Attendant simulator will now display output for all 'Set links' actions. [CHD-3206] [Subtotals/Workspaces/Usability] Fixed an issue where clicking '(none)' hid the other totals when subtotaling KB articles by 'Topic' or messages by 'Worker'. [CHD-3205] [Drafts/Worklists] FIXED: Filtering on 'Message Type' via subtotals in a Draft worklist displays untranslated text in the filter bubbles. [Knowledgebase] Fixed an issue with Markdown-formatted Knowledgebase articles breaking in older versions of PHP 5.x when an article was tens of thousands of characters long. [CHD-2819] [Support Center/Registered Contacts] Registered Contacts can now be added from worklists. These records control who can log in to the Support Center. [Support Center/Registered Contacts] Registered Contacts can now be deleted from their peek popup. [CHD-2699] [Virtual Attendants/Links/Watchers] Virtual Attendants can now remove links and watchers from any record. The links to be removed can be placeholders (e.g. fields, watchers, custom fields), selected from choosers, or behavior variables (e.g. dynamic worklists). The 'Set Links' action has a new mode toggle for choosing between adding or removing. [CHD-3187] [Virtual Attendants/Mail Filtering] Virtual Attendants can now remove attachments on incoming messages from Mail Filtering behavior. Attachments can be matched with exact filenames, wildcard patterns, or regular expressions. [Less]

Introduction If you installed Cerb5 or Cerb6 from GitHub using Git then the process of updating to a new version is simple and straightforward. If you're using Subversion, you can switch to Git with these instructions. You won't need to copy your ... [More] framework.config.php or storage directories. Everything will be upgraded in place. Check your license expiration First, verify that your license is valid for the latest version. Navigate to Setup->Settings->License in Cerb6. Check the date for Software Updates Expire: If it's in the future, you're all set. Continue to the next section. If it's in the past, you either need to renew your license or upgrade to the latest version covered by your license. You can check approximate release dates from our profile on Freshmeat. Make a backup Refer to the instructions here to make a recent backup: http://wiki.cerb5.com/wiki/Backups Updating the project files We recommend creating a new branch for each version of the project. With a branch per version you can make an informed decision about which of your modifications and hacks to carry over. Some of your modifications to the project files may not make sense in the latest version because your feedback was implemented. You're perfectly welcome to modify the main project files, but the officially recommended way to extend the software is to take advantage of our comprehensive plugin system. Using plugins, your changes will be easily portable between versions or environments. Let's proceed with the upgrade by creating a new version branch: Open a console on your server and change to the directory of your Cerb6 installation. First, you'll want to stash your local changes to files like framework.config.php, which will make merging changes easier: git stash Find the name of the remote repository. In most cases this will be origin by default. You can verify this with: git remote Fetch the branches from the remote server: git fetch origin From here you can decide which version to upgrade to: git branch -r Add a new local branch for the desired version: git branch --track 6.1.4 origin/6.1.4 Switch to the new version branch: git checkout 6.1.4 Re-apply your local stashed changes: git stash pop Note: If you'd prefer to use a single branch instead of one branch per version, you can use the stable branch instead of a version number. This branch will always contain the files for the most recent release, but you may have to manually merge conflicts if you've made changes to the code. In the event of conflicts... If your stashed changes were non-trivial then you may run into a situation where your changes conflict with our changes in the new version. In such a situation you can decide to merge the changes by hand, using a command like git mergetool, or you can simply reset such files to their default state with git checkout -- <file> Permissions It is possible that using version control systems like Git and Subversion will modify your file permissions. You should verify that all files are owned and readable by your webserver user, and that the /storage directory and its contents are owned and readable+writeable by your webserver user. Upgrading the database Once your files are updated to a new version, Cerb5 automatically brings your database up to date and migrates any relevant data to new formats. For a major upgrade there will almost always be changes to the database. This section may not apply for smaller maintenance updates. To start the database upgrade process you simply need to navigate to your helpdesk using a browser. You can also initiate this process manually by opening the /update page. For example, if your helpdesk is located at http://example.com/cerb6/ then you would open http://example.com/cerb6/update in your browser. Note: If you aren't using friendly URLs, then you would navigate to http://example.com/cerb6/index.php/update instead. Once the database is upgraded then you'll be returned to your login form and you can resume using the helpdesk. Purge the /install directory Make sure the /install directory is deleted. It is possible for version control systems like Git to restore this directory during an upgrade. Updating Community Portals If you have Community Portals in use, like the Support Center, then it's a good idea to make sure they're using the latest version of the deployed index.php file. This file rarely changes, but you will experience subtle and difficult to diagnose problems if it does change and you don't update your portals. Navigate to Setup->Community Portals->Configure. For each Community Portal, click on it and open the Installation tab. Copy the contents of index.php to the location where your portal is installed. All done! You should be all set to take advantage of our latest improvements. Be sure to review the list of changes for the new version. [Less]

Introduction Prior to the release of Cerb5, the official recommendation was to use Subversion for installing and upgrading the app. This made sense years ago when support wasn't prevalent for the next generation of distributed version control tools ... [More] like Git. Today, Git is available for all major platforms. Our official repositories are managed with Git and collaboration is provided through GitHub. If you're still using Subversion to manage your Cerb5 installation, we highly recommend that you migrate to Git. As of January 2012 we have discontinued hosting our own Subversion repositories. If for some reason you are unable to use Git, you can switch to our new Subversion repository at GitHub. Make the change Move your existing Cerb5 installation to a directory named cerb5-svn. Make a backup Make a recent backup using the instructions here: http://wiki.cerb5.com/wiki/Backups Keep local modifications Change directory to your existing files: cd cerb5-svn Make a patch of your local modifications: svn diff > my_changes.patch Find your existing version grep "APP_VERSION" -m 1 api/Application.class.php Download the same version of Cerb5 with Git Return to the parent directory where cerb5-svn is located: cd .. Perform a fresh checkout of the Cerb5 project files from Git using the same version. Replace <version> in the command below with the version number from the previous section above with the following convention: 5.5.0 -> 5.5 5.5.2 -> 5.5.2 In other words, if the version ends in .0 then just include the first two numbers. Checkout the latest version of Cerb6 from GitHub using Git: git clone -b <version> git://github.com/wgm/cerb6.git cerb6-git Merge the copies Remove the .svn subdirectories from storage and then move it to cerb5-git: find cerb5-svn/storage -type d -name '.svn' -exec rm -Rf {} \; mv -n cerb5-svn/storage/* cerb6-git/storage You can then apply your patch to the new files: cp cerb5-svn/my_changes.patch cerb6-git cd cerb6-git patch -p0 < my_changes.patch rm my_changes.patch Finish up If you placed any custom plugins in the /features directory, move them from cerb5-svn/features to cerb6-git/storage/plugins. This is where all custom plugins should go in the future. Be careful to not copy any official plugins. Move or rename the cerb6-git directory back to your desired location. Make sure all the files are owned and readable by the webserver user, and the /storage directory and its contents are owned and writeable+readable by the webserver user. This might be a good time to upgrade to the latest version using Git. Open Cerb6 in your web browser. [Less]

Release notes for Cerb 6.2 Cerb (6.2) is a major functionality update in development as of November 30 2012. It contains over 50 new features and usability tweaks from community feedback. [Dashboards/Pie Charts/Subtotals] Subtotal widgets on ... [More] dashboards can now be configured to display their values as a pie chart instead of a frequency table. There are default wedge colors for up to 20 values, and they've been selected for clean visual separation as well as aesthetics. While following a rainbow pattern, the colors begin at green rather than red, ensuring the largest wedges are one of the green-blue-violet spectrum subdued colors instead of an alarming large red block on a dashboard. A list of subtotal values is displayed below the chart. The pie charts also have mouse interaction. Hovering over a wedge will render a slightly transparent bumper at the edge, and it will display a highlighter style on the appropriate subtotal; making it very easy to identify which value is associated with the selected pie wedge. [Dashboards/Subtotals] Subtotal widgets can now limit their results to the top 3-20 subtotal categories. This is useful when you want to build a 'Top 10' list, even though there may be extra results. [Community Portals/Proxy] Moved the visitor cookie handling into the Community Portals functionality. It was originally in the deployed index.php per portal, but this made it difficult to replace the PHP reverse proxy with other proxy software. It's now trivial to forego the index.php file and deploy Community Portals with more capable proxies like Apache mod_proxy or Nginx instead. The index.php deployment is no longer recommended, but it will remain available because it's the easiest option that is supported in nearly all environments (including shared hosting). [Dashboards/Plugins] Plugins can contribute new datasources for dashboard widgets. [Dashboards/Charts] Each series on a dashboard chart widget may now specify its own datasource. This makes it possible to plot data from multiple sources on a single chart. Previously charts were limited to just worklist data, but additional sources may be now implemented through plugins. Existing charts will be migrated automatically to the new format. [Dashboards/Plugins] Implemented dashboard widget datasource extensions for worklist, url, and manual entry. These behave comparably to the earlier built-in options; however, they can now be reused in new types of widgets (even in third-party plugins). A datasource extension can specify in its manifest which widgets it knows how to provide data for. [Dashboards/Counters] Counter widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Gauges] Gauge widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Usability] Some friendly instructions are now provided on gauge and counter widgets when they have no data source configured. This helps disambiguate true values of zero in those widgets from a non-configured widget. [Dashboards/Counters/Usability] Improved the usability when setting up a new counter on a dashboards. You no longer have to click into multiple tabs to configure its style and data source. [Dashboards/Counters/Usability] When setting up a counter, the data format for 'seconds' has been renamed to 'time elapsed' to make its purpose more intuitive. [Dashboard/Gauges/Usability] When setting up a gauge on a dashboard you can now always override the data format (e.g. number, decimal, percentage, time elapsed), or prepend and append text to the label. Previously these options were only available when using the 'manual' data source. This improves the flexibility of other data sources (especially arbitrary ones like 'URL'). [Dashboards/Charts/Usability] Improved the usability of configuring charts on dashboards. You now no longer have to click into multiple tabs to set the type of chart and pick a data source. [Dashboards/Bar Charts] Bar charts on dashboards are now capable of displaying a mix of positive and negative values. This is especially useful when plotting changes (i.e. deltas) in some metric over time. [Dashboards/Bar Charts/Usability] Bar charts on dashboards now display a line through zero on the y-axis. For regular bar charts with all positive values this improves readability when some bars may represent a zero values (and appear to have gaps). For charts with positive and negative values the origin line draws a clear distinction between them. [Dashboards/Charts] Line charts on dashboards can now be used to plot negative values. This is especially useful on time series charts where the y-axis value may be a positive or negative change (i.e. delta) in value. [Dashboards/Platform/Usability] Improved the mouseover tooltips for dashboard charts. They used to be printed directly on the chart, which meant they didn't handle long values well, and they also partially obscured the upper bounds of the data. Now the tooltips are handled by jQuery and CSS, so they could float or be stylized however we want. Eventually these will be exposed as custom events in the charting library, but the new defaults are more useful than the previous behavior. [Dashboards/Scatterplots/Usability] Scatterplots on dashboards are now their own widget. Previously they were a rendering option on charts, but their usage is different and it was confusing to many people that some line or bar charts couldn't display as a scatterplot without modification. It's now possible for datasource extensions to treat scatterplots specially; they're designed to visualize non-linear clusters of data. Existing scatterplots will be automatically migrated to the new format and shouldn't require any modification. [Dashboards/Scatterplots] Scatterplots will now scale their axes based on the given data. Previously, all scatterplots had (0,0) in the bottom left and if data was significantly larger (or negative) then most of the chart was wasted whitespace. Now you can use dates and timestamps on an axis and the chart will be scaled to the time between the min/max date, rather than showing 'all time'. [Dashboards/Scatterplots] Scatterplots can now display negative values. This is useful when plotting deltas where a trend may be decreasing. [Dashboards/Pie Charts] A new pie chart widget has been added to dashboards. This can be used to visualize distributions for external datasources. The subtotals widget is still the easiest way to render a pie chart from a worklist. [Dashboards/Pie Charts] The legend on pie charts can be set visible or hidden. When hidden, only the label and value of the currently focused wedge will be displayed. This is useful when there are many wedges and displaying the values all the time would clutter the dashboard. [Dashboard/Pie Charts] The value for pie chart wedges can be given a specific type (e.g. seconds elapsed, bytes, number, percentage, decimal) as well as a prefix and/or suffix. This makes it easier to discern units and whether you're looking at frequencies, averages, or sums. [Dashboards/Charts] Added a slight margin to the top and bottom of line charts so their min/max plots aren't cut in half. The y-zero line is also adjusted by -0.5 if it was on an odd numbered pixel, since this gives sharper straight lines w/o anti-aliasing. [Dashboards/Counters/Gauges/Usability] Dashboard counters and gauges may now display their values in 'bytes', which will display human readable units of storage space (e.g. 50KB, 270MB, 4.7GB). [Performance/Platform/Plugins] Prior to version 6.2, viewing the Plugins page in Setup would automatically scan the filesystem for new plugins or updates. This had a considerable performance impact because it reloaded every feature and plugin, including some expensive database operations (ACL, translations, etc). The process because generally unnecessary due to the introduction of the Plugin Library in version 5.7. Given those factors, this functionality has now been optimized in two ways: (1) Cerb will only scan for new plugins and changes in the storage/plugins/ directory when visiting the plugin page; (2) only plugins with a new version number in their plugin.xml will be re-synchronized. For most visits to the plugins page there should be a dramatic reduction in the amount of REPLACE queries run against the database. During development, the DEVELOPMENT_MODE flag circumvents this behavior to make it more convenient to edit code and view the results without constantly running the /update page. [Platform/Plugins] Fixed a bug in the DevblocksPlatform::sortObjects() method that forced all numbers to be compared as integers, thus rendering it incapable of properly sorting decimals (e.g. 0.5 and 0.3 were both rounded to zero). Numbers are now properly compared as floating point values. [Platform/Usability/Plugins] Added a 'TB' (terabytes) grouping to the 'bytes' format options and DevblocksPlatform::strPrettyBytes(). [Dashboards/Scatterplots] Multiple series on a dashboard scatterplot widget can now be plotted on independent or shared axes. Independent axes are useful when you want to look for relative trends between series on different scales. Shared axes compares each series on the same scale. [Dashboards/Scatterplots/Usability] Scatterplots now make a clearer distinction between plots from different series by using as a different symbol (e.g. o, +, x, *) as well as color. [Platform/Dependencies] Upgraded to jQuery UI 1.9 from 1.8.18 [CHD-3144] [Autocomplete/Usability] FIXED: Autocompletes overwrite input. [Devblocks/Platform] Added DevblocksPlatform::strBase32Encode() and ::strBase32Decode() helper functions. This is an uncommon encoding, but it's used for integration with Google Authenticator and there aren't built-in functions to base32 encode/decode (RFC-4648) in PHP5. [Login/Security/Usability] The login system has been renovated to support different authentication methods per worker. Previously, a worker had to know to switch between password, LDAP, OpenID, etc. Now, admins assign a specific method to a worker. The login form has two steps: in the first the worker provides their email address, and then they are routed to the appropriate login method for their account. This makes it much easier to standardize authentication on something like LDAP and hide normal Cerb password logins entirely. [Login/Security/Usability] When a new worker is invited to Cerb, or a worker's authentication method changes, they will be given the opportunity to set up their account's credentials on the next login. Previously an admin had to establish the initial password for new workers, and it was sent in plaintext through email -- and was possibly communicated in other ways between the admin and worker (SMS, email, chat room, etc). This process was a weak link in security. Now the worker can verify their identity through a one-time code, and they can set up a secure password right from their browser. This process also works for the advanced authentication methods like OpenID or Password+GoogleAuth. [Login/Security/Usability] When a login authentication method other than 'password' is in use, workers will not be shown the 'change password' option. Additionally, if the OpenID plugin is installed but not activated for a given worker, they will not be shown the OpenID options in their preferences. This should reduce confusion. [Login/Security/Recover] Each worker may now configure up to three 'secret questions' that are used to verify their identity when recovering their account's login information. In the past, all a worker needed to do to reset their login information was receive a code to their email address. The secret questions add an extra layer of security, because even if the code is intercepted (e.g. man-in-the-middle attack, packet sniffer, key logger) the attacker would need to know secret information about the worker to assume their identity. The page for setting up these questions makes recommendations about secure questions, but they should be open-ended non-quantitative questions like "What is your favorite sentence in your favorite book?". Answers to such questions are incredibly difficult to research or guess compared to "How old were you when…" or "What is your father's middle name?". Secret questions shouldn't have answers that can be found with a Google search or through social media. The wording of the answer much be exact, with all punctuation; although answers are case insensitive. An optional hint may be provided for each question and answer pair. [Login/Security/Recover/Plugins] A new centralized system for recovering an a worker account has been implemented. This saves plugin developers from having to implement redundant or inconsistent recovery methods. When a worker starts the account recovery process they are sent a one-time code through email and they are asked their secret questions (if configured). Once identified, their login method is instructed to reset their credentials and their next login will run through the set up process again. [Login/Security] When an invalid worker email address is typed into the login form, the password form will always be shown to make it more difficult for an attacker to discover valid logins. If the login form specified "Invalid worker" then an attacker could guess valid email addresses by using known worker names. They may still be able to guess worker email addresses, but the system will not confirm if they are valid or not. [Login/Security] Invalid email addresses or failed authentication (i.e. bad password) will now cause Cerb to pause for two seconds before reporting an error. This slows down brute force attempts (at least on a single connection). In a near future update this delay could become longer with each successive failure, and lock the account. [Login/Plugins] The login process may now be asynchronous. For example, with the OpenID plugin there are multiple URL redirects before authentication is successful or fails. Previously, Cerb expected an immediate answer from $extension->authenticate(). Plugins that need to redirect the browser before proceeding may redirect to the new /login/authenticated endpoint to finalize the new session. [Devblocks/Platform/QR] The jquery.qrcode plugin by Jerome Etienne is now available in the global jQuery environment. This is useful to quickly send information to mobile phones from the screen. See: http://jeromeetienne.github.com/jquery-qrcode/ [CHD-3099] [Login/Security/Google Authenticator] Implemented a new worker login plugin for two-factor authentication using 'Password + Google Authenticator'. This plugin requires workers to provide both their password and a time-based one-time password from the Google Auth mobile app (available for iOS, Android, and Blackberry). Cerb supports configuring Google Authenticator with a QR code that is displayed on the screen during a worker's first login. This significantly improves security by requiring both "something you know" (the password) and "something you have" (the physical mobile phone) in order to log in; and it's unlikely an attacker will have both. Each worker's mobile device is configured (via QR code) with a different random 16-character secret. [Mail/Peek/Usability] The peek popup for tickets now displays the Messages and Properties content on the same screen. Previously you had to switch between tabs to either preview the conversation or make changes to its properties. This removes extra clicks from one of the most frequently used interface elements. [Dashboards/Widgets/Custom HTML] Added a new 'Custom HTML' widget to dashboards. This provides a block of user-defined HTML/CSS/Javascript. There are countless uses for this: displaying external images, rendering charts from the Google Charts API, sharing announcements, posting todo lists, displaying widgets from Twitter/GitHub/Facebook, etc. Previously these things would need to be implemented as widget plugins. [Login/Usability] The login form now provides a "remember me" option which saves the current worker's email address in a cookie for two weeks. When enabled, subsequent requests to /login will automatically be redirected to the appropriate login form for the worker with the email address pre-filled. This streamlines the two-step login process on trusted computers. [Security/Sessions/Usability/Mobile] In Setup->Security admins may now determine when session cookies should expire in worker browsers. Previously these cookies were always removed when the browser was closed, but on mobile devices this distinction isn't always dependable. This resulted in session cookies that could expire many times per day on a mobile device despite never logging out or closing the mobile browser tab. Session cookies may now also be set to expire after 1 day, 1 week, 2 weeks, or 1 month. [Security/Session] Signing out will now destroy the current session's cookie. [CHD-3194] [Mail/History/Usability] The 'Recipient History' tab on ticket profiles now shows a count of the total number of rows in the worklist. The count reflects the scope (recipients, org, domain) and any active worklist filters. For example, to see the open ticket count on the history tab when viewing tickets you just need to filter the history worklist to status=open. The count will then automatically reflect open tickets on all subsequent pages. This should speed up workflows where multiple open tickets from the same sender are reviewed and potentially merged. Previously, workers always had to click into the history tab to see if anything needed their attention. [CHD-2783] [Mail/Merge/Usability] When merging tickets from a worklist, a confirmation popup is now displayed to verify the action. Previously, the merge action took place immediately. This should help prevent accidental merges from workers clicking on the wrong button. [Less]

Release notes for Cerb 6.2 Cerb (6.2) is a major functionality update in development as of November 14 2012. It contains over 32 new features and usability tweaks from community feedback. [Dashboards/Pie Charts/Subtotals] Subtotal widgets on ... [More] dashboards can now be configured to display their values as a pie chart instead of a frequency table. There are default wedge colors for up to 20 values, and they've been selected for clean visual separation as well as aesthetics. While following a rainbow pattern, the colors begin at green rather than red, ensuring the largest wedges are one of the green-blue-violet spectrum subdued colors instead of an alarming large red block on a dashboard. A list of subtotal values is displayed below the chart. The pie charts also have mouse interaction. Hovering over a wedge will render a slightly transparent bumper at the edge, and it will display a highlighter style on the appropriate subtotal; making it very easy to identify which value is associated with the selected pie wedge. [Dashboards/Subtotals] Subtotal widgets can now limit their results to the top 3-20 subtotal categories. This is useful when you want to build a 'Top 10' list, even though there may be extra results. [Community Portals/Proxy] Moved the visitor cookie handling into the Community Portals functionality. It was originally in the deployed index.php per portal, but this made it difficult to replace the PHP reverse proxy with other proxy software. It's now trivial to forego the index.php file and deploy Community Portals with more capable proxies like Apache mod_proxy or Nginx instead. The index.php deployment is no longer recommended, but it will remain available because it's the easiest option that is supported in nearly all environments (including shared hosting). [Dashboards/Plugins] Plugins can contribute new datasources for dashboard widgets. [Dashboards/Charts] Each series on a dashboard chart widget may now specify its own datasource. This makes it possible to plot data from multiple sources on a single chart. Previously charts were limited to just worklist data, but additional sources may be now implemented through plugins. Existing charts will be migrated automatically to the new format. [Dashboards/Plugins] Implemented dashboard widget datasource extensions for worklist, url, and manual entry. These behave comparably to the earlier built-in options; however, they can now be reused in new types of widgets (even in third-party plugins). A datasource extension can specify in its manifest which widgets it knows how to provide data for. [Dashboards/Counters] Counter widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Gauges] Gauge widgets on dashboards can now pull in data using datasource plugins. [Dashboards/Usability] Some friendly instructions are now provided on gauge and counter widgets when they have no data source configured. This helps disambiguate true values of zero in those widgets from a non-configured widget. [Dashboards/Counters/Usability] Improved the usability when setting up a new counter on a dashboards. You no longer have to click into multiple tabs to configure its style and data source. [Dashboards/Counters/Usability] When setting up a counter, the data format for 'seconds' has been renamed to 'time elapsed' to make its purpose more intuitive. [Dashboard/Gauges/Usability] When setting up a gauge on a dashboard you can now always override the data format (e.g. number, decimal, percentage, time elapsed), or prepend and append text to the label. Previously these options were only available when using the 'manual' data source. This improves the flexibility of other data sources (especially arbitrary ones like 'URL'). [Dashboards/Charts/Usability] Improved the usability of configuring charts on dashboards. You now no longer have to click into multiple tabs to set the type of chart and pick a data source. [Dashboards/Bar Charts] Bar charts on dashboards are now capable of displaying a mix of positive and negative values. This is especially useful when plotting changes (i.e. deltas) in some metric over time. [Dashboards/Bar Charts/Usability] Bar charts on dashboards now display a line through zero on the y-axis. For regular bar charts with all positive values this improves readability when some bars may represent a zero values (and appear to have gaps). For charts with positive and negative values the origin line draws a clear distinction between them. [Dashboards/Charts] Line charts on dashboards can now be used to plot negative values. This is especially useful on time series charts where the y-axis value may be a positive or negative change (i.e. delta) in value. [Dashboards/Platform/Usability] Improved the mouseover tooltips for dashboard charts. They used to be printed directly on the chart, which meant they didn't handle long values well, and they also partially obscured the upper bounds of the data. Now the tooltips are handled by jQuery and CSS, so they could float or be stylized however we want. Eventually these will be exposed as custom events in the charting library, but the new defaults are more useful than the previous behavior. [Dashboards/Scatterplots/Usability] Scatterplots on dashboards are now their own widget. Previously they were a rendering option on charts, but their usage is different and it was confusing to many people that some line or bar charts couldn't display as a scatterplot without modification. It's now possible for datasource extensions to treat scatterplots specially; they're designed to visualize non-linear clusters of data. Existing scatterplots will be automatically migrated to the new format and shouldn't require any modification. [Dashboards/Scatterplots] Scatterplots will now scale their axes based on the given data. Previously, all scatterplots had (0,0) in the bottom left and if data was significantly larger (or negative) then most of the chart was wasted whitespace. Now you can use dates and timestamps on an axis and the chart will be scaled to the time between the min/max date, rather than showing 'all time'. [Dashboards/Scatterplots] Scatterplots can now display negative values. This is useful when plotting deltas where a trend may be decreasing. [Dashboards/Pie Charts] A new pie chart widget has been added to dashboards. This can be used to visualize distributions for external datasources. The subtotals widget is still the easiest way to render a pie chart from a worklist. [Dashboards/Pie Charts] The legend on pie charts can be set visible or hidden. When hidden, only the label and value of the currently focused wedge will be displayed. This is useful when there are many wedges and displaying the values all the time would clutter the dashboard. [Dashboard/Pie Charts] The value for pie chart wedges can be given a specific type (e.g. seconds elapsed, bytes, number, percentage, decimal) as well as a prefix and/or suffix. This makes it easier to discern units and whether you're looking at frequencies, averages, or sums. [Dashboards/Charts] Added a slight margin to the top and bottom of line charts so their min/max plots aren't cut in half. The y-zero line is also adjusted by -0.5 if it was on an odd numbered pixel, since this gives sharper straight lines w/o anti-aliasing. [Dashboards/Counters/Gauges/Usability] Dashboard counters and gauges may now display their values in 'bytes', which will display human readable units of storage space (e.g. 50KB, 270MB, 4.7GB). [Performance/Platform/Plugins] Prior to version 6.2, viewing the Plugins page in Setup would automatically scan the filesystem for new plugins or updates. This had a considerable performance impact because it reloaded every feature and plugin, including some expensive database operations (ACL, translations, etc). The process because generally unnecessary due to the introduction of the Plugin Library in version 5.7. Given those factors, this functionality has now been optimized in two ways: (1) Cerb will only scan for new plugins and changes in the storage/plugins/ directory when visiting the plugin page; (2) only plugins with a new version number in their plugin.xml will be re-synchronized. For most visits to the plugins page there should be a dramatic reduction in the amount of REPLACE queries run against the database. During development, the DEVELOPMENT_MODE flag circumvents this behavior to make it more convenient to edit code and view the results without constantly running the /update page. [Platform/Plugins] Fixed a bug in the DevblocksPlatform::sortObjects() method that forced all numbers to be compared as integers, thus rendering it incapable of properly sorting decimals (e.g. 0.5 and 0.3 were both rounded to zero). Numbers are now properly compared as floating point values. [Platform/Usability/Plugins] Added a 'TB' (terabytes) grouping to the 'bytes' format options and DevblocksPlatform::strPrettyBytes(). [Dashboards/Scatterplots] Multiple series on a dashboard scatterplot widget can now be plotted on independent or shared axes. Independent axes are useful when you want to look for relative trends between series on different scales. Shared axes compares each series on the same scale. [Dashboards/Scatterplots/Usability] Scatterplots now make a clearer distinction between plots from different series by using as a different symbol (e.g. o, +, x, *) as well as color. [Platform/Dependencies] Upgraded to jQuery UI 1.9 from 1.8.18 [CHD-3144] [Autocomplete/Usability] FIXED: Autocompletes overwrite input. [Less]

Payment information for On Demand invoices Currently we are using Freshbooks for our billing purposes. You may log in to the billing site using the following URL: https://webgroupmedia.freshbooks.com While logged into the billing site, you can ... [More] select to pay the invoice online by using either Paypal or a credit card. If you choose to pay with a credit card, you can also select that same card to be used to pay your invoice every month as well. I used to have recurring billing already set with you guys, what happened? Over the past year, we transitioned from using Ubersmith to Freshbooks. That meant we couldn't transfer any existing recurring payments over because we do not host the billing sites ourselves, nor would you probably want your credit card information being transferred via a database dump either. We apologize for any inconvenience this has caused you. [Less]

Payment information for On Demand invoices Currently we are using Freshbooks for our billing purposes. You may log in to the billing site using the following URL: https://webgroupmedia.freshbooks.com While logged into the billing site, you can ... [More] select to pay the invoice online by using either Paypal or a credit card. If you choose to pay with a credit card, you can also select that same card to be used to pay your invoice every month as well. I used to have recurring billing already set with you guys, what happened? Over the past year, we transitioned from using Ubersmith to Freshbooks. That meant we couldn't transfer any existing recurring payments over because we do not host the billing sites ourselves, nor would you probably want your credit card information being transferred via a database dump either. We apologize for any inconvenience this has caused you. [Less]

Payment information for On Demand invoices Currently we are using Freshbooks for our billing purposes. You may log in to the billing site using the following URL: https://webgroupmedia.freshbooks.com While logged into the billing site, you can ... [More] select to pay the invoice online by using either Paypal or a credit card. If you choose to pay with a credit card, you can also select that same card to be used to pay your invoice every month as well. I used to have recurring billing already set with you guys, what happened? Over the past year, we transitioned from using Ubersmith to Freshbooks. That meant we couldn't transfer any existing recurring payments over because we do not host the billing sites ourselves, nor would you probably want your credit card information being transferred via a database dump either. We apologize for any inconvenience this has caused you. [Less]

Payment information for On Demand invoices Currently we are using Freshbooks for our billing purposes. You may log in to the billing site using the following URL: https://webgroupmedia.freshbooks.com While logged into the billing site, you can ... [More] select to pay the invoice online by using either Paypal or a credit card. If you choose to pay with a credit card, you can also select that same card to be used to pay your invoice every month as well. I used to have recurring billing already set with you guys, what happened? Over the past year, we transitioned from using Ubersmith to Freshbooks. That meant we couldn't transfer any existing recurring payments over because we do not host the billing sites ourselves, nor would you probably want your credit card information being transferred via a database dump either. We apologize for any inconvenience this has caused you. [Less]

Introduction LDAP (Lightweight Directory Access Protocol) is a service designed to share contact information between applications. It is often used to provide centrally managed corporate account information. A single login/password combination can ... [More] allow access to various applications, and it only needs to be changed in a single place to take effect everywhere. We provide a plugin for LDAP integration with Cerb. This article explains how to use it. Instructions Prerequisites This plugin requires the LDAP PHP extension. This is usually available through the package manager for your distribution. On Debian/Ubuntu: sudo apt-get install php5-ldap Installing the plugin The plugin needs to be installed in the storage/plugins/ directory of your Cerb5 installation. Change directory to /path/to/cerb5/storage/plugins Run the command: git clone git://github.com/cerb5-plugins/wgm.ldap.git Enabling the plugin The plugin can be enabled from the web interface. Open Cerb5 in your web browser. Click Setup->Plugins. Enable the [Cerb5] LDAP Integration plugin and click the Save Changes button. Configuring the plugin You should substitute your own LDAP connection details during this section. Click the Plugins menu and select LDAP from the list. Enter your LDAP settings: Click the Save Changes button. Your connection information will be verified when you save it. Enabling LDAP logins for workers A worker account needs to exist in Cerb5 with an associated email address that matches their contact record in your LDAP directory. A new LDAP option will appear on the login form: The worker should enter their email address and the password on file in your LDAP directory. Enabling LDAP logins in the Support Center Unlike worker authentication, contacts will be automatically created in your Support Center during their first login if they exist in your LDAP directory. Additionally, their given name and surname will be imported if available. Configuring your Support Center profile Navigate to Setup->Community Portals->Configure. Select the Support Center where you want to enable LDAP logins. On the Settings tab, scroll to the Login section and select LDAP for the "Authenticate logins using these methods:" option. This can be set exclusively, or in conjunction with other login methods. Click the Save Changes button. Logging in Contacts from your LDAP address book should now be able to log in using their existing email address and password. Next Steps Alternate credentials With a relatively simple modification to the plugin's code you could change the login credentials from email/password to any other combination. For example, your users may be familiar with using a screen name or account number instead of an email address. Multi-factor authentication You could also modify the plugin's code to use multi-factor authentication for improved security. Two-factor security, for instance, is comprised of "something you know" and "something you have". For example, at an ATM (automated bank-teller machine), you have an access card and know a secret PIN number. You generally cannot use the ATM to access your account without both factors. Other accounts may also require a security token in addition to a login and password. [Less]