| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | <?xml version="1.0" encoding="UTF-8"?> | 
					
						
							|  |  |  | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" | 
					
						
							|  |  |  | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> | 
					
						
							|  |  |  | <book> | 
					
						
							|  |  |  |   <title>LDAP Account Manager - Manual</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   <preface> | 
					
						
							|  |  |  |     <title>Overview</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LDAP Account Manager (LAM) manages user, group and host accounts in | 
					
						
							|  |  |  |     an LDAP directory. LAM runs on any webserver with PHP5 support and | 
					
						
							|  |  |  |     connects to your LDAP server unencrypted or via SSL/TLS.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-29 16:44:58 +00:00
										 |  |  |     <para>LAM supports Samba 3, Unix, Zarafa, Kolab 2/3, address book entries, | 
					
						
							| 
									
										
										
										
											2013-01-27 19:31:32 +00:00
										 |  |  |     NIS mail aliases, MAC addresses and much more. There is a tree viewer | 
					
						
							|  |  |  |     included to allow access to the raw LDAP attributes. You can use templates | 
					
						
							|  |  |  |     for account creation and use multiple configuration profiles.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para><ulink | 
					
						
							| 
									
										
										
										
											2013-01-27 19:31:32 +00:00
										 |  |  |     url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-15 20:48:52 +00:00
										 |  |  |     <para>Copyright (C) 2003 - 2014 Roland Gruber | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  |     <post@rolandgruber.de></para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |     <para><emphasis role="bold">Key features:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <itemizedlist> | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>managing user/group/host/domain entries</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>account profiles</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>account creation via file upload</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>multiple configuration profiles</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							| 
									
										
										
										
											2010-02-16 19:11:10 +00:00
										 |  |  |         <para>LDAP browser</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>schema browser</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>OU editor</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>PDF export for all accounts</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>manage user/group Quota and create home directories</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  |     </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     <para><emphasis role="bold">Requirements:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-08 18:44:00 +00:00
										 |  |  |     <itemizedlist> | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>PHP5 (>= 5.2.4)</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-08 18:44:00 +00:00
										 |  |  |       <listitem> | 
					
						
							| 
									
										
										
										
											2014-02-22 17:28:59 +00:00
										 |  |  |         <para>Any standard LDAP server (e.g. OpenLDAP, Active Directory, Samba | 
					
						
							|  |  |  |         4, OpenDJ, 389 Directory Server, Apache DS, ...)</para> | 
					
						
							| 
									
										
										
										
											2011-01-08 18:44:00 +00:00
										 |  |  |       </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-08 18:44:00 +00:00
										 |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>A recent web browser that supports CSS2 and JavaScript, at | 
					
						
							|  |  |  |         minimum:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Firefox 3</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Internet Explorer 8<emphasis role="bold"> (compatibility | 
					
						
							|  |  |  |             mode turned off)</emphasis></para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Opera 10</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  |     </itemizedlist> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para>The default password to edit the configuration options is | 
					
						
							|  |  |  |     "lam".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">License:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM is published under the GNU General Public License. The complete | 
					
						
							|  |  |  |     list of licenses can be found in the copyright file.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |     <para><emphasis role="bold">Default password:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The default password for the LAM configuration is "lam".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     <literallayout> | 
					
						
							|  |  |  | Have fun! | 
					
						
							|  |  |  |      The LAM development team</literallayout> | 
					
						
							|  |  |  |   </preface> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 20:04:52 +00:00
										 |  |  |   <preface> | 
					
						
							|  |  |  |     <title>Architecture</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>There are basically two groups of users for LAM:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <itemizedlist> | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para><emphasis role="bold">LDAP administrators and support | 
					
						
							|  |  |  |         staff:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>These people administer LDAP entries like user accounts, groups, | 
					
						
							|  |  |  |         ...</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para><emphasis role="bold">Users:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This includes all people who need to manage their own data | 
					
						
							|  |  |  |         inside the LDAP directory. E.g. these people edit their contact | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |         information with LAM self service (LAM Pro).</para> | 
					
						
							| 
									
										
										
										
											2010-02-14 20:04:52 +00:00
										 |  |  |       </listitem> | 
					
						
							|  |  |  |     </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/lam_architecture.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Therefore, LAM is split into two separate parts, LAM for admins and | 
					
						
							|  |  |  |     for users. LAM for admins allows to manage various types of LDAP entries | 
					
						
							|  |  |  |     (e.g. users, groups, hosts, ...). It also contains tools like batch | 
					
						
							|  |  |  |     upload, account profiles, LDAP schema viewer and an LDAP browser. LAM for | 
					
						
							|  |  |  |     users focuses on end users. It provides a self service for the users to | 
					
						
							|  |  |  |     edit their personal data (e.g. contact information). The LAM administrator | 
					
						
							|  |  |  |     is able to specify what data may be changed by the users. The design is | 
					
						
							|  |  |  |     also adaptable to your corporate design.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM for admins/users is accessible via HTTP(S) by all major web | 
					
						
							|  |  |  |     browsers (Firefox, IE, Opera, ...).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">LAM runtime environment:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM runs on PHP. Therefore, it is independant of CPU architecture | 
					
						
							|  |  |  |     and operating system (OS). You can run LAM on any OS which supports Apache | 
					
						
							|  |  |  |     or other PHP compatible web servers.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Home directory server:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>You can manage user home directories and their quotas inside LAM. | 
					
						
							|  |  |  |     The home directories may reside on the server where LAM is installed or | 
					
						
							|  |  |  |     any remote server. The commands for home directory management are secured | 
					
						
							|  |  |  |     by SSH. LAM will use the user name and password of the logged in LAM | 
					
						
							|  |  |  |     administrator for authentication.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">LDAP directory:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM connects to your LDAP server via standard LDAP protocol. It also | 
					
						
							|  |  |  |     supports encrypted connections with SSL and TLS.</para> | 
					
						
							|  |  |  |   </preface> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |   <chapter id="a_installation"> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     <title>Installation</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section id="a_install"> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |       <title>New installation</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Requirements</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM has the following requirements to run:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Apache webserver (SSL recommended) with PHP module (PHP 5 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |             (>= 5.2.4) with ldap, gettext, xml, openssl and optional | 
					
						
							|  |  |  |             mcrypt)</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Some LAM plugins may require additional PHP extensions (you | 
					
						
							|  |  |  |             will get a note on the login page if something is missing)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Perl (optional, needed only for lamdaemon)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							| 
									
										
										
										
											2014-02-22 13:02:26 +00:00
										 |  |  |             <para>Any standard LDAP server (e.g. OpenLDAP, Active Directory, | 
					
						
							|  |  |  |             Samba 4, OpenDJ, 389 Directory Server, Apache DS, ...)</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							| 
									
										
										
										
											2011-05-06 15:44:18 +00:00
										 |  |  |             <para>A recent web browser that supports CSS2 and JavaScript, at | 
					
						
							|  |  |  |             minimum:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <para><itemizedlist> | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Firefox 3</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Internet Explorer 8 <emphasis | 
					
						
							|  |  |  |                   role="bold">(compatibility mode turned | 
					
						
							|  |  |  |                   off)</emphasis></para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Opera 10</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  |               </itemizedlist></para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>MCrypt will be used to store your LDAP password encrypted in the | 
					
						
							|  |  |  |         session file.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-10 10:04:56 +00:00
										 |  |  |         <para>Please note that LAM does not ship with a selinux policy. Please | 
					
						
							|  |  |  |         disable selinux or create your own policy.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         <para>See <link linkend="a_schema">LDAP schema fles</link> for | 
					
						
							|  |  |  |         information about used LDAP schema files.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Prepackaged releases</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM is available as prepackaged version for various | 
					
						
							|  |  |  |         platforms.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Debian</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <informaltable frame="none" tabstyle="noborder"> | 
					
						
							|  |  |  |             <tgroup cols="2"> | 
					
						
							|  |  |  |               <tbody> | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry><inlinemediaobject> | 
					
						
							|  |  |  |                       <imageobject> | 
					
						
							|  |  |  |                         <imagedata fileref="images/debian.png" /> | 
					
						
							|  |  |  |                       </imageobject> | 
					
						
							|  |  |  |                     </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>LAM is part of the official Debian repository. New | 
					
						
							| 
									
										
										
										
											2010-07-14 16:24:07 +00:00
										 |  |  |                   releases are uploaded to unstable and will be available | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                   automatically in testing and the stable releases. You can | 
					
						
							|  |  |  |                   run<literal> </literal><para><emphasis role="bold">apt-get | 
					
						
							|  |  |  |                   install ldap-account-manager</emphasis></para>to install LAM | 
					
						
							| 
									
										
										
										
											2010-07-14 16:24:07 +00:00
										 |  |  |                   on your server. Additionally, you may download the latest | 
					
						
							|  |  |  |                   LAM Debian packages from the <ulink type="" | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                   url="http://www.ldap-account-manager.org/">LAM | 
					
						
							|  |  |  |                   homepage</ulink> or the <ulink | 
					
						
							|  |  |  |                   url="http://packages.debian.org/search?keywords=ldap-account-manager">Debian | 
					
						
							| 
									
										
										
										
											2010-07-14 16:24:07 +00:00
										 |  |  |                   package homepage</ulink>.<para><emphasis | 
					
						
							|  |  |  |                   role="bold">Installation of the latest packages on Debian | 
					
						
							| 
									
										
										
										
											2012-06-06 18:14:32 +00:00
										 |  |  |                   Squeeze</emphasis></para><orderedlist> | 
					
						
							| 
									
										
										
										
											2010-07-14 16:24:07 +00:00
										 |  |  |                       <listitem> | 
					
						
							| 
									
										
										
										
											2012-06-06 18:14:32 +00:00
										 |  |  |                         <para>Install php-fpdf 1.7.dfsg-1 from here:</para> | 
					
						
							| 
									
										
										
										
											2011-02-15 21:03:43 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |                         <para><ulink | 
					
						
							| 
									
										
										
										
											2012-06-06 18:14:32 +00:00
										 |  |  |                         url="http://packages.debian.org/wheezy/all/php-fpdf/download">http://packages.debian.org/wheezy/all/php-fpdf/download</ulink></para> | 
					
						
							| 
									
										
										
										
											2011-02-15 21:03:43 +00:00
										 |  |  |                       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-07-14 16:24:07 +00:00
										 |  |  |                       <listitem> | 
					
						
							|  |  |  |                         <para>Install the LAM package</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                         <para>dpkg -i ldap-account-manager_*.deb</para> | 
					
						
							|  |  |  |                       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                       <listitem> | 
					
						
							|  |  |  |                         <para>Install the lamdaemon package (optional)</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                         <para>dpkg -i | 
					
						
							|  |  |  |                         ldap-account-manager-lamdaemon_*.deb</para> | 
					
						
							|  |  |  |                       </listitem> | 
					
						
							|  |  |  |                     </orderedlist></entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                 </row> | 
					
						
							|  |  |  |               </tbody> | 
					
						
							|  |  |  |             </tgroup> | 
					
						
							|  |  |  |           </informaltable> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Suse/Fedora</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <informaltable frame="none"> | 
					
						
							|  |  |  |             <tgroup cols="2"> | 
					
						
							|  |  |  |               <tbody> | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry><inlinemediaobject> | 
					
						
							|  |  |  |                       <imageobject> | 
					
						
							|  |  |  |                         <imagedata fileref="images/suse.png" /> | 
					
						
							|  |  |  |                       </imageobject> | 
					
						
							|  |  |  |                     </inlinemediaobject><para></para><inlinemediaobject> | 
					
						
							|  |  |  |                       <imageobject> | 
					
						
							|  |  |  |                         <imagedata fileref="images/fedora.png" /> | 
					
						
							|  |  |  |                       </imageobject> | 
					
						
							|  |  |  |                     </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>There are RPM packages available on the <ulink | 
					
						
							|  |  |  |                   type="" url="http://www.ldap-account-manager.org/">LAM | 
					
						
							| 
									
										
										
										
											2011-06-26 10:32:22 +00:00
										 |  |  |                   homepage</ulink>. The packages can be installed with these | 
					
						
							|  |  |  |                   commands:<para><emphasis role="bold">rpm -e | 
					
						
							| 
									
										
										
										
											2011-08-20 16:26:37 +00:00
										 |  |  |                   ldap-account-manager | 
					
						
							|  |  |  |                   ldap-account-manager-lamdaemon</emphasis> (if an older | 
					
						
							|  |  |  |                   version is installed)</para><para><emphasis role="bold">rpm | 
					
						
							|  |  |  |                   -i <path to LAM package></emphasis></para></entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                 </row> | 
					
						
							|  |  |  |               </tbody> | 
					
						
							|  |  |  |             </tgroup> | 
					
						
							|  |  |  |           </informaltable> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Other RPM based distributions</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The RPM packages for Suse/Fedora are very generic and should | 
					
						
							|  |  |  |           be installable on other RPM-based distributions, too. The Fedora | 
					
						
							|  |  |  |           packages use apache:apache as file owner and the Suse ones use | 
					
						
							|  |  |  |           wwwrun:www.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>FreeBSD</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <informaltable frame="none"> | 
					
						
							|  |  |  |             <tgroup cols="2"> | 
					
						
							|  |  |  |               <tbody> | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry><inlinemediaobject> | 
					
						
							|  |  |  |                       <imageobject> | 
					
						
							|  |  |  |                         <imagedata fileref="images/freebsd.png" /> | 
					
						
							|  |  |  |                       </imageobject> | 
					
						
							|  |  |  |                     </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>LAM is part of the official FreeBSD ports tree. For | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |                   more details see these pages:<para>FreeBSD-SVN: <ulink | 
					
						
							|  |  |  |                   url="http://svnweb.freebsd.org/ports/head/sysutils/ldap-account-manager/" | 
					
						
							|  |  |  |                   userlevel="">http://svnweb.freebsd.org/ports/head/sysutils/ldap-account-manager/</ulink></para><para>FreshPorts: | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                   <ulink | 
					
						
							|  |  |  |                   url="http://www.freshports.org/sysutils/ldap-account-manager">http://www.freshports.org/sysutils/ldap-account-manager</ulink></para></entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  |               </tbody> | 
					
						
							|  |  |  |             </tgroup> | 
					
						
							|  |  |  |           </informaltable> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2013-07-23 18:30:14 +00:00
										 |  |  |         <title>Installing the tar.bz2</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Extract the archive</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Please extract the archive with the following command:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-23 18:30:14 +00:00
										 |  |  |           <para>tar xjf ldap-account-manager-<version>.tar.bz2</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Install the files</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <section> | 
					
						
							|  |  |  |             <title>Manual copy</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <para>Copy the files into the html-file scope of the web server. | 
					
						
							|  |  |  |             For example /apache/htdocs.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <para>Then set the appropriate file permissions:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <itemizedlist> | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>lam/sess: write permission for apache user</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>lam/tmp: write permission for apache user</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>lam/config (with subdirectories): write permission for | 
					
						
							|  |  |  |                 apache user</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							| 
									
										
										
										
											2011-05-05 15:34:05 +00:00
										 |  |  |                 <para>lam/lib: lamdaemon.pl must be set executable</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |               </listitem> | 
					
						
							|  |  |  |             </itemizedlist> | 
					
						
							|  |  |  |           </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <section> | 
					
						
							|  |  |  |             <title>With configure script</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <para>Instead of manually copying files you can also use the | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             included configure script to install LAM. Just run these commands | 
					
						
							|  |  |  |             in the extracted directory:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <itemizedlist> | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>./configure</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>make install</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  |             </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <para>Options for "./configure":</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <itemizedlist> | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>--with-httpd-user=USER USER is the name of your Apache | 
					
						
							|  |  |  |                 user account (default httpd)</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>--with-httpd-group=GROUP GROUP is the name of your | 
					
						
							|  |  |  |                 Apache group (default httpd)</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>--with-web-root=DIRECTORY DIRECTORY is the name where | 
					
						
							|  |  |  |                 LAM should be installed (default /usr/local/lam)</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  |             </itemizedlist> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </section> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Configuration files</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-11-21 21:20:00 +00:00
										 |  |  |           <para>Copy config/config.cfg_sample to config/config.cfg and | 
					
						
							| 
									
										
										
										
											2011-11-25 15:22:09 +00:00
										 |  |  |           config/lam.conf_sample to config/lam.conf. Open the index.html in | 
					
						
							|  |  |  |           your web browser:</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <itemizedlist> | 
					
						
							|  |  |  |             <listitem> | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |               <para>Follow the link "LAM configuration" from the start page to | 
					
						
							|  |  |  |               <link linkend="a_configuration">configure LAM</link>.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Select "Edit general settings" to setup global settings | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |               and to change the <link linkend="a_configPasswords">master | 
					
						
							|  |  |  |               configuration password</link> (default is "lam").</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Select "Edit server profiles" to setup your server | 
					
						
							|  |  |  |               profiles. There should be the lam profile which you just copied | 
					
						
							|  |  |  |               from the sample file. The default password is "lam". Now change | 
					
						
							|  |  |  |               the settings to fit for your environment.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  |           </itemizedlist> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>System configuration</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>PHP</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-09-15 19:51:46 +00:00
										 |  |  |           <para>LAM runs with PHP5 (>= 5.2.4). Needed changes in your | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           php.ini:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>memory_limit = 64M</para> | 
					
						
							| 
									
										
										
										
											2010-05-02 17:17:32 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>If you run PHP with activated <ulink | 
					
						
							|  |  |  |           url="http://www.hardened-php.net/suhosin/index.html">Suhosin</ulink> | 
					
						
							|  |  |  |           extension please check your logs for alerts. E.g. LAM requires that | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  |           "suhosin.post.max_name_length" and | 
					
						
							|  |  |  |           "suhosin.request.max_varname_length" are increased (e.g. to | 
					
						
							|  |  |  |           256).</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |           <title>Locales for non-English translation</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>If you want to use a translated version of LAM be sure to | 
					
						
							|  |  |  |           install the needed locales. The following table shows the needed | 
					
						
							|  |  |  |           locales for the different languages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <table> | 
					
						
							|  |  |  |             <title>Locales</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <tgroup cols="2"> | 
					
						
							|  |  |  |               <tbody> | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry><emphasis role="bold">Language</emphasis></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry><emphasis role="bold">Locale</emphasis></entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Catalan</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>ca_ES.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Chinese (Simplified)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>zh_CN.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Chinese (Traditional)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>zh_TW.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Czech</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>cs_CZ.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Dutch</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>nl_NL.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  |                   <entry>English - Great Britain</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |                   <entry>no extra locale needed</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>English - USA</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>en_US.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>French</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>fr_FR.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>German</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>de_DE.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Hungarian</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>hu_HU.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Italian</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>it_IT.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Japanese</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>ja_JP.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Polish</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>pl_PL.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Portuguese</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>pt_BR.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Russian</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>ru_RU.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-23 18:47:21 +00:00
										 |  |  |                 <row> | 
					
						
							| 
									
										
										
										
											2013-06-17 18:43:43 +00:00
										 |  |  |                   <entry>Slovak</entry> | 
					
						
							| 
									
										
										
										
											2012-04-23 18:47:21 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |                   <entry>sk_SK.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Spanish</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>es_ES.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							| 
									
										
										
										
											2013-11-30 15:05:40 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Turkish</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>tr_TR.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |                 <row> | 
					
						
							|  |  |  |                   <entry>Ukrainian</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                   <entry>uk_UA.utf8</entry> | 
					
						
							|  |  |  |                 </row> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |               </tbody> | 
					
						
							|  |  |  |             </tgroup> | 
					
						
							|  |  |  |           </table> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You can get a list of all installed locales on your system by | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |           executing:</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:20:39 +00:00
										 |  |  |           <para>locale -a</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Debian users can add locales with "dpkg-reconfigure | 
					
						
							|  |  |  |           locales".</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |       <title>Upgrading LAM or migrate from LAM to LAM Pro</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |       <para>Upgrading from LAM to LAM Pro is like installing a new LAM | 
					
						
							| 
									
										
										
										
											2013-07-23 18:30:14 +00:00
										 |  |  |       version. Simply install the LAM Pro packages/tar.bz2 instead of the LAM | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |       ones.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <title>Install new version</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <para><emphasis role="bold">Backup configuration | 
					
						
							|  |  |  |         files</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-08 16:14:22 +00:00
										 |  |  |         <para>Configuration files need only to be backed up for .tar.bz2 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         installations. DEB/RPM installations do not require this step.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         <para>LAM stores all configuration files in the "config" folder. | 
					
						
							|  |  |  |         Please backup the following files and copy them after the new version | 
					
						
							|  |  |  |         is installed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <simplelist> | 
					
						
							|  |  |  |           <member>config/*.conf</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <member>config/config.cfg</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <member>config/pdf/*.xml</member> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-06 11:25:45 +00:00
										 |  |  |           <member>config/profiles/*</member> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </simplelist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro only:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <simplelist> | 
					
						
							|  |  |  |           <member>config/selfService/*.*</member> | 
					
						
							|  |  |  |         </simplelist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <para><emphasis role="bold">Uninstall current LAM (Pro) | 
					
						
							|  |  |  |         version</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you used the DEB/RPM installation packages then remove the | 
					
						
							|  |  |  |         ldap-account-manager and ldap-account-manager-lamdaemon | 
					
						
							|  |  |  |         packages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Otherwise, remove the folder where you installed LAM via | 
					
						
							|  |  |  |         configure or by copying the files.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <para><emphasis role="bold">Install new LAM (Pro) | 
					
						
							|  |  |  |         version</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please <link linkend="a_install">install</link> the new LAM | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |         (Pro) release. Skip the part about setting up LAM configuration | 
					
						
							|  |  |  |         files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <para><emphasis role="bold">Restore configuration | 
					
						
							|  |  |  |         files</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This step can be skipped if you installed the DEB/RPM | 
					
						
							|  |  |  |         packages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please restore your configuration files from the backup. Copy | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |         all files from the backup folder to the config folder in your LAM Pro | 
					
						
							|  |  |  |         installation. Do not simply replace the folder because the new LAM | 
					
						
							|  |  |  |         (Pro) release might include additional files in this folder. Overwrite | 
					
						
							|  |  |  |         any existing files with your backup files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-25 18:46:53 +00:00
										 |  |  |         <para><emphasis role="bold">Final steps</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |         <para>Now open your webbrowser and point it to the LAM login page. All | 
					
						
							|  |  |  |         your settings should be migrated.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please check also the <link linkend="a_versUpgrade">version | 
					
						
							|  |  |  |         specific instructions</link>. They might include additional | 
					
						
							|  |  |  |         actions.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |       <section id="a_versUpgrade"> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         <title>Version specific upgrade instructions</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 10:18:35 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>4.4 -> 4.5</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM will no longer follow referrals by default. This is ok for | 
					
						
							|  |  |  |           most installations. If you use LDAP referrals please activate | 
					
						
							|  |  |  |           referral following for your server profile (tab General settings | 
					
						
							|  |  |  |           -> Server settings -> Advanced options).</para> | 
					
						
							| 
									
										
										
										
											2014-01-12 19:58:15 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>The self service pages now have an own option for allowed IPs. | 
					
						
							|  |  |  |           If your LAM installation uses IP restrictions please update the LAM | 
					
						
							|  |  |  |           main configuration.</para> | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Password self reset (LAM Pro) allows to set a backup email | 
					
						
							|  |  |  |           address. You need to <link | 
					
						
							|  |  |  |           linkend="passwordSelfResetSchema_update">update</link> the LDAP | 
					
						
							|  |  |  |           schema if you want to use this feature.</para> | 
					
						
							| 
									
										
										
										
											2014-01-12 10:18:35 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-03 17:17:47 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>4.3 -> 4.4</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-10 10:43:52 +00:00
										 |  |  |           <para>Apache configuration: LAM supports Apache 2.2 and 2.4. This | 
					
						
							|  |  |  |           requires that your Apache server has enabled the "version" module. | 
					
						
							|  |  |  |           For Debian and Fedora this is the default setup. The Suse RPM will | 
					
						
							|  |  |  |           try to enable the version module during installation.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-03 17:17:47 +00:00
										 |  |  |           <para>Kolab: User accounts get the object class "mailrecipient" by | 
					
						
							|  |  |  |           default. You can change this behaviour in the module settings | 
					
						
							|  |  |  |           section of your LAM server profile.</para> | 
					
						
							| 
									
										
										
										
											2013-11-09 13:26:31 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Windows: sAMAccountName is no longer set by default. Enable it | 
					
						
							|  |  |  |           in server profile if needed. The possible domains for the user name | 
					
						
							|  |  |  |           can also be set in server profile.</para> | 
					
						
							| 
									
										
										
										
											2013-11-03 17:17:47 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-23 18:30:14 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>4.2.1 -> 4.3</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM is no more shipped as tar.gz package but as tar.bz2 which | 
					
						
							|  |  |  |           allows smaller file sizes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-23 18:18:44 +00:00
										 |  |  |         <section> | 
					
						
							| 
									
										
										
										
											2013-06-17 18:43:43 +00:00
										 |  |  |           <title>4.1 -> 4.2/4.2.1</title> | 
					
						
							| 
									
										
										
										
											2013-04-23 18:18:44 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Zarafa users: The default attribute for mail aliases is now | 
					
						
							|  |  |  |           "dn". If you use "uid" and did not change the server profile for a | 
					
						
							|  |  |  |           long time please check your LAM server profile for this setting and | 
					
						
							|  |  |  |           save it.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 19:10:04 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>4.0 -> 4.1</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">Unix:</emphasis> The list of valid login | 
					
						
							|  |  |  |           shells is no longer configured in "config/shells" but in the | 
					
						
							|  |  |  |           server/self service profiles (Unix settings). LAM will use the | 
					
						
							|  |  |  |           following shells by default: /bin/bash, /bin/csh, /bin/dash, | 
					
						
							|  |  |  |           /bin/false, /bin/ksh, /bin/sh.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Please update your server/self service profile if you would | 
					
						
							|  |  |  |           like to change the list of valid login shells.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-28 19:41:24 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.9 -> 4.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The account profiles and PDF structures are now separated by | 
					
						
							|  |  |  |           server profile. This means that if you edit e.g. an account profile | 
					
						
							|  |  |  |           in server profile A then this change will not affect the account | 
					
						
							|  |  |  |           profiles in server profile B.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM will automatically migrate your existing files as soon as | 
					
						
							|  |  |  |           the login page is loaded.</para> | 
					
						
							| 
									
										
										
										
											2012-10-29 19:41:22 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Special install instructions:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <itemizedlist> | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Debian: none, config files will be migrated when opening | 
					
						
							|  |  |  |               LAM's login page</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Suse/Fedora RPM:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <itemizedlist> | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Run "rpm -e ldap-account-manager | 
					
						
							|  |  |  |                   ldap-account-manager-lamdaemon"</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>You may get warnings like "warning: | 
					
						
							|  |  |  |                   /var/lib/ldap-account-manager/config/profiles/default.user | 
					
						
							|  |  |  |                   saved as | 
					
						
							|  |  |  |                   /var/lib/ldap-account-manager/config/profiles/default.user.rpmsave"</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Please rename all files "*.rpmsave" and remove the | 
					
						
							|  |  |  |                   file extension ".rpmsave". E.g. "default.user.rpmsave" needs | 
					
						
							|  |  |  |                   to be renamed to "default.user".</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Install the LAM packages with "rpm -i". E.g. "rpm -i | 
					
						
							|  |  |  |                   ldap-account-manager-4.0-0.suse.1.noarch.rpm".</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <listitem> | 
					
						
							|  |  |  |                   <para>Open LAM's login page in your browser to complete the | 
					
						
							|  |  |  |                   migration</para> | 
					
						
							|  |  |  |                 </listitem> | 
					
						
							|  |  |  |               </itemizedlist> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>tar.gz: standard upgrade steps, config files will be | 
					
						
							|  |  |  |               migrated when opening LAM's login page</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  |           </itemizedlist> | 
					
						
							| 
									
										
										
										
											2012-10-28 19:41:24 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-09-22 13:44:16 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.7 -> 3.9</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No changes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.6 -> 3.7</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Asterisk extensions: The extension entries are now grouped by | 
					
						
							|  |  |  |           extension name and account context. LAM will automatically assign | 
					
						
							|  |  |  |           priorities and set same owners for all entries.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-14 17:19:09 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.5.0 -> 3.6</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">Debian users:</emphasis> LAM 3.6 | 
					
						
							|  |  |  |           requires to install FPDF 1.7. You can download the package <ulink | 
					
						
							|  |  |  |           url="http://packages.debian.org/search?keywords=php-fpdf&searchon=names&suite=all&section=all">here</ulink>. | 
					
						
							|  |  |  |           If you use Debian Stable (Squeeze) please use the package from | 
					
						
							|  |  |  |           Testing (Wheezy).</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-26 17:55:37 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.4.0 -> 3.5.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">LAM Pro:</emphasis> The global | 
					
						
							|  |  |  |           config/passwordMailTemplate.txt is no longer supported. You can | 
					
						
							|  |  |  |           setup the mail settings now for each LAM server profile which | 
					
						
							|  |  |  |           provides more flexibility.</para> | 
					
						
							| 
									
										
										
										
											2011-06-26 10:32:22 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">Suse/Fedora RPM | 
					
						
							|  |  |  |           installations:</emphasis> LAM is now installed to | 
					
						
							|  |  |  |           /usr/share/ldap-account-manager and | 
					
						
							|  |  |  |           /var/lib/ldap-account-manager.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Please note that configuration files are not migrated | 
					
						
							|  |  |  |           automatically. Please move the files from /srv/www/htdocs/lam/config | 
					
						
							|  |  |  |           (Suse) or /var/www/html/lam/config (Fedora) to | 
					
						
							|  |  |  |           /var/lib/ldap-account-manager/config.</para> | 
					
						
							| 
									
										
										
										
											2011-04-26 17:55:37 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.3.0 -> 3.4.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No changes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-06 09:40:46 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.2.0 -> 3.3.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>If you use custom images for the PDF export then these images | 
					
						
							|  |  |  |           need to be 5 times bigger than before (e.g. 250x250px instead of | 
					
						
							|  |  |  |           50x50px). This allows to use images with higher resolution.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.1.0 -> 3.2.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No changes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>3.0.0 -> 3.1.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM supported to set a list of valid workstations on the | 
					
						
							|  |  |  |           "Personal" page. This required to change the LDAP schema. Since | 
					
						
							|  |  |  |           3.1.0 this is replaced by the new "Hosts" module for users.</para> | 
					
						
							| 
									
										
										
										
											2010-06-25 15:07:44 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Lamdaemon: The sudo entry needs to be changed to | 
					
						
							|  |  |  |           ".../lamdaemon.pl *".</para> | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>2.3.0 -> 3.0.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No changes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>2.2.0 -> 2.3.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">LAM Pro:</emphasis> There is now a | 
					
						
							|  |  |  |           separate account type for group of (unique) names. Please edit your | 
					
						
							|  |  |  |           server profiles to activate the new account type.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>1.1.0 -> 2.2.0</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No changes.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  |     </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <section id="a_uninstall"> | 
					
						
							| 
									
										
										
										
											2014-03-11 17:11:06 +00:00
										 |  |  |       <title>Uninstallation of LAM (Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>If you used the prepackaged installation packages then remove the | 
					
						
							|  |  |  |       ldap-account-manager and ldap-account-manager-lamdaemon packages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Otherwise, remove the folder where you installed LAM via configure | 
					
						
							|  |  |  |       or by copying the files.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |   <chapter id="a_configuration"> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <title>Configuration</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |     <para>After you <link linkend="a_installation">installed</link> LAM you | 
					
						
							|  |  |  |     can configure it to fit your needs. The complete configuration can be done | 
					
						
							|  |  |  |     inside the application. There is no need to edit configuration | 
					
						
							|  |  |  |     files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Please point you browser to the location where you installed LAM. | 
					
						
							|  |  |  |     E.g. for Debian/RPM this is http://yourServer/lam. If you installed LAM | 
					
						
							| 
									
										
										
										
											2013-07-23 18:30:14 +00:00
										 |  |  |     via the tar.bz2 then this may vary. You should see the following | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |     page:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/login.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>If you see an error message then you might need to install an | 
					
						
							|  |  |  |     additional PHP extension. Please follow the instructions and reload the | 
					
						
							|  |  |  |     page afterwards.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Now you are ready to configure LAM. Click on the "LAM configuration" | 
					
						
							|  |  |  |     link to proceed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/configOverview.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Here you can change LAM's general settings, setup server profiles | 
					
						
							| 
									
										
										
										
											2010-03-01 19:00:21 +00:00
										 |  |  |     for your LDAP server(s) and configure the <link | 
					
						
							|  |  |  |     linkend="a_selfService">self service</link> (LAM Pro). You should start | 
					
						
							|  |  |  |     with the general settings and then setup a server profile.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>General settings</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |       <para>After selecting "Edit general settings" you will need to enter the | 
					
						
							|  |  |  |       <link linkend="a_configPasswords">master configuration password</link>. | 
					
						
							|  |  |  |       The default password for new installations is "lam". Now you can edit | 
					
						
							|  |  |  |       the general settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Security settings</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Here you can set a time period after which inactive sessions are | 
					
						
							|  |  |  |         automatically invalidated. The selected value represents minutes of | 
					
						
							|  |  |  |         inactivity.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You may also set a list of IP addresses which are allowed to | 
					
						
							|  |  |  |         access LAM. The IPs can be specified as full IP (e.g. 123.123.123.123) | 
					
						
							|  |  |  |         or with the "*" wildcard (e.g. 123.123.123.*). Users which try to | 
					
						
							| 
									
										
										
										
											2014-01-12 19:58:15 +00:00
										 |  |  |         access LAM via an untrusted IP only get blank pages. There is a | 
					
						
							|  |  |  |         separate field for LAM Pro self service.</para> | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 11:08:43 +00:00
										 |  |  |         <para id="sessionEncryption">Session encryption will encrypt sensitive | 
					
						
							|  |  |  |         data like passwords in your session files. This is only available when | 
					
						
							|  |  |  |         PHP <ulink url="http://php.net/mcrypt">MCrypt</ulink> is active. This | 
					
						
							|  |  |  |         adds extra security but also costs performance. If you manage a large | 
					
						
							|  |  |  |         directory you might want to disable this and take other actions to | 
					
						
							|  |  |  |         secure your LAM server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para id="conf_sslCert"><emphasis role="bold">SSL certificate | 
					
						
							|  |  |  |         setup:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>By default, LAM uses the CA certificates that are preinstalled | 
					
						
							|  |  |  |         on your system. This will work if you connect via SSL/TLS to an LDAP | 
					
						
							|  |  |  |         server that uses a certificate signed by a well-known CA. In case you | 
					
						
							|  |  |  |         use your own CA (e.g. company internal CA) you can import the CA | 
					
						
							|  |  |  |         certificates here.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please note that this can affect other web applications on the | 
					
						
							| 
									
										
										
										
											2013-08-29 16:44:58 +00:00
										 |  |  |         same server if they require different certificates. There seem to be | 
					
						
							|  |  |  |         problems on Debian systems and you may also need to restart Apache. In | 
					
						
							|  |  |  |         case of any problems please delete the uploaded certificates and use | 
					
						
							|  |  |  |         the <link linkend="ssl_certSystem">system setup</link>.</para> | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>You can either upload a DER/PEM formatted certificate file or | 
					
						
							|  |  |  |         import the certificates directly from an LDAP server that is available | 
					
						
							|  |  |  |         with LDAP+SSL (ldaps://). LAM will automatically override system | 
					
						
							|  |  |  |         certificates if at least one certificate is uploaded/imported.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The whole certificate list can be downloaded in PEM format. You | 
					
						
							|  |  |  |         can also delete single certificates from the list.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please note that you might need to restart your webserver if you | 
					
						
							|  |  |  |         do any changes to this configuration.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Password policy</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This allows you to specify a central password policy for LAM. | 
					
						
							|  |  |  |         The policy is valid for all password fields inside LAM admin | 
					
						
							|  |  |  |         (excluding tree view) and LAM self service. Configuration passwords do | 
					
						
							|  |  |  |         not need to follow this policy.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can set the minimum password length and also the complexity | 
					
						
							|  |  |  |         of the passwords.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Logging</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM can log events (e.g. user logins). You can use system | 
					
						
							|  |  |  |         logging (syslog for Unix, event viewer for Windows) or log to a | 
					
						
							|  |  |  |         separate file. Please note that LAM may log sensitive data (e.g. | 
					
						
							| 
									
										
										
										
											2013-10-18 17:43:09 +00:00
										 |  |  |         passwords) at log level "Debug". Production systems should be set to | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |         "Warning" or "Error".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-18 17:43:09 +00:00
										 |  |  |         <para>The PHP error reporting is only for developers. By default LAM | 
					
						
							|  |  |  |         does not show PHP notice messages in the web pages. You can select to | 
					
						
							|  |  |  |         use the php.ini setting here.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-16 16:48:59 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Additional options</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para id="mailEOL"><emphasis role="bold">Email | 
					
						
							|  |  |  |         format</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Some email servers are not standards compatible. If you receive | 
					
						
							|  |  |  |         mails that look broken you can change the line endings for sent mails | 
					
						
							|  |  |  |         here. Default is to use "\r\n".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>At the moment, this option is only available in LAM Pro as there | 
					
						
							| 
									
										
										
										
											2014-01-12 15:27:07 +00:00
										 |  |  |         is no mail sending in the free version. See <link | 
					
						
							|  |  |  |         linkend="mailSetup">here</link> for setting up your SMTP | 
					
						
							|  |  |  |         server.</para> | 
					
						
							| 
									
										
										
										
											2013-10-16 16:48:59 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral6.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Change master password</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you would like to change the master configuration password | 
					
						
							|  |  |  |         then enter a new password here.</para> | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Server profiles</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |       <para>The server profiles store information about your LDAP server (e.g. | 
					
						
							|  |  |  |       host name) and what kind of accounts (e.g. users and groups) you would | 
					
						
							| 
									
										
										
										
											2010-07-29 20:04:47 +00:00
										 |  |  |       like to manage. There is no limit on the number of server profiles. See | 
					
						
							|  |  |  |       the <link linkend="confTypicalScenarios">typical scenarios</link> about | 
					
						
							|  |  |  |       how to structure your server profiles.</para> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Manage server profiles</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Select "Manage server profiles" to open the profile management | 
					
						
							|  |  |  |         page.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |               <imagedata fileref="images/configProfiles1.png" /> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Here you can create, rename and delete server profiles. The | 
					
						
							|  |  |  |         <link linkend="a_configPasswords">passwords</link> of your server | 
					
						
							|  |  |  |         profiles can also be reset.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You may also specify the default server profile. This is the | 
					
						
							|  |  |  |         server profile which is preselected at the login page. It also | 
					
						
							|  |  |  |         specifies the language of the login and configuration pages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configProfiles2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can create a new server profile by simply entering its name | 
					
						
							|  |  |  |         and password. After you created a new profile you can go back to the | 
					
						
							|  |  |  |         profile login and edit your new server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>All operations on the profile management page require that you | 
					
						
							|  |  |  |         authenticate yourself with the <link | 
					
						
							|  |  |  |         linkend="a_configPasswords">configuration master | 
					
						
							|  |  |  |         password</link>.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Editing a server profile</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please select you server profile and enter its password to edit | 
					
						
							|  |  |  |         a server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configProfiles3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Each server profile contains the following information:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para><emphasis role="bold">General settings:</emphasis> general | 
					
						
							|  |  |  |             settings about your LDAP server (e.g. host name and security | 
					
						
							|  |  |  |             settings)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para><emphasis role="bold">Account types:</emphasis> list of | 
					
						
							|  |  |  |             account types (e.g. users and groups) that you would like to | 
					
						
							|  |  |  |             manage and type specific settings (e.g. LDAP suffix)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para><emphasis role="bold">Modules:</emphasis> list of modules | 
					
						
							|  |  |  |             which define what account aspects (e.g. Unix, Samba, Kolab) you | 
					
						
							|  |  |  |             would like to manage</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para><emphasis role="bold">Module settings:</emphasis> settings | 
					
						
							|  |  |  |             which are specific for the selected account modules on the page | 
					
						
							|  |  |  |             before</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |         <section id="general_settings"> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |           <title>General settings</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Here you can specify the LDAP server and some security | 
					
						
							|  |  |  |           settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configProfiles4.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The server address of your LDAP server can be a DNS name or an | 
					
						
							|  |  |  |           IP address. Use ldap:// for unencrypted LDAP connections or TLS | 
					
						
							|  |  |  |           encrypted connections. LDAP+SSL (LDAPS) encrypted connections are | 
					
						
							|  |  |  |           specified with ldaps://. The port value is optional. TLS cannot be | 
					
						
							|  |  |  |           combined with ldaps://.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM includes an LDAP browser which allows direct modification | 
					
						
							|  |  |  |           of LDAP entries. If you would like to use it then enter the LDAP | 
					
						
							|  |  |  |           suffix at "Tree suffix".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-23 21:23:25 +00:00
										 |  |  |           <para>The search limit is used to reduce the number of search | 
					
						
							|  |  |  |           results which are returned by your LDAP server.</para> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>The access level specifies if LAM should allow to modify LDAP | 
					
						
							|  |  |  |           entries. This feature is only available in LAM Pro. LAM non-Pro | 
					
						
							|  |  |  |           releases use write access. See <link | 
					
						
							|  |  |  |           linkend="a_accessLevelPasswordReset">this page</link> for details on | 
					
						
							|  |  |  |           the different access levels.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 10:18:35 +00:00
										 |  |  |           <para>By default LAM will not follow LDAP referrals. This is ok for | 
					
						
							|  |  |  |           most installations. If you use LDAP referrals please activate the | 
					
						
							|  |  |  |           referral option in advanced settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configProfiles5.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM is translated to many different languages. Here you can | 
					
						
							|  |  |  |           select the default language for this server profile. The language | 
					
						
							|  |  |  |           setting may be overriden at the LAM login page.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configProfiles6.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM can manage user home directories and quotas with an | 
					
						
							|  |  |  |           external script. You can specify the home directory server and where | 
					
						
							|  |  |  |           the script is located. The default rights for new home directories | 
					
						
							|  |  |  |           can be set, too.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-10 19:16:37 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configProfiles9.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM Pro users can send out changed passwords to their users. | 
					
						
							|  |  |  |           Here you can specify the options for these mails.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>If you select "Allow alternate address" then password mails | 
					
						
							|  |  |  |           can be sent to any address (e.g. a secondary address if the user | 
					
						
							|  |  |  |           account is also bound to the mailbox).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							| 
									
										
										
										
											2011-08-23 19:05:05 +00:00
										 |  |  |                 <imagedata fileref="images/configProfiles8.png" /> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-23 19:05:05 +00:00
										 |  |  |           <para>LAM supports two methods for login. The first one is to | 
					
						
							|  |  |  |           specify a fixed list of LDAP DNs that are allowed to login. Please | 
					
						
							|  |  |  |           enter one DN per line.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The second one is to let LAM search for the DN in your | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |           directory. E.g. if a user logs in with the user name "joe" then LAM | 
					
						
							|  |  |  |           will do an LDAP search for this user name. When it finds a matching | 
					
						
							|  |  |  |           DN then it will use this to authenticate the user. The wildcard | 
					
						
							|  |  |  |           "%USER%" will be replaced by "joe" in this example. This way you can | 
					
						
							|  |  |  |           provide login by user name, email address or other LDAP | 
					
						
							|  |  |  |           attributes.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-23 19:05:05 +00:00
										 |  |  |           <para>Additionally, you can enable HTTP authentication when using | 
					
						
							|  |  |  |           "LDAP search". This way the web server is responsible to | 
					
						
							|  |  |  |           authenticate your users. LAM will use the given user name + password | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           for the LDAP login. You can also configure this to setup advanced | 
					
						
							|  |  |  |           login restrictions (e.g. require group memberships for login). To | 
					
						
							|  |  |  |           setup HTTP authentication in Apache please see this <ulink | 
					
						
							|  |  |  |           url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink> | 
					
						
							| 
									
										
										
										
											2013-02-09 13:56:47 +00:00
										 |  |  |           and an example for LDAP authentication <link lang="" | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           linkend="apache_http_auth">here</link>.</para> | 
					
						
							| 
									
										
										
										
											2011-08-23 19:05:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-09 13:56:47 +00:00
										 |  |  |           <para><emphasis role="bold">Hint:</emphasis> LDAP search with group | 
					
						
							|  |  |  |           membership check can be done with either <link | 
					
						
							|  |  |  |           linkend="apache_http_auth">HTTP authentication</link> or LDAP | 
					
						
							|  |  |  |           overlays like <ulink | 
					
						
							| 
									
										
										
										
											2013-02-12 17:27:08 +00:00
										 |  |  |           url="http://www.openldap.org/doc/admin24/overlays.html">"memberOf"</ulink> | 
					
						
							|  |  |  |           or <ulink | 
					
						
							| 
									
										
										
										
											2013-02-09 13:56:47 +00:00
										 |  |  |           url="http://www.openldap.org/doc/admin24/overlays.html">"Dynamic | 
					
						
							|  |  |  |           lists"</ulink>. Dynamic lists allow to insert virtual attributes to | 
					
						
							|  |  |  |           your user entries. These can then be used for the LDAP filter (e.g. | 
					
						
							|  |  |  |           "(&(uid=%USER%)(memberof=cn=admins,ou=groups,dc=company,dc=com))").</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-23 19:05:05 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configProfiles7.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You may also change the password of this server profile. | 
					
						
							|  |  |  |           Please just enter the new password in both password fields.</para> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Account types</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-01 19:00:21 +00:00
										 |  |  |           <para>LAM supports to manage various types of LDAP entries (e.g. | 
					
						
							|  |  |  |           users, groups, DHCP entries, ...). On this page you can select which | 
					
						
							|  |  |  |           types of entries you want to manage with LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configTypes1.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The section at the top shows a list of possible types. You can | 
					
						
							|  |  |  |           activate them by simply clicking on the plus sign next to it.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Each account type has the following options:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <itemizedlist> | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">LDAP suffix:</emphasis> the LDAP | 
					
						
							|  |  |  |               suffix where entries of this type should be managed</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">List attributes:</emphasis> a list | 
					
						
							|  |  |  |               of attributes which are shown in the account lists</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							| 
									
										
										
										
											2013-01-05 12:33:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">Additional LDAP filter:</emphasis> | 
					
						
							|  |  |  |               LAM will automatically detect the right LDAP entries for each | 
					
						
							|  |  |  |               account type. This can be used to further limit the number of | 
					
						
							|  |  |  |               visible entries (e.g. if you want to manage only some specific | 
					
						
							| 
									
										
										
										
											2013-01-27 19:31:32 +00:00
										 |  |  |               groups). You can use "@@LOGIN_DN@@" as wildcard (e.g. | 
					
						
							|  |  |  |               "(owner=@@LOGIN_DN@@)"). It will be replaced by the DN of the | 
					
						
							|  |  |  |               user who is logged in.</para> | 
					
						
							| 
									
										
										
										
											2013-01-05 12:33:25 +00:00
										 |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">Hidden:</emphasis> This is used to | 
					
						
							|  |  |  |               hide account types that should not be displayed but are required | 
					
						
							|  |  |  |               by other account types. E.g. you can hide the Samba domains | 
					
						
							|  |  |  |               account type and still assign domains when you edit your | 
					
						
							|  |  |  |               users.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							| 
									
										
										
										
											2013-05-01 12:43:45 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-15 20:48:52 +00:00
										 |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">Read-only (LAM Pro only):</emphasis> | 
					
						
							|  |  |  |               This allows to set a single account type to read-only mode. | 
					
						
							|  |  |  |               Please note that this is a restriction on functional level (e.g. | 
					
						
							|  |  |  |               group memberships can be changed on user page even if groups are | 
					
						
							|  |  |  |               read-only) and is no replacement for setting up proper ACLs on | 
					
						
							|  |  |  |               your LDAP server.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">Custom label:</emphasis> Here you | 
					
						
							|  |  |  |               can set a custom label for the account types. Use this if the | 
					
						
							|  |  |  |               standard label does not fit for you (e.g. enter "Servers" for | 
					
						
							|  |  |  |               hosts).</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-01 12:43:45 +00:00
										 |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">No new entries (LAM Pro | 
					
						
							|  |  |  |               only):</emphasis> Use this if you want to prevent that new | 
					
						
							|  |  |  |               accounts of this type are created by your users. The GUI will | 
					
						
							|  |  |  |               hide buttons to create new entries and also disable file upload | 
					
						
							|  |  |  |               for this type.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para><emphasis role="bold">Disallow delete (LAM Pro | 
					
						
							|  |  |  |               only):</emphasis> Use this if you want to prevent that accounts | 
					
						
							|  |  |  |               of this type are deleted by your users.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							| 
									
										
										
										
											2010-03-01 19:00:21 +00:00
										 |  |  |           </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configTypes2.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>On the next page you can specify in detail what extensions | 
					
						
							|  |  |  |           should be enabled for each account type.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Modules</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The modules specify the active extensions for each account | 
					
						
							|  |  |  |           type. E.g. here you can setup if your user entries should be address | 
					
						
							|  |  |  |           book entries only or also support Unix or Samba.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configModules1.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Each account type needs a so called "base module". This is the | 
					
						
							|  |  |  |           basement for all LDAP entries of this type. Usually, it provides the | 
					
						
							|  |  |  |           structural object class for the LDAP entries. There must be exactly | 
					
						
							|  |  |  |           one active base module for each account type.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Furthermore, there may be any number of additional active | 
					
						
							|  |  |  |           account modules. E.g. you may select "Personal" as base module and | 
					
						
							|  |  |  |           Unix + Samba as additional modules.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Module settings</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Depending on the activated account modules there may be | 
					
						
							|  |  |  |           additional configuration options available. They can be found on the | 
					
						
							|  |  |  |           "Module settings" tab. E.g. the Personal account module allows to | 
					
						
							|  |  |  |           hide several input fields and the Unix module requires to specify | 
					
						
							|  |  |  |           ranges for UID numbers.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/configSettings1.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-07-29 20:04:47 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section id="confTypicalScenarios"> | 
					
						
							|  |  |  |         <title>Typical scenarios</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This is a list of typical scenarios how your LDAP environment | 
					
						
							|  |  |  |         may look like and how to structure the server profiles for it.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Simple: One LDAP directory managed by a small group of | 
					
						
							|  |  |  |           admins</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>This is the easiest and most common scenario. You want to | 
					
						
							|  |  |  |           manage a single LDAP server and there is only one or a few admins. | 
					
						
							|  |  |  |           In this case just create one server profile and you are done. The | 
					
						
							|  |  |  |           admins may be either specified as a fixed list or by using an LDAP | 
					
						
							|  |  |  |           search at login time.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/LDAPStructuresSimple.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Advanced: One LDAP server which is managed by different admin | 
					
						
							|  |  |  |           groups</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Large organisations may have one big LDAP directory for all | 
					
						
							|  |  |  |           user/group accounts. But the users are managed by different groups | 
					
						
							|  |  |  |           of admins (e.g. departments, locations, subsidiaries, ...). The | 
					
						
							|  |  |  |           users are typically divided into organisational units in the LDAP | 
					
						
							|  |  |  |           tree. Admins may only manage the users in their part of the | 
					
						
							|  |  |  |           tree.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/LDAPStructuresAdvanced.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>In this situation it is recommended to create one server | 
					
						
							|  |  |  |           profile for each admin group (e.g. department). Setup the LDAP | 
					
						
							|  |  |  |           suffixes in the server profiles to point to the needed | 
					
						
							|  |  |  |           organisational units. E.g. use | 
					
						
							|  |  |  |           ou=people,ou=department1,dc=company,dc=com or | 
					
						
							|  |  |  |           ou=department1,ou=people,dc=company,dc=com as LDAP suffix for users. | 
					
						
							|  |  |  |           Do the same for groups, hosts, ... This way each admin group will | 
					
						
							|  |  |  |           only see its own users. You may want to use LDAP search for the LAM | 
					
						
							|  |  |  |           login in this scenario. This will prevent that you need to update a | 
					
						
							|  |  |  |           server profile if the number of admins changes.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para><emphasis role="bold">Attention:</emphasis> LAM's feature to | 
					
						
							|  |  |  |           automatically find free UIDs/GIDs for new users/groups will not work | 
					
						
							|  |  |  |           in this case. LAM uses the user/group suffix to search for already | 
					
						
							|  |  |  |           assigned UIDs/GIDs. As an alternative you can specify different | 
					
						
							|  |  |  |           UID/GID ranges for each department. Then the UIDs/GIDs will stay | 
					
						
							|  |  |  |           unique for the whole directory.</para> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Multiple LDAP servers</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You can manage as many LDAP servers with LAM as you wish. This | 
					
						
							|  |  |  |           scenario is similar to the advanced scenario above. Just create one | 
					
						
							|  |  |  |           server profile for each LDAP server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/LDAPStructuresMultiServer.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Single LDAP directory with lots of users (>10 000)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM was tested to work with 10 000 users. If you have a lot | 
					
						
							|  |  |  |           more users then you have basically two options.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <itemizedlist> | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Divide your LDAP tree in organisational units: This is | 
					
						
							|  |  |  |               usually the best performing option. Put your accounts in several | 
					
						
							|  |  |  |               organisational units and setup LAM as in the advanced scenario | 
					
						
							|  |  |  |               above.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <listitem> | 
					
						
							|  |  |  |               <para>Increase memory limit: Increase the memory_limit parameter | 
					
						
							|  |  |  |               in your php.ini. This will allow LAM to read more entries. But | 
					
						
							|  |  |  |               this will slow down the response times of LAM.</para> | 
					
						
							|  |  |  |             </listitem> | 
					
						
							|  |  |  |           </itemizedlist> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   <chapter> | 
					
						
							|  |  |  |     <title>Managing entries in your LDAP directory</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>This chapter will give you instructions how to manage the different | 
					
						
							|  |  |  |     LDAP entries in your directory.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Please note that not all account types are manageable with the free | 
					
						
							| 
									
										
										
										
											2013-05-20 09:28:34 +00:00
										 |  |  |     LAM release. LAM Pro provides some more account types (e.g. group of | 
					
						
							|  |  |  |     names, aliases, ...) and modules (e.g. Zarafa, custom scripts, ...) to | 
					
						
							|  |  |  |     support additional LDAP object classes. All LAM Pro features are marked in | 
					
						
							|  |  |  |     this manual.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     <para><emphasis role="bold">Basic page layout:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>After the login LAM will present you its main page. It consists of a | 
					
						
							|  |  |  |     header part which is equal for all pages and the content area which covers | 
					
						
							|  |  |  |     most the of the page.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The header part includes the links to manage all account types (e.g. | 
					
						
							|  |  |  |     users and groups) and open the tree view (LDAP browser). There is also the | 
					
						
							|  |  |  |     logout link and a tools entry.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>When you login the you will see an account listing in the content | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |     area.</para> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/mainpage.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Here you can create, delete and modify accounts. Use the action | 
					
						
							|  |  |  |     buttons at the left or double click on an entry to edit it.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The suffix selection box allows you to list only the accounts which | 
					
						
							|  |  |  |     are located in a subtree of your LDAP directory.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/listConfig.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>You can change the number of shown entries per page with "Change | 
					
						
							|  |  |  |     settings". Depending on the account type there may be additional settings. | 
					
						
							|  |  |  |     E.g. the user list can convert group numbers to group names.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>When you select to edit an entry then LAM will show all its data on | 
					
						
							|  |  |  |     a tabbed view. There is one tab for each functional part of the account. | 
					
						
							|  |  |  |     You can set default values by loading an <link | 
					
						
							|  |  |  |     linkend="a_accountProfile">account profile</link>.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/editView.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-20 09:28:34 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Typical usage scenarios</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Here is a list of typical usage scenarios and what account types | 
					
						
							|  |  |  |       and modules you need to configure.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Address book entries:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Unix accounts:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal + Unix)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Unix (posixGroup))</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Suse users may need to use Group (Group of names + Unix | 
					
						
							|  |  |  |       (rfc2307bisPosixGroup)) because of Suse's special LDAP schema.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Samba 3 accounts:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal + User + Samba 3)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Unix + Samba 3)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Hosts (Account + Unix + Samba 3)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Samba domains (Samba domain)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-12 19:39:51 +00:00
										 |  |  |       <para><emphasis role="bold">Samba 4/Active Directory:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-05-20 09:28:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Windows)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Windows)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Hosts (Windows)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please note that must change the attributes that are shown in the | 
					
						
							|  |  |  |       account lists. Otherwise, the account tables will show empty lines. See | 
					
						
							|  |  |  |       the documentation for the Windows user/group/host modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>For Samba 4 with Zarafa use the following modules:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Windows + Zarafa (+ Zarafa contact))</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Windows + Zarafa)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Hosts (Windows + Zarafa)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Zarafa dynamic groups (Zarafa dynamic group)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Zarafa address lists (Zarafa address list)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>See also the <link linkend="s_zarafa">Zarafa</link> section for | 
					
						
							|  |  |  |       additional settings (e.g. using Zarafa AD schema).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Asterisk:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal + Asterisk)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Asterisk extensions (Asterisk extension)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Zarafa:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal + Unix + Zarafa (+ Zarafa contact))</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Unix + Zarafa)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Zarafa dynamic groups (Zarafa dynamic group)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Zarafa address lists (Zarafa address list)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Hosts (Device + Zarafa + IP Address)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">PyKota:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Account types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Users (Personal + Unix + PyKota)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Groups (Unix + PyKota)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Printers (PyKota)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Billing codes (PyKota)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							| 
									
										
										
										
											2013-05-20 09:28:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Users</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-09 14:06:48 +00:00
										 |  |  |       <para>LAM manages various types of user accounts. This includes address | 
					
						
							|  |  |  |       book entries, Unix, Samba, Zarafa and much more.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Account list settings:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The user list includes two special options to change how your | 
					
						
							|  |  |  |       users are displayed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userListOptions.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis>Translate GID number to group name:</emphasis> By | 
					
						
							|  |  |  |       default the user list can show the primary group IDs (GIDs) of your | 
					
						
							|  |  |  |       users. There are often cases where it is more suitable to show the group | 
					
						
							|  |  |  |       name instead. This can be done by activating this option. Please note | 
					
						
							|  |  |  |       that LAM will execute more LDAP queries which may result in decreased | 
					
						
							|  |  |  |       performance.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userListOptionTransPrimary.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis>Show account status:</emphasis> If you activate this | 
					
						
							|  |  |  |       option then there will be an additional column displayed that shows if | 
					
						
							|  |  |  |       the account is locked. You can see more details when moving the mouse | 
					
						
							|  |  |  |       cursor over the lock icon. This function supports Unix, Samba and | 
					
						
							|  |  |  |       PPolicy.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userListOptionAccountStatus.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Quick account (un)locking:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>When you edit an user then LAM supports to quickly lock/unlock the | 
					
						
							|  |  |  |       whole account. This includes Unix, Samba and PPolicy. LAM can also | 
					
						
							|  |  |  |       remove group memberships if an account is locked.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You will see the current status of all account parts in the title | 
					
						
							|  |  |  |       area of the account.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userAccountStatus1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you click on the lock icon then a dialog will be opened to | 
					
						
							|  |  |  |       change these values. Depending on which parts are locked LAM will | 
					
						
							|  |  |  |       provide options to lock/unlock account parts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userAccountStatus2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/userAccountStatus3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Personal</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This module is the most common basis for user accounts in LAM. | 
					
						
							|  |  |  |         You can use it stand-alone to manage address book entries or in | 
					
						
							|  |  |  |         combination with Unix, Samba or other modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The Personal module provides support for managing various | 
					
						
							|  |  |  |         personal data of your users including mail addresses and telephone | 
					
						
							| 
									
										
										
										
											2014-01-20 16:35:37 +00:00
										 |  |  |         numbers. You can also add photos of your users (please install <ulink | 
					
						
							|  |  |  |         url="http://www.php.net/manual/en/book.imagick.php">PHP | 
					
						
							|  |  |  |         Imagick/ImageMagick</ulink> for full file format support). If you do | 
					
						
							|  |  |  |         not need to manage all attributes then you can deactivate them in your | 
					
						
							|  |  |  |         server profile.</para> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-06 14:39:26 +00:00
										 |  |  |         <para><emphasis role="bold">Configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please activate the module "Personal (inetOrgPerson)" for | 
					
						
							|  |  |  |         users.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_personal3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The module manages lots of fields. Probably, you will not need | 
					
						
							|  |  |  |         all of them. You can hide fields in module settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>In advanced options you may also set fields to read-only (for | 
					
						
							|  |  |  |         existing accounts) and define limits for photo files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_personal4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">User management</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_personal.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-01-28 21:15:55 +00:00
										 |  |  |         <para>User certificates can be uploaded and downloaded. LAM will | 
					
						
							|  |  |  |         automatically convert PEM to DER format.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_personal2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <table> | 
					
						
							|  |  |  |           <title>LDAP attribute mappings</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <tgroup cols="2"> | 
					
						
							|  |  |  |             <thead> | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry align="center">Attribute name</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry align="center">Name inside LAM</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  |             </thead> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <tbody> | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>businessCategory</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Business category</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>carLicense</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Car license</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>cn/commonName</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Common name</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>departmentNumber</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Department(s)</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>description</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Description</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-22 14:00:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>employeeNumber</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Employee number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>employeeType</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Employee type</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>facsimileTelephoneNumber/fax</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Fax number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>givenName/gn</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>First name</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>homePhone</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Home telephone number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-22 14:00:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>initials</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Initials</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>jpegPhoto</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Photo</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>l</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Location</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>mail/rfc822Mailbox</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Email address</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>manager</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Manager</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>mobile/mobileTelephoneNumber</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Mobile number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-22 14:00:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>organizationName/o</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Organisation</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>physicalDeliveryOfficeName</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Office name</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>postalAddress</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Postal address</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>postalCode</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Postal code</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>postOfficeBox</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Post office box</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-11-05 16:00:55 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>registeredAddress</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Registered address</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>roomNumber</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Room number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>sn/surname</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Last name</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>st</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>State</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>street/streetAddress</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Street</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>telephoneNumber</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Telephone number</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>title</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Job title</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-01-28 21:15:55 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>userCertificate</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>User certificates</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 14:33:00 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>uid/userid</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>User name</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>userPassword</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Password</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  |             </tbody> | 
					
						
							|  |  |  |           </tgroup> | 
					
						
							|  |  |  |         </table> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Unix</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The Unix module manages Unix user accounts including group | 
					
						
							|  |  |  |         memberships.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |         <para>There are several configuration options for this module:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>UID generator: LAM will suggest UID numbers for your | 
					
						
							|  |  |  |             accounts. Please note that it may happen that there are duplicate | 
					
						
							|  |  |  |             IDs assigned if users create accounts at the same time. Use an | 
					
						
							|  |  |  |             <ulink | 
					
						
							|  |  |  |             url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink> | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  |             like "Attribute Uniqueness" (<link | 
					
						
							|  |  |  |             linkend="a_openldap_unique">example</link>) if you have lots of | 
					
						
							|  |  |  |             LAM admins creating accounts.</para> | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <itemizedlist> | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>Fixed range: LAM searches for free numbers within the | 
					
						
							|  |  |  |                 given limits. LAM always tries to use a free UID that is | 
					
						
							|  |  |  |                 greater than the existing UIDs to prevent collisions with | 
					
						
							|  |  |  |                 deleted accounts.</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <listitem> | 
					
						
							|  |  |  |                 <para>Samba ID pool: This uses a special LDAP entry that | 
					
						
							|  |  |  |                 includes attributes that store a counter for the last used | 
					
						
							|  |  |  |                 UID/GID. Please note that this requires that you install the | 
					
						
							|  |  |  |                 Samba schema and create an LDAP entry of object class | 
					
						
							|  |  |  |                 "sambaUnixIdPool".</para> | 
					
						
							|  |  |  |               </listitem> | 
					
						
							|  |  |  |             </itemizedlist> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Password hash type: If possible use CRYPT-SHA512 or SSHA to | 
					
						
							|  |  |  |             protect your user's passwords.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Login shells: List of valid login shells that can be | 
					
						
							|  |  |  |             selected when editing an account.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Hidden options: Some input fields can be hidden to simplify | 
					
						
							|  |  |  |             the GUI if you do not need them.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixUserConfig.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The user name is automatically filled as specified in the | 
					
						
							|  |  |  |         configuration (default smiller for Steve Miller). Of course, the | 
					
						
							|  |  |  |         suggested value can be changed any time. Common name is also filled | 
					
						
							|  |  |  |         with first/last name by default.</para> | 
					
						
							| 
									
										
										
										
											2011-05-07 08:59:50 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixUser.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2011-05-07 08:59:50 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-30 18:50:20 +00:00
										 |  |  |         <para>Group memberships can be changed when clicking on "Edit groups". | 
					
						
							|  |  |  |         Here you can select the Unix groups and group of names | 
					
						
							|  |  |  |         memberships.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To enable "Group of names" please either add the groups module | 
					
						
							|  |  |  |         "groupOfNames"/"groupOfUniqueNames" or add the account type "Group of | 
					
						
							|  |  |  |         names".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixUserGroups.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-07 08:59:50 +00:00
										 |  |  |         <para>You can also create home directories for your users if you setup | 
					
						
							|  |  |  |         <link linkend="a_lamdaemon">lamdaemon</link>. This allows you to | 
					
						
							|  |  |  |         create the directories on the local or remote servers.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>It is also possible to check the status of the user's home | 
					
						
							|  |  |  |         directories. If needed the directories can be created or removed at | 
					
						
							|  |  |  |         any time.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixUserHomedir.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-20 13:36:23 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Group of names (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This module manages memberships in group of (unique) names. To | 
					
						
							|  |  |  |         activate this feature please add the user module "Group of names | 
					
						
							|  |  |  |         (groupOfNamesUser)" to your LAM server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please note that this module cannot be used if the Unix module | 
					
						
							|  |  |  |         is active. In this case group memberships may be managed with the Unix | 
					
						
							|  |  |  |         module.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_groupOfNamesUser2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-20 13:36:23 +00:00
										 |  |  |         <para>The module automatically detects if groups are based on | 
					
						
							|  |  |  |         "groupOfNames" or "groupOfUniqueNames" and sets the correct | 
					
						
							|  |  |  |         attribute.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_groupOfNamesUser.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  |       <section id="organizationalRoleUser"> | 
					
						
							| 
									
										
										
										
											2014-01-18 11:40:24 +00:00
										 |  |  |         <title>Organizational roles (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM can manage role memberships in <link | 
					
						
							|  |  |  |         linkend="organizationalRole">organizationalRole</link> objects. To | 
					
						
							|  |  |  |         activate this feature please add the user module "Roles | 
					
						
							|  |  |  |         (organizationalRoleUser)" to your LAM server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_organizationalRoleUser1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now, there will be a new tab "Roles" when you edit your user | 
					
						
							|  |  |  |         accounts. Here you can select the role memberships.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_organizationalRoleUser2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Shadow</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM supports the management of the LDAP substitution of | 
					
						
							|  |  |  |         /etc/shadow. Here you can setup password policies for your Unix | 
					
						
							|  |  |  |         accounts and also view the last password change of a user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_shadow.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2013-11-23 13:51:48 +00:00
										 |  |  |         <title id="passwordSelfResetUser">Password self reset (LAM | 
					
						
							|  |  |  |         Pro)</title> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro allows your users to reset their passwords by answering | 
					
						
							|  |  |  |         a security question. The reset link is displayed on the <link | 
					
						
							|  |  |  |         linkend="PasswordSelfReset">self service page</link>. Additionally, | 
					
						
							|  |  |  |         you can set question + answer in the admin interface.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-08 18:25:27 +00:00
										 |  |  |         <para>Please note that self service and LAM admin interface are | 
					
						
							|  |  |  |         separated functionalities. You need to specify the list of possible | 
					
						
							|  |  |  |         security questions in both self service profile(s) and server | 
					
						
							|  |  |  |         profile(s).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-11 18:58:20 +00:00
										 |  |  |         <para><emphasis role="bold">Schema installation</emphasis></para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  |         <para>Please install the LDAP schema as described <link | 
					
						
							|  |  |  |         linkend="a_passwordSelfResetSchema">here</link>.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Activate password self reset | 
					
						
							|  |  |  |         module</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please activate the password self reset module in your LAM Pro | 
					
						
							|  |  |  |         server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset7.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now select the tab "Module settings" and specify the list of | 
					
						
							|  |  |  |         possible security questions. Only these questions will be selectable | 
					
						
							|  |  |  |         when you later edit accounts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset8.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Edit users</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>After everything is setup please login to LAM Pro and edit your | 
					
						
							|  |  |  |         users. You will see a new tab called "Password self reset". Here you | 
					
						
							|  |  |  |         can activate/remove the password self reset function for each user. | 
					
						
							|  |  |  |         You can also change the security question and answer.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  |         <para>If you set a backup email address then confirmation emails will | 
					
						
							|  |  |  |         also be sent to this address. This is useful if the user password | 
					
						
							|  |  |  |         grants access to the user's primary mailbox. So passwords can be | 
					
						
							|  |  |  |         unlocked with an external email address.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-23 13:51:48 +00:00
										 |  |  |         <para><emphasis role="bold">Hint:</emphasis> You can add the | 
					
						
							|  |  |  |         passwordSelfReset object class to all your users with the <link | 
					
						
							|  |  |  |         linkend="toolMultiEdit">multi edit</link> tool.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-25 12:18:46 +00:00
										 |  |  |         <para><emphasis role="bold">Samba 4 note:</emphasis> Due to a <ulink | 
					
						
							|  |  |  |         url="https://bugzilla.samba.org/show_bug.cgi?id=10094">bug</ulink> in | 
					
						
							|  |  |  |         Samba 4 you need to add the extension, save, and then select a | 
					
						
							|  |  |  |         question and set the answer. If you add the extension, set | 
					
						
							|  |  |  |         question/answer and then save all together this will cause an LDAP | 
					
						
							| 
									
										
										
										
											2013-08-29 16:44:58 +00:00
										 |  |  |         error and no changes will be saved.</para> | 
					
						
							| 
									
										
										
										
											2013-08-25 12:18:46 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset9.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Hosts</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can specify a list of valid host names where the user may | 
					
						
							|  |  |  |         login. If you add the value "*" then the user may login to any host. | 
					
						
							|  |  |  |         This can be further restricted by adding explicit deny entries which | 
					
						
							|  |  |  |         are prefixed with "!" (e.g. "!hr_server").</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please note that your PAM settings need to support host | 
					
						
							| 
									
										
										
										
											2011-10-03 16:48:36 +00:00
										 |  |  |         restrictions. This feature is enabled by setting <emphasis | 
					
						
							|  |  |  |         role="bold">pam_check_host_attr yes</emphasis> in your <emphasis | 
					
						
							|  |  |  |         role="bold">/etc/pam_ldap.conf</emphasis>. When it is enabled then the | 
					
						
							|  |  |  |         account facility of pam_ldap will perform the checks and return an | 
					
						
							|  |  |  |         error when no proper host attribute is present. Please note that users | 
					
						
							|  |  |  |         without host attribute cannot login to such a configured | 
					
						
							|  |  |  |         server.</para> | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/hostObject.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Samba 3</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM supports full Samba 3 user management including logon hours | 
					
						
							|  |  |  |         and terminal server options.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_samba3User1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_samba3User2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_samba3User3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Windows (Samba 4)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please activate the account type "Users" in your LAM server | 
					
						
							|  |  |  |         profile and then add the user module "Windows | 
					
						
							|  |  |  |         (windowsUser)(*)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-07 17:55:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsUser4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The default list attributes are for Unix and not suitable for | 
					
						
							|  |  |  |         Windows (blank lines in account table). Please use | 
					
						
							|  |  |  |         "#cn;#givenName;#sn;#mail" or select your own attributes to display in | 
					
						
							|  |  |  |         the account list.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsUser1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-09 13:26:31 +00:00
										 |  |  |         <para>On tab "Module settings" you can specify the possible Windows | 
					
						
							|  |  |  |         domain names and if pre-Windows 2000 user names should be | 
					
						
							|  |  |  |         managed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-12 19:39:51 +00:00
										 |  |  |         <para>NIS support is deactivated by default. Enable it if | 
					
						
							|  |  |  |         needed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-09 13:26:31 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsUser5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now you can manage your Windows users and e.g. assign groups. | 
					
						
							|  |  |  |         You might want to set the default domain name in the <link | 
					
						
							|  |  |  |         linkend="a_accountProfile">profile editor</link>.</para> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-12 13:18:22 +00:00
										 |  |  |         <para><emphasis role="bold">Attention:</emphasis> Password changes | 
					
						
							|  |  |  |         require a secure connection via ldaps://. Check your LAM server | 
					
						
							|  |  |  |         profile if password changes are refused by the server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsUser2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsUser3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2011-05-21 10:55:48 +00:00
										 |  |  |         <title>Filesystem quota (lamdaemon)</title> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage file system quotas with LAM. This requires to | 
					
						
							| 
									
										
										
										
											2011-05-21 10:55:48 +00:00
										 |  |  |         setup <link linkend="a_lamdaemon">lamdaemon</link>. LAM connects to | 
					
						
							|  |  |  |         your server via SSH and manages the disk filesystem quotas. The quotas | 
					
						
							|  |  |  |         are stored directly on the filesystem. This is the default mechanism | 
					
						
							|  |  |  |         to store quotas for most systems.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please add the module "Quota (quota)" for users to your LAM | 
					
						
							|  |  |  |         server profile to enable this feature.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you store the quota information directly inside LDAP please | 
					
						
							|  |  |  |         see the next section.</para> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_quotaUser.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-21 10:55:48 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Filesystem quota (LDAP)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can store your filesystem quotas directly in LDAP. See | 
					
						
							|  |  |  |         <ulink url="http://sourceforge.net/projects/linuxquota/">Linux | 
					
						
							|  |  |  |         DiskQuota</ulink> for details since it requires quota tools that | 
					
						
							|  |  |  |         support LDAP. You will need to install the quota LDAP schema to manage | 
					
						
							|  |  |  |         the object class "systemQuotas".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please add the module "Quota (systemQuotas)" for users to your | 
					
						
							|  |  |  |         LAM server profile to enable this feature.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you store the quota information on the filesystem please see | 
					
						
							|  |  |  |         the previous section.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_systemQuotas.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Kolab</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This module supports to manage Kolab accounts with LAM. E.g. you | 
					
						
							|  |  |  |         can set the user's mail quota and define invitation policies.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-29 16:44:58 +00:00
										 |  |  |         <para>Please add the Kolab user module in your LAM server profile to | 
					
						
							|  |  |  |         activate Kolab support.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kolab2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-03 17:17:47 +00:00
										 |  |  |         <para>Attention: LAM will add the object class "mailrecipient" by | 
					
						
							|  |  |  |         default. This object class is available on 389 directory server but | 
					
						
							|  |  |  |         may not be present on e.g. OpenLDAP. Please deactivate the following | 
					
						
							|  |  |  |         setting (LAM server profile, module settings) if you do not use this | 
					
						
							|  |  |  |         object class.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kolab5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |         <para>Please enter an email address at the Personal page and set a | 
					
						
							|  |  |  |         Unix password first. Both are required that Kolab accepts the | 
					
						
							| 
									
										
										
										
											2013-03-18 19:06:56 +00:00
										 |  |  |         accounts. The email address ("Personal" page) must match your Kolab | 
					
						
							|  |  |  |         domain, otherwise the account will not work.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Attention:</emphasis> The mailbox server | 
					
						
							|  |  |  |         cannot be changed after the account has been saved. Please make sure | 
					
						
							|  |  |  |         that the value is correct.</para> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Kolab users should not be directly deleted with LAM. You can | 
					
						
							|  |  |  |         mark an account for deletion which then is done by the Kolab server | 
					
						
							|  |  |  |         itself. This makes sure that the mailbox etc. is also deleted.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kolab.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-03-18 19:06:56 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>If you upgrade existing non-Kolab accounts please make sure that | 
					
						
							|  |  |  |         the account has an Unix password.</para> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Asterisk</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |         <para>LAM supports Asterisk accounts, too. See the <link | 
					
						
							|  |  |  |         linkend="type_asterisk">Asterisk</link> section for details.</para> | 
					
						
							| 
									
										
										
										
											2010-03-06 13:53:33 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>EDU person</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>EDU person accounts are mainly used in university networks. You | 
					
						
							|  |  |  |         can specify the principal name, nick names and much more.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_eduPerson.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>PyKota</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>There are two LAM user modules depending if your user entries | 
					
						
							|  |  |  |         should be built on object class "pykotaObject" or a different | 
					
						
							|  |  |  |         structural object class (e.g. "inetOrgPerson"). For "pykotaObject" | 
					
						
							|  |  |  |         please select "PyKota (pykotaUserStructural(*))" and "PyKota | 
					
						
							|  |  |  |         (pykotaUser)" in all other cases.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaUser1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To display the job history please setup the job DN on tab | 
					
						
							|  |  |  |         "Module settings":</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaUser2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now you can add the PyKota extension to your user accounts. Here | 
					
						
							|  |  |  |         you can setup the printing options and add payments for this | 
					
						
							|  |  |  |         user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>For LAM Pro there are also self service fields to allow users | 
					
						
							|  |  |  |         e.g. to view their current balance and job history.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaUser3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You may also view the payment and job history.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaUser4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaUser5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Password policy (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>OpenLDAP supports the <ulink | 
					
						
							|  |  |  |         url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay | 
					
						
							|  |  |  |         to manage password policies for LDAP entries. LAM Pro supports <link | 
					
						
							|  |  |  |         linkend="a_ppolicy">managing the policies</link> and assigning them to | 
					
						
							|  |  |  |         user accounts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please add the account type "Password policies" to your LAM | 
					
						
							|  |  |  |         server profile and activate the "Password policy" module for the user | 
					
						
							|  |  |  |         type.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/ppolicyUser.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can assign any password policy which is found in the LDAP | 
					
						
							|  |  |  |         suffix of the "Password policies" type. When you set the policy to | 
					
						
							|  |  |  |         "default" then OpenLDAP will use the default policy as defined in your | 
					
						
							|  |  |  |         slapd.conf file.</para> | 
					
						
							| 
									
										
										
										
											2013-08-23 16:10:07 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Attention:</emphasis> Locking and | 
					
						
							|  |  |  |         unlocking requires that you also activate the option "Lockout users" | 
					
						
							|  |  |  |         in the assigned <link linkend="a_ppolicy">password policy</link>. | 
					
						
							|  |  |  |         Otherwise, it will have no effect.</para> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-31 20:48:29 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>FreeRadius</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>FreeRadius is a software that implements the RADIUS | 
					
						
							|  |  |  |         authentication protocol. LAM allows you to mange several of the | 
					
						
							|  |  |  |         FreeRadius attributes.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To activate the FreeRadius plugin please activate the FreeRadius | 
					
						
							|  |  |  |         user module in your server profile:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_freeRadius1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can disable unneeded fields on the tab "Module | 
					
						
							|  |  |  |         settings":</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_freeRadius2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now you will see the tab "FreeRadius" when editing users. The | 
					
						
							|  |  |  |         extension can be (de)activated for each user. You can setup e.g. | 
					
						
							|  |  |  |         realm, IP and expiration date.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_freeRadius3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Heimdal Kerberos (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage your Heimdal Kerberos accounts with LAM Pro. | 
					
						
							| 
									
										
										
										
											2012-11-11 14:19:36 +00:00
										 |  |  |         Please add the user module "Kerberos (heimdalKerberos)" to activate | 
					
						
							|  |  |  |         this feature.</para> | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Setup password changing</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro cannot generate the password hashes itself because | 
					
						
							|  |  |  |         Heimdal uses a propietary format for them. Therefore, LAM Pro needs to | 
					
						
							|  |  |  |         call e.g. kadmin to set the password.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The wildcards @@password@@ and @@principal@@ are replaced with | 
					
						
							|  |  |  |         password and principal name. Please use keytab authentication for this | 
					
						
							|  |  |  |         command since it must run without any interaction.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Example to create a keytab: ktutil -k /root/lam.keytab add -p | 
					
						
							|  |  |  |         lam@LAM.LOCAL -e aes256-cts-hmac-sha1-96 -V 1</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Security hint: Please secure your LAM Pro server since the new | 
					
						
							|  |  |  |         passwords will be visible for a short term in the process list during | 
					
						
							|  |  |  |         password change.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kerberos2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">User management</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can specify the principal/user name, ticket lifetimes and | 
					
						
							| 
									
										
										
										
											2012-06-07 19:31:10 +00:00
										 |  |  |         expiration dates. Additionally, you can set various account | 
					
						
							|  |  |  |         options.</para> | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kerberos1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-11 14:19:36 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>MIT Kerberos (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage your MIT Kerberos accounts with LAM Pro. Please | 
					
						
							|  |  |  |         add the user module "Kerberos (mitKerberos)" to activate this feature. | 
					
						
							|  |  |  |         If you want to manage entries based on the structural object class | 
					
						
							|  |  |  |         "krbPrincipal" please use "Kerberos (mitKerberosStructural)" | 
					
						
							|  |  |  |         instead.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Setup password changing</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro cannot generate the password hashes itself because MIT | 
					
						
							|  |  |  |         uses a propietary format for them. Therefore, LAM Pro needs to call | 
					
						
							|  |  |  |         kadmin/kadmin.local to set the password.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to | 
					
						
							|  |  |  |         set the password. Please use keytab authentication for this command | 
					
						
							|  |  |  |         since it must run without any interaction.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Keytabs may be created with the "ktutil" application.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Security hint: Please secure your LAM Pro server since the new | 
					
						
							|  |  |  |         passwords will be visible for a short term in the process list during | 
					
						
							|  |  |  |         password change.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Example commands:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>/usr/sbin/kadmin -k -t /home/www-data/apache.keytab -p | 
					
						
							|  |  |  |             realm/changepwd</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>sudo /usr/sbin/kadmin.local</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_mitKerberos1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">User management</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can specify the principal/user name, ticket lifetimes and | 
					
						
							|  |  |  |         expiration dates. Additionally, you can set various account | 
					
						
							|  |  |  |         options.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_mitKerberos2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-22 17:28:59 +00:00
										 |  |  |       <section id="mailAliasesUser"> | 
					
						
							|  |  |  |         <title>Mail aliases</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This module allows to add/remove the user in mail alias | 
					
						
							|  |  |  |         entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Note:</emphasis> You need to activate the | 
					
						
							|  |  |  |         <link linkend="mailAliases">mail alias type</link> for this | 
					
						
							|  |  |  |         module.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To activate mail aliases for users please select the module | 
					
						
							|  |  |  |         "Mail aliases (nisMailAliasUser)":</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/nisMailAliasUser1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>On tab Module settings you can select if you want to set the | 
					
						
							|  |  |  |         user name or email as recipient in alias entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/nisMailAliasUser4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now you will see the mail aliases tab when editing an | 
					
						
							|  |  |  |         user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The red cross will only remove the user from the alias entry. If | 
					
						
							|  |  |  |         you click the trash can button then the whole alias entry (which may | 
					
						
							|  |  |  |         contain other users) will be deleted.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/nisMailAliasUser2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can add the user to existing alias entries or create | 
					
						
							|  |  |  |         completly new ones.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/nisMailAliasUser3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Qmail (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro manages all qmail attributes for users. This includes | 
					
						
							|  |  |  |         mail addresses, ID numbers and quota settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please note that the main mail address is managed on tab | 
					
						
							|  |  |  |         "Personal" if this module is active. Otherwise, it will be on the | 
					
						
							|  |  |  |         qmail tab.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_qmail2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can hide several qmail options if you do not want to manage | 
					
						
							|  |  |  |         them with LAM. This can be done on the module settings tab of your LAM | 
					
						
							|  |  |  |         server profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_qmail1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Mail routing</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM supports to manage mail routing for user accounts. You can | 
					
						
							|  |  |  |         specify a routing address, the mail server and a number of local | 
					
						
							|  |  |  |         addresses to route. This feature can be activated by adding the "Mail | 
					
						
							|  |  |  |         routing" module to the user account type in your server | 
					
						
							|  |  |  |         profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mailRouting.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>SSH keys</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage your public keys for SSH in LAM if you installed | 
					
						
							|  |  |  |         the <ulink url="http://code.google.com/p/openssh-lpk/">LPK patch for | 
					
						
							|  |  |  |         SSH</ulink>. Activate the "SSH public key" module for users in the | 
					
						
							|  |  |  |         server profile and you can add keys to your user entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/ldapPublicKey.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-11-29 20:50:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-21 17:43:41 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Authorized services</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can setup PAM to check if a user is allowed to run a | 
					
						
							|  |  |  |         specific service (e.g. sshd) by reading the LDAP attribute | 
					
						
							|  |  |  |         "authorizedService". This way you can manage all allowed services via | 
					
						
							|  |  |  |         LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To activate this PAM feature please setup your <emphasis | 
					
						
							|  |  |  |         role="bold">/etc/libnss-ldap.conf</emphasis> and set | 
					
						
							|  |  |  |         "pam_check_service_attr" to "yes".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Inside LAM you can now set the allowed services. You may also | 
					
						
							|  |  |  |         setup default services in your account profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_authorizedServices.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-08-13 17:44:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>You can define a list of services in your LAM server profile | 
					
						
							|  |  |  |         that is used for autocompletion.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_authorizedServices3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The autocompletion will show all values that contains the | 
					
						
							|  |  |  |         entered text. To display the whole list you can press backspace in the | 
					
						
							|  |  |  |         empty input field. Of course, you can also insert a service name that | 
					
						
							|  |  |  |         is not in the list.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_authorizedServices2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2011-08-21 17:43:41 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-29 20:50:00 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>IMAP mailboxes</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM may create and delete mailboxes on an IMAP server for your | 
					
						
							|  |  |  |         user accounts. You will need an IMAP server that supports either SSL | 
					
						
							|  |  |  |         or TLS for this feature.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To activate the mailbox management module please add the | 
					
						
							|  |  |  |         "Mailbox (imapAccess)" module for the type user in your LAM server | 
					
						
							|  |  |  |         profile:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/imapAccess1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now configure the module on the tab "Module settings". Here you | 
					
						
							|  |  |  |         can specify the IMAP server name, encryption options, the | 
					
						
							|  |  |  |         authentication for the IMAP connection and the valid mail domains. LAM | 
					
						
							|  |  |  |         can use either your LAM login password for the IMAP connection or | 
					
						
							| 
									
										
										
										
											2013-12-29 09:50:41 +00:00
										 |  |  |         display a dialog where you need to enter the password. It is also | 
					
						
							|  |  |  |         possible to store the admin password in your server profile. This is | 
					
						
							|  |  |  |         not recommended for security reasons.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The user name can either be a fixed name (e.g. "admin") or it | 
					
						
							|  |  |  |         can be generated with LDAP attributes of the LAM admn user. E.g. $uid$ | 
					
						
							|  |  |  |         will be transformed to "myUser" if you login with | 
					
						
							|  |  |  |         "uid=myUser,ou=people,dc=example,dc=com".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The mail domains specify for which accounts mailboxes may be | 
					
						
							|  |  |  |         created/deleted. E.g. if you enter "lam-demo.org" then mailboxes can | 
					
						
							|  |  |  |         be managed for "user@lam-demo.org" but not for "user@example.com". Use | 
					
						
							|  |  |  |         "*" for any domain.</para> | 
					
						
							| 
									
										
										
										
											2010-11-29 20:50:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>You need to install the SSL certificate of the CA that signed | 
					
						
							|  |  |  |         your server certificate. This is usually done by installing the | 
					
						
							|  |  |  |         certificate in /etc/ssl/certs. Different Linux distributions may offer | 
					
						
							|  |  |  |         different ways to do this. For Debian please copy the certificate in | 
					
						
							|  |  |  |         "/usr/local/share/ca-certificates" and run "update-ca-certificates" as | 
					
						
							|  |  |  |         root.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>It is not recommended to disable the validation of IMAP server | 
					
						
							|  |  |  |         certificates.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-29 09:50:41 +00:00
										 |  |  |         <para>The prefix, user name attribute and path separator specifies how | 
					
						
							|  |  |  |         your mailboxes are named (e.g. "user.myUser@localhost" or | 
					
						
							|  |  |  |         "user/myUser"). Select the values depending on your IMAP server | 
					
						
							|  |  |  |         settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-29 20:50:00 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/imapAccess2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>When you edit an user account then you will now see the tab | 
					
						
							|  |  |  |         "Mailbox". Here you can create/delete the mailbox for this | 
					
						
							|  |  |  |         user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/imapAccess3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section id="s_account"> | 
					
						
							|  |  |  |         <title>Account</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This is a very simple module to manage accounts based on the | 
					
						
							|  |  |  |         object class "account". Usually, this is used for host accounts only. | 
					
						
							|  |  |  |         Please pay attention that users based on the "account" object class | 
					
						
							|  |  |  |         cannot have contact information (e.g. telephone number) as with | 
					
						
							|  |  |  |         "inetOrgPerson".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can enter a user/host name and a description for your | 
					
						
							|  |  |  |         accounts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_account.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Groups</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Unix</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This module is used to manage Unix group entries. This is the | 
					
						
							|  |  |  |         default module to manage Unix groups and uses the nis.schema. Suse | 
					
						
							| 
									
										
										
										
											2014-03-30 07:47:44 +00:00
										 |  |  |         users who use the <link | 
					
						
							|  |  |  |         linkend="rfc2307bisPosixGroup">rfc2307bis.schema</link> need to use | 
					
						
							|  |  |  |         LAM Pro.</para> | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |         <para><emphasis role="bold">Configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-30 07:47:44 +00:00
										 |  |  |         <para>Please add the account type "Groups" and then select account | 
					
						
							|  |  |  |         module "Unix (posixGroup)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixGroupConfig1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |         <para>GID generator: LAM will suggest GID numbers for your accounts. | 
					
						
							|  |  |  |         Please note that it may happen that there are duplicate IDs assigned | 
					
						
							|  |  |  |         if users create groups at the same time. Use an <ulink | 
					
						
							|  |  |  |         url="http://www.openldap.org/doc/admin24/overlays.html">overlay</ulink> | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  |         like "Attribute Uniqueness" (<link | 
					
						
							|  |  |  |         linkend="a_openldap_unique">example</link>) if you have lots of LAM | 
					
						
							|  |  |  |         admins creating groups.</para> | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Fixed range: LAM searches for free numbers within the given | 
					
						
							|  |  |  |             limits. LAM always tries to use a free GID that is greater than | 
					
						
							|  |  |  |             the existing GIDs to prevent collisions with deleted | 
					
						
							|  |  |  |             groups.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Samba ID pool: This uses a special LDAP entry that includes | 
					
						
							|  |  |  |             attributes that store a counter for the last used UID/GID. Please | 
					
						
							|  |  |  |             note that this requires that you install the Samba schema and | 
					
						
							|  |  |  |             create an LDAP entry of object class "sambaUnixIdPool".</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2014-03-30 07:47:44 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Disable membership management: Disables group membership | 
					
						
							|  |  |  |             management. This is useful if memberships are e.g. managed via | 
					
						
							|  |  |  |             group of names.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixGroupConfig.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Group management:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixGroup.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Group membership management:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_unixGroup2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-30 07:47:44 +00:00
										 |  |  |       <section id="rfc2307bisPosixGroup"> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |         <title>Unix groups with rfc2307bis schema (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Some applications (e.g. Suse Linux) use the rfc2307bis schema | 
					
						
							|  |  |  |         for Unix accounts instead of the nis schema. In this case group | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |         accounts are based on the object class <link lang="" | 
					
						
							| 
									
										
										
										
											2012-05-26 14:06:08 +00:00
										 |  |  |         linkend="a_groupOfNames">groupOf(Unique)Names</link> or namedObject. | 
					
						
							|  |  |  |         The object class posixGroup is auxiliary in this case.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM Pro supports these groups with a special account module: | 
					
						
							|  |  |  |         <emphasis role="bold">rfc2307bisPosixGroup</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Use this module only if your system depends on the rfc2307bis | 
					
						
							| 
									
										
										
										
											2012-05-26 14:06:08 +00:00
										 |  |  |         schema. The module can be selected in the LAM configuration. Instead | 
					
						
							|  |  |  |         of using groupOfNames as basis for your groups you may also use | 
					
						
							|  |  |  |         namedObject.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/rfc2307bis.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |           </screenshot><screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/mod_unixGroupLAMPro.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           </screenshot></para> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Samba 3</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM supports managing Samba 3 groups. You can set special group | 
					
						
							|  |  |  |         types and also create Windows predefined groups like "Domain | 
					
						
							|  |  |  |         admins".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_sambaGroup.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Windows (Samba 4)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM can manage your Windows groups. Please enable the account | 
					
						
							|  |  |  |         type "Groups" in your LAM server profile and then add the group module | 
					
						
							|  |  |  |         "Windows (windowsGroup)(*)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-07 17:55:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsGroup3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The default list attributes are for Unix and not suitable for | 
					
						
							|  |  |  |         Windows (blank lines in account table). Please use | 
					
						
							|  |  |  |         "#cn;#member;#description" or select your own attributes to display in | 
					
						
							|  |  |  |         the account list.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsGroup1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-12 19:39:51 +00:00
										 |  |  |         <para>NIS support is deactivated by default. Enable it if needed on | 
					
						
							|  |  |  |         tab "Module settings".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsGroup4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-07 17:55:28 +00:00
										 |  |  |         <para>Now you can edit your groups inside LAM. You can manage the | 
					
						
							|  |  |  |         group name, description and its type. Of course, you can also set the | 
					
						
							|  |  |  |         group members.</para> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Group scopes:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Global: Use this for groups with frequent changes. Global | 
					
						
							|  |  |  |             groups are not replicated to other domains.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Universal: Groups with universal scope are used to | 
					
						
							|  |  |  |             consolidate groups that span domains. They are globally | 
					
						
							|  |  |  |             replicated.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Domain local: Groups with domain local scope can be used to | 
					
						
							|  |  |  |             set permissions inside one domain. They are not replicated to | 
					
						
							|  |  |  |             other domains.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Group type:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Security: Use this group type to control permissions.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Distribution: These groups are only used for email | 
					
						
							|  |  |  |             applications. They cannot be used to control permissions.</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsGroup2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-29 16:44:58 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Kolab</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please activate the Kolab group module in your LAM server | 
					
						
							|  |  |  |         profile to activate Kolab support.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kolab3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can specify the email address and also set allowed sender | 
					
						
							|  |  |  |         and recipient addresses.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_kolab4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Quota</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage file system quotas with LAM. This requires to | 
					
						
							|  |  |  |         setup <link linkend="a_lamdaemon">lamdaemon</link>. File system quotas | 
					
						
							|  |  |  |         are not stored inside LAM but managed directly on the specified | 
					
						
							|  |  |  |         servers.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_quotaGroup.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>PyKota</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>There are two LAM group modules depending if your group entries | 
					
						
							|  |  |  |         should be built on object class "pykotaObject" or a different | 
					
						
							|  |  |  |         structural object class (e.g. "posixGroup"). For "pykotaObject" please | 
					
						
							|  |  |  |         select "PyKota (pykotaGroupStructural(*))" and "PyKota (pykotaGroup)" | 
					
						
							|  |  |  |         in all other cases.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaGroup1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Now you can add the PyKota extension to your groups.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_pykotaGroup2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Hosts</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Account</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please see the description <link | 
					
						
							|  |  |  |         linkend="s_account">here</link>.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Device (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The device object class allows to manage general information | 
					
						
							|  |  |  |         about all sorts of devices (e.g. computers, network hardware, ...). | 
					
						
							|  |  |  |         You can enter the serial number, location and a describing text. It is | 
					
						
							|  |  |  |         also possible to specify the owner of the device.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/device.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Samba 3</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage Samba 3 host entries by adding the Unix and Samba | 
					
						
							|  |  |  |         3 account modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_sambaHost1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_sambaHost2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Windows (Samba 4)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM can manage your Windows servers and workstations. Please | 
					
						
							|  |  |  |         enable the account type "Hosts" in your LAM server profile and then | 
					
						
							|  |  |  |         add the host module "Windows (windowsHost)(*)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-07 17:55:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsServer3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>The default list attributes are for Unix and not suitable for | 
					
						
							|  |  |  |         Windows (blank lines in account table). Please use | 
					
						
							|  |  |  |         "#cn;#description;#location" or select your own attributes to display | 
					
						
							|  |  |  |         in the account list.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsServer2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-07 17:55:28 +00:00
										 |  |  |         <para>Now you will see you computer accounts inside LAM. You can set | 
					
						
							|  |  |  |         e.g. the server's description and location information.</para> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_windowsServer1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |         <title>IP addresses (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>You can manage the IP addresses of host accounts with the ipHost | 
					
						
							|  |  |  |         module. It manages the following information:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>IP addresses (IPv4/IPv6)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>location of the host</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>manager: the person who is responsible for the host</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can activate this extension by adding the module ipHost to | 
					
						
							|  |  |  |         the list of active host modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/ipHost.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  |         <title>MAC addresses</title> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Hosts can have an unlimited number of MAC addresses. To enable | 
					
						
							|  |  |  |         this feature just add the "MAC address" module to the host account | 
					
						
							|  |  |  |         type.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/macAddress.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2012-08-26 14:10:33 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Puppet</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM supports to manage your <ulink | 
					
						
							|  |  |  |         url="http://puppetlabs.com/">Puppet</ulink> configuration. You can | 
					
						
							|  |  |  |         edit all attributes like environment, classes, variables and parent | 
					
						
							|  |  |  |         node.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>To activate this feature please edit your LAM server profile and | 
					
						
							|  |  |  |         add the host module "Puppet (puppetClient)" on tab "Modules". This | 
					
						
							|  |  |  |         will add the Puppet tab to your host pages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_puppet2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>On tab "Module settings" in your LAM server profile you may also | 
					
						
							|  |  |  |         setup some common environment names. LAM will use them to provide | 
					
						
							|  |  |  |         autocompletion hints when editing the environment for a node.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_puppet3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Editing nodes</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>When you edit a host entry then you will see the tab "Puppet". | 
					
						
							|  |  |  |         Here you can add/remove the Puppet extension and edit all | 
					
						
							|  |  |  |         attributes.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/mod_puppet1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Samba 3 domains</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Samba 3 stores information about its domain settings inside LDAP. | 
					
						
							|  |  |  |       This includes the domain name, its SID and some policies. You can manage | 
					
						
							|  |  |  |       all these attributes with LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please activate the account type "Samba domains" in your LAM | 
					
						
							|  |  |  |       server profile. Please notice that Samba by default uses the LDAP root | 
					
						
							|  |  |  |       for domain objects (e.g. dc=example,dc=com).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/sambaDomains1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This will add a new tab to LAM where you can manage domain | 
					
						
							|  |  |  |       information.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The domain name, SID and RID base can only be specified for new | 
					
						
							|  |  |  |       domains and are not changeable via LAM at a later time. You may setup | 
					
						
							|  |  |  |       several password policies for your Samba domains and also some RID | 
					
						
							|  |  |  |       options that influence the creation of SIDs for | 
					
						
							|  |  |  |       users/groups/hosts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/sambaDomains2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-06 14:49:00 +00:00
										 |  |  |     <section id="a_groupOfNames"> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       <title>Group of (unique) names (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>These classes can be used to represent group relations. Since they | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  |       allow DNs as members you can also use them to represent nested | 
					
						
							|  |  |  |       groups.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Configuration:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Activate the account type "Group of names" in your LAM server | 
					
						
							|  |  |  |       profile to use these account modules. Alternatively, you can use the | 
					
						
							|  |  |  |       account type "Groups".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/groupOfNames3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/groupOfNames2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add the module "Group of names (groupOfNames)" or "Group of | 
					
						
							|  |  |  |       unique names (groupOfUniqueNames)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/groupOfNames4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>On the module settings tab you set some options like the display | 
					
						
							|  |  |  |       format for members/owners and if fields like description should not be | 
					
						
							|  |  |  |       displayed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/groupOfNames5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Group management:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Group of (unique) names have four basic attributes:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Name: a unique name for the group</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Description: optional description</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Owner: the account which owns this group (optional)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Members: the members of the group (at least one is | 
					
						
							|  |  |  |           required)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can add any accounts as members. This includes other groups | 
					
						
							|  |  |  |       which leads to nested groups.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/groupOfNames1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  |     <section id="organizationalRole"> | 
					
						
							| 
									
										
										
										
											2014-01-18 11:40:24 +00:00
										 |  |  |       <title>Organizational roles (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2014-01-18 11:39:19 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>This module manages roles via the organizationalRole object class. | 
					
						
							|  |  |  |       There is also a <link linkend="organizationalRoleUser">user | 
					
						
							|  |  |  |       module</link> to manage memberships on the user edit page.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Configuration:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Activate the account type "Groups" in your LAM server profile to | 
					
						
							|  |  |  |       use this account module. Alternatively, you can use the account type | 
					
						
							|  |  |  |       "Group of names".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_organizationalRole1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_organizationalRole2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add the module "Role (organizationalRole)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_organizationalRole3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>On the module settings tab you set some options like the display | 
					
						
							|  |  |  |       format for members and if description should not be displayed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_organizationalRole4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Role management:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can add any accounts as members. This includes other roles | 
					
						
							|  |  |  |       which leads to nested roles (needs to be supported by LDAP client | 
					
						
							|  |  |  |       applications).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_organizationalRole5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |     <section id="type_asterisk"> | 
					
						
							|  |  |  |       <title>Asterisk</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM includes large support for Asterisk. You can add Asterisk | 
					
						
							|  |  |  |       extensions (including voicemail) to your users and also manage Asterisk | 
					
						
							|  |  |  |       extensions.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The Asterisk support for users can be added by selecting the | 
					
						
							|  |  |  |       Asterisk and Asterisk voicemail modules for users in your LAM server | 
					
						
							| 
									
										
										
										
											2010-06-25 15:07:44 +00:00
										 |  |  |       profile. This will add the following tabs to your user accounts.</para> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/asterisk.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-09 17:46:51 +00:00
										 |  |  |       <para>The Asterisk module allows to edit a large amount of attributes. | 
					
						
							|  |  |  |       Therefore, you can hide unused fields. Please edit you server profile | 
					
						
							|  |  |  |       (Module settings) to do so.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/asteriskConfig.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Of course, the voicemail part of Asterisk is also | 
					
						
							|  |  |  |       supported.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/asteriskVoicemail.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you also want to manage Asterisk extensions then simply add the | 
					
						
							|  |  |  |       account type "Asterisk extensions" and its module to your server | 
					
						
							|  |  |  |       profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-03-11 17:49:53 +00:00
										 |  |  |       <para>LAM groups your Asterisk extension entries by extension name and | 
					
						
							|  |  |  |       account context. If you edit an extension then you will see the Asterisk | 
					
						
							|  |  |  |       entries as rules. LAM manages that all rule entries have the same owners | 
					
						
							|  |  |  |       and assigns the priorities.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/asteriskExtension.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-20 09:28:34 +00:00
										 |  |  |     <section id="s_zarafa"> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  |       <title>Zarafa (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-24 18:05:17 +00:00
										 |  |  |       <para>Zarafa is an OpenSource collaboration software. LAM Pro provides | 
					
						
							|  |  |  |       support to manage Zarafa server entries, users and groups. It covers all | 
					
						
							|  |  |  |       settings for these types including resource and quota settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-11-25 18:47:49 +00:00
										 |  |  |       <para>LAM Pro is an official Zarafa Certified Integration.</para> | 
					
						
							| 
									
										
										
										
											2011-05-24 18:05:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-06-26 10:32:22 +00:00
										 |  |  |       <para><inlinemediaobject> | 
					
						
							| 
									
										
										
										
											2011-05-24 18:05:17 +00:00
										 |  |  |           <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:36:35 +00:00
										 |  |  |             <imagedata fileref="images/zarafa_logo_integrations_certified_140px.png" /> | 
					
						
							| 
									
										
										
										
											2011-05-24 18:05:17 +00:00
										 |  |  |           </imageobject> | 
					
						
							|  |  |  |         </inlinemediaobject></para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Configuration</title> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para>To enable Zarafa support in LAM Pro please activate the Zarafa | 
					
						
							|  |  |  |         modules for the Users, Groups and Hosts account types in you server | 
					
						
							|  |  |  |         profile:</para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/zarafa1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 19:25:28 +00:00
										 |  |  |         <para><emphasis role="bold">Attention:</emphasis> LAM Pro uses the | 
					
						
							|  |  |  |         Zarafa OpenLDAP schema as default. This schema fits for OpenLDAP, | 
					
						
							|  |  |  |         OpenDJ, Apache Directory server and other common LDAP servers. If you | 
					
						
							|  |  |  |         run Samba 4 or Active Directory then you need to switch the schema to | 
					
						
							|  |  |  |         "Active Directory" on the module settings tab:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/zarafa9.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para>You can configure which parts of the Zarafa user options should | 
					
						
							|  |  |  |         be enabled. E.g. if you do not want to manage quotas per user then you | 
					
						
							|  |  |  |         can hide these options on the tab "Module settings".</para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para><emphasis role="bold">"Send as" attribute:</emphasis> Here you | 
					
						
							|  |  |  |         can specify how "Send as" privileges should be managed. LAM supports | 
					
						
							|  |  |  |         "uid" and "dn".</para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para>If you select "uid" the LAM will store user names in the | 
					
						
							|  |  |  |         zarafaSendAsPrivilege attribute. This way you are restricted to | 
					
						
							|  |  |  |         specify user accounts as "Send as" allowed.</para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para>You can also set this option to "dn" and LAM will store DNs in | 
					
						
							|  |  |  |         the zarafaSendAsPrivilege attribute. In this case you may specify | 
					
						
							|  |  |  |         users and groups as "Send as" allowed.</para> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <para>Examples for your Zarafa ldap.cfg:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>"Send as" attribute: <emphasis role="bold">dn</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>ldap_user_sendas_attribute_type = dn</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>"Send as" attribute: <emphasis role="bold">uid</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>ldap_user_sendas_attribute_type = text</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>ldap_user_sendas_relation_attribute = uid</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-21 17:43:41 +00:00
										 |  |  |         <para><literallayout> | 
					
						
							| 
									
										
										
										
											2013-04-23 18:15:29 +00:00
										 |  |  | Attention: If the Active Directory schema is used then LAM will always use dn and ignore this setting. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-20 16:26:37 +00:00
										 |  |  | </literallayout></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Features:</emphasis> Zarafa 7 allows to | 
					
						
							| 
									
										
										
										
											2011-09-23 09:47:25 +00:00
										 |  |  |         enable IMAP/POP3 for each user. Please hide the option "Features" if | 
					
						
							|  |  |  |         you use Zarafa 6.x.</para> | 
					
						
							| 
									
										
										
										
											2011-08-20 16:26:37 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/zarafa2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Users</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>This is an example of the user edit page with all possible | 
					
						
							|  |  |  |           settings. This includes email settings, quotas and some options | 
					
						
							|  |  |  |           (e.g. hide from address book). You can also set the resource type | 
					
						
							|  |  |  |           and capacity for meeting rooms and equipment. The Zarafa extension | 
					
						
							|  |  |  |           can be added and removed at any time for every user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-20 16:26:37 +00:00
										 |  |  |           <para>Please note that the option "Features" requires Zarafa 7. | 
					
						
							|  |  |  |           Please hide this option in the LAM server profile if you run Zarafa | 
					
						
							|  |  |  |           6.x.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa3.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-09-23 09:47:25 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>Contacts</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>LAM Pro can manage your Zarafa contact entries. You can set | 
					
						
							|  |  |  |           the email aliases and "send as" privileges. Additionally, accounts | 
					
						
							|  |  |  |           may be hidden in the address book or disabled.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Please note that you can either use the Zarafa user module or | 
					
						
							|  |  |  |           Zarafa contact. LAM Pro will disable the other tab when enabling one | 
					
						
							|  |  |  |           of them.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa8.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |         <section> | 
					
						
							|  |  |  |           <title>Groups</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>This is the edit page for groups. You can enter an email | 
					
						
							|  |  |  |           address and additional aliases for your groups. It is also possible | 
					
						
							|  |  |  |           to specify options (e.g. hide from address book). The extension can | 
					
						
							|  |  |  |           be added/removed dynamically.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-07 19:30:53 +00:00
										 |  |  |           <para>Please note that the option "Send-as privileges" requires the | 
					
						
							|  |  |  |           Zarafa 7.0.3 schema. Please hide this option in the LAM server | 
					
						
							|  |  |  |           profile if you run Zarafa < 7.0.3.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa4.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Servers</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>The Zarafa extension for host accounts allows to set the | 
					
						
							|  |  |  |           connection ports and file path. You can add/remove the extension at | 
					
						
							|  |  |  |           any time.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-10 13:41:40 +00:00
										 |  |  |           <para>Setting the public store option is only possible for new host | 
					
						
							|  |  |  |           entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Please note that the proxy URL option requires the Zarafa 7.1 | 
					
						
							|  |  |  |           schema. Please hide this option in your LAM server profile if you | 
					
						
							|  |  |  |           use an older version.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa5.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							| 
									
										
										
										
											2011-09-10 17:35:23 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Address lists</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Zarafa allows to store address lists in LDAP. You need to | 
					
						
							|  |  |  |           define a search base and LDAP filter for each address list. E.g. | 
					
						
							|  |  |  |           entering "ou=people,dc=company,dc=com" as base and "uid=*" will | 
					
						
							|  |  |  |           select all users that are stored in | 
					
						
							|  |  |  |           "ou=people,dc=company,dc=com".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You can also hide your lists from the address book or | 
					
						
							|  |  |  |           temporarily disable them.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa6.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <section> | 
					
						
							|  |  |  |           <title>Dynamic groups</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Zarafa allows to define dynamic groups in LDAP. You need to | 
					
						
							|  |  |  |           define a search base and LDAP filter for each group. E.g. entering | 
					
						
							|  |  |  |           "ou=people,dc=company,dc=com" as base and "uid=*" will select all | 
					
						
							|  |  |  |           users that are stored in "ou=people,dc=company,dc=com".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Dynamic groups may have an email address and multiple email | 
					
						
							|  |  |  |           alias addresses.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You can also hide your dynamic groups from the address book or | 
					
						
							|  |  |  |           temporarily disable them.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <screenshot> | 
					
						
							|  |  |  |             <mediaobject> | 
					
						
							|  |  |  |               <imageobject> | 
					
						
							|  |  |  |                 <imagedata fileref="images/zarafa7.png" /> | 
					
						
							|  |  |  |               </imageobject> | 
					
						
							|  |  |  |             </mediaobject> | 
					
						
							|  |  |  |           </screenshot> | 
					
						
							|  |  |  |         </section> | 
					
						
							| 
									
										
										
										
											2011-01-15 12:56:45 +00:00
										 |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-10-24 13:52:09 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-03 20:25:04 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Kolab shared folders</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please add the account type "Kolab shared folders" in your LAM | 
					
						
							|  |  |  |       server profile and set the correct LDAP suffix.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_kolab6.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_kolab7.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add the "Kolab shared folder" module on tab "Modules".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_kolab8.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now you can start to add shared folders inside LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_kolab9.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>DHCP</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can mange your DHCP server with LAM. It supports to manage | 
					
						
							|  |  |  |       subnets, fixed IP entries, IP ranges and DDNS. The DHCP can be activated | 
					
						
							|  |  |  |       by adding the account type DHCP to your server profile. Please also add | 
					
						
							| 
									
										
										
										
											2013-02-23 17:10:43 +00:00
										 |  |  |       the DHCP modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM requires that you use an LDAP entry with the object class | 
					
						
							|  |  |  |       "dhcpService" or "dhcpServer" as suffix for this account type. If the | 
					
						
							|  |  |  |       "dhcpServer" entry points to a "dhcpService" entry via "dhcpServiceDN" | 
					
						
							|  |  |  |       then you need to use the DN of the "dhcpService" entry as LDAP suffix | 
					
						
							|  |  |  |       for DHCP.</para> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-01 19:58:34 +00:00
										 |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Example server | 
					
						
							|  |  |  |       entry:</emphasis><code></code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dn: | 
					
						
							|  |  |  |       cn=server,ou=dhcp,dc=ldap-account-manager,dc=org</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>objectclass: dhcpServer</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>objectclass: dhcpOptions</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>objectclass: top</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>cn: server</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpcomments: My DHCP server</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: domain-name | 
					
						
							|  |  |  |       "ldap-account-manager.org"</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: domain-name-servers 192.168.1.1</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: routers 192.168.1.1</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: netbios-name-servers 192.168.1.1</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: subnet-mask 255.255.255.0</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpoption: netbios-node-type 8</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: default-lease-time 3600</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: max-lease-time 7200</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: include "mykey"</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: ddns-update-style interim</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: update-static-leases true</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>dhcpstatements: ignore client-updates</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Example settings for | 
					
						
							|  |  |  |       dhcpd.conf:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ddns-update-style none;</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>deny unknown-clients;</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-server "server";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-dhcp-server-cn "server";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-port 389;</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-username | 
					
						
							|  |  |  |       "uid=dhcp,ou=people,dc=ldap-account-manager,dc=org";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-password "{SSHA}XXXXXXXXXXXX";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-base-dn | 
					
						
							|  |  |  |       "ou=dhcp,dc=ldap-account-manager,dc=org";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-method dynamic;</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>ldap-debug-file | 
					
						
							|  |  |  |       "/var/log/dhcp-ldap-startup.log";</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code></code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-01 20:04:09 +00:00
										 |  |  |       <para><emphasis role="bold">slapd.conf changes:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>include /etc/ldap/schema/dhcp.schema</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>index dhcpHWAddress eq</code></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><code>index dhcpClassData eq</code><literallayout> | 
					
						
							|  |  |  | Run slapindex to rebuild the index. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-23 17:10:43 +00:00
										 |  |  |       <para>You can manage the settings of your DHCP service/server | 
					
						
							|  |  |  |       entry:</para> | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/dhcpMainSettings.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can easily create new subnet entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/dhcpSettings.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>It is also possible to specify a list of fixed IPs.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/fixedIP.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>IP ranges may be specified.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/ranges.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you activated DDNS in the server entry then you may also | 
					
						
							|  |  |  |       specify the DDNS settings for this subnet.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/ddns.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-27 17:19:33 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Bind DLZ (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><ulink url="http://bind-dlz.sourceforge.net">Bind DLZ</ulink> is | 
					
						
							|  |  |  |       an extension to the DNS server <ulink | 
					
						
							|  |  |  |       url="http://www.isc.org/software/bind">Bind</ulink> that allows to store | 
					
						
							|  |  |  |       DNS entries inside LDAP. Please install the Bind DLZ schema file on your | 
					
						
							|  |  |  |       LDAP server. It is part of the DLZ patch.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>First, you need to add the Bind DNS account type and the Bind DLZ | 
					
						
							|  |  |  |       module:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please set the LDAP suffix either to an existing DNS zone | 
					
						
							|  |  |  |       (dlzZone) or an organizational unit that should include your DNS | 
					
						
							|  |  |  |       zones.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Zone management</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you do not yet have a DNS zone then LAM can create one for you. | 
					
						
							|  |  |  |       In list view switch the suffix to an organizational unit DN. Now you | 
					
						
							|  |  |  |       will see a button "New zone".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This will create the zone container entry and a default DNS entry | 
					
						
							|  |  |  |       "@" for authoritative information. Now switch the suffix to your new | 
					
						
							|  |  |  |       zone and start adding DNS entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">DNS entries</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM supports the following DNS record types:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>SOA: authoritative information</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>NS: name servers</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>A/AAAA: IP addresses</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>PTR: reverse DNS entries</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>CNAME: alias names</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>MX: mail servers</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2014-01-26 18:46:36 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>TXT: text records</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>SRV: service entries</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2013-10-27 17:19:33 +00:00
										 |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Authoritative (SOA) and name server (NS) | 
					
						
							|  |  |  |       records</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Here you can manage general information about the zone like | 
					
						
							|  |  |  |       timeouts and name servers. Please note that name servers must be | 
					
						
							|  |  |  |       inserted in a special format (dot at the end).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">IP addresses (A/AAAA)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM will automatically set the correct type (A/AAAA) depending if | 
					
						
							|  |  |  |       you enter an IPv4 or IPv6 address.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind6.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Reverse DNS entries</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Reverse DNS entries are important when you need to find the DNS | 
					
						
							|  |  |  |       name that is associated with a given IP address. Reverse DNS entries are | 
					
						
							|  |  |  |       stored in a separate DNS zone.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind7.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Alias names (CNAME)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Sometimes a DNS entry should simply point to a different DNS entry | 
					
						
							|  |  |  |       (e.g. for migrations). This can be done by adding an alias name.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind8.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Mail servers (MX)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The mail server entries define where mails to a domain should be | 
					
						
							|  |  |  |       delivered. The server with the lowest preference has the highest | 
					
						
							|  |  |  |       priority.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind9.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2013-11-17 10:17:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-26 18:46:36 +00:00
										 |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Text records (TXT)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Text records can be added to store a description or other data | 
					
						
							|  |  |  |       (e.g. SPF information).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind10.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Services (SRV)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Service records can be used to specify which servers provide | 
					
						
							|  |  |  |       common services such as LDAP. Please note that the host name must be | 
					
						
							|  |  |  |       _SERVICE._PROTOCOL (e.g. _ldap._tcp).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Priority: The priority of the target host, lower value means more | 
					
						
							|  |  |  |       preferred.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Weight: A relative weight for records with the same priority. E.g. | 
					
						
							|  |  |  |       weights 20 and 80 for a service will result in 20% queries to the one | 
					
						
							|  |  |  |       server and 80% to the other.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Port: The port number that is used for your service.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Server: DNS name where service can be reached (with dot at the | 
					
						
							|  |  |  |       end).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_bind11.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-17 10:17:33 +00:00
										 |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">File upload</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can upload complete DNS zones via LAM's file upload. Here is | 
					
						
							|  |  |  |       an example for a zone file and the corresponding CSV file.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <table> | 
					
						
							|  |  |  |         <title>Zone file</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <tgroup cols="4"> | 
					
						
							|  |  |  |           <tbody> | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>@</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>SOA</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>ns1.example.com admin.ns1.example.com (1 360000 3600 | 
					
						
							|  |  |  |               3600000 370000)</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>NS</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>ns1.example.com.</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>NS</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>ns2.example.com.</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>MX</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>10 mail1.example.com</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>MX</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>20 mail2.example.com</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>foo</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>A</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>123.123.123.100</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>foo2</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>CNAME</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>foo.example.com</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>bar</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>A</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>123.123.123.101</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>IN</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>AAAA</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>1:2:3:4:5</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  |           </tbody> | 
					
						
							|  |  |  |         </tgroup> | 
					
						
							|  |  |  |       </table> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please check that you have an existing zone entry that can be used | 
					
						
							| 
									
										
										
										
											2013-11-23 13:51:48 +00:00
										 |  |  |       for the file upload. See above to create a new zone.</para> | 
					
						
							| 
									
										
										
										
											2013-11-17 10:17:33 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Hint: If you use the function above to create a new zone then | 
					
						
							|  |  |  |       please skip the "@" entry in the CSV file below. LAM creates this entry | 
					
						
							|  |  |  |       with sample data.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>In this example we assume that the following zone extry | 
					
						
							|  |  |  |       exists:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com | 
					
						
							|  |  |  | dlzzonename: example.com | 
					
						
							|  |  |  | objectclass: dlzZone | 
					
						
							|  |  |  | objectclass: top | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Here is the corresponding CSV file: <ulink | 
					
						
							|  |  |  |       url="resources/bindUpload.csv">bindUpload.csv</ulink></para> | 
					
						
							| 
									
										
										
										
											2013-10-27 17:19:33 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       <title>Aliases (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Some applications use the object class "alias" to link LDAP | 
					
						
							|  |  |  |       entries to other parts of the LDAP tree. Activate the account type | 
					
						
							|  |  |  |       "Aliases" in your LAM server profile to use this account type.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Currently, only user accounts can be aliased with the "uidObject" | 
					
						
							|  |  |  |       object class.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/alias.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2011-05-20 17:40:19 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/alias2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-22 17:28:59 +00:00
										 |  |  |     <section id="mailAliases"> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <title>Mail aliases</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can manage mail aliases (e.g. for NIS) inside LAM. This can be | 
					
						
							|  |  |  |       used to replace local /etc/aliases files with LDAP.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-22 17:28:59 +00:00
										 |  |  |       <para>Note: Use the <link linkend="mailAliasesUser">mail alias user | 
					
						
							|  |  |  |       module</link> to manage mail aliases on user pages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |       <para>All accounts of this type are based on the "nisMailAlias" object | 
					
						
							|  |  |  |       class and may have "cn" and "rfc822MailMember" attributes. To activate | 
					
						
							|  |  |  |       this type please add "Mail aliases" in your LAM server profile:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/nisMailAlias1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-14 18:59:44 +00:00
										 |  |  |       <para>You need to select the Mail aliases module on the next tab.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/nisMailAlias3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The mail aliases will then appear as separate tab inside LAM. You | 
					
						
							|  |  |  |       may then manage the aliases with their names and recipient | 
					
						
							|  |  |  |       addresses.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>There are mail/user icons that allow to select a mail address/user | 
					
						
							|  |  |  |       name from the existing users.</para> | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/nisMailAlias2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-24 20:17:28 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>NIS net groups</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM supports to define NIS netgroups. You can use them e.g. to | 
					
						
							|  |  |  |       restrict SSH access to your machines.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Add the NIS net group account type and its module to your server | 
					
						
							|  |  |  |       profile. Then you can manage net groups in LAM. Net groups may contain | 
					
						
							|  |  |  |       other net groups as child groups. You can either insert the host/user | 
					
						
							|  |  |  |       names manually or print the search buttons next to the input fields to | 
					
						
							|  |  |  |       find existing entries in your directory.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/nisNetgroup.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       <title>NIS objects (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>You can manage NIS objects with LAM Pro. This allows you define | 
					
						
							|  |  |  |       network mount points in LDAP.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Add the NIS objects type to your LAM configuration and then the | 
					
						
							|  |  |  |       NIS objects module. This will add the NIS objects tab to LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/nisObject.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Automount objects (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM Pro allows you to manage automount entries. Please activate | 
					
						
							|  |  |  |       the account type "Automount objects" in your LAM Pro server | 
					
						
							| 
									
										
										
										
											2012-08-13 17:44:42 +00:00
										 |  |  |       profile.</para> | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/automount1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-08-13 17:44:42 +00:00
										 |  |  |       <para>Then add the correct automount module. Usually, this is "Automount | 
					
						
							|  |  |  |       entry (automount)". If you use Suse Linux with RFC2307bis schema please | 
					
						
							|  |  |  |       select "Automount entry (rfc2307bisAutomount)".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/automount3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  |       <para>This will add a new tab to LAM Pro's main screen which includes a | 
					
						
							|  |  |  |       list of all automount entries. Here you can easily create new | 
					
						
							|  |  |  |       entries.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/automount2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please see the following external HowTos for more information on | 
					
						
							|  |  |  |       automounting and LDAP:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><ulink | 
					
						
							|  |  |  |           url="https://help.ubuntu.com/community/AutofsLDAP">AutofsLDAP</ulink></para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><ulink type="" | 
					
						
							|  |  |  |           url="http://www.pro-linux.de/artikel/2/760/automount-ueber-ldap.html">Automount | 
					
						
							|  |  |  |           über LDAP (German)</ulink></para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-09 17:51:11 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Oracle databases (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Oracle allows to manage connection data that is stored in | 
					
						
							|  |  |  |       tnsnames.ora to be stored in an LDAP directory.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Initial setup</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LDAP server setup:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You will need to install the correct Oracle LDAP schema files on | 
					
						
							|  |  |  |       your LDAP server. If you run no Oracle LDAP server then you can get them | 
					
						
							|  |  |  |       (oidbase.schema, oidnet.schema, oidrdbms.schema, alias.schema) e.g. from | 
					
						
							|  |  |  |       <ulink | 
					
						
							|  |  |  |       url="http://www.idevelopment.info/data/Oracle/DBA_tips/LDAP/LDAP_8.shtml">here</ulink>.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Next you need to create the root entry for Oracle. It should look | 
					
						
							|  |  |  |       like this:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <programlisting>dn: cn=OracleContext,dc=example,dc=com | 
					
						
							|  |  |  | objectclass: orclContext | 
					
						
							|  |  |  | cn: OracleContext</programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can create it with LAM's tree view. Please note that "cn" must | 
					
						
							|  |  |  |       be set to "OracleContext".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM setup:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Edit your LAM server profile and add the Oracle account | 
					
						
							|  |  |  |       type:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_oracle1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>In case you manage a single Oracle context just enter the | 
					
						
							|  |  |  |       cn=OracleContext entry as LDAP suffix. If you manage multiple Oracle | 
					
						
							|  |  |  |       context entries then set the LDAP suffix to a parent entry of | 
					
						
							|  |  |  |       them.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_oracle2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Next, add the Oracle module:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_oracle3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now you can login to LAM and start to add database | 
					
						
							|  |  |  |       entries.<literallayout> | 
					
						
							|  |  |  | </literallayout></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Managing database entries</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Each database has a service name, the connection string and an | 
					
						
							|  |  |  |       optional description.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_oracle4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Database client setup for | 
					
						
							|  |  |  |       LDAP</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You need to activate the LDAP adapter to make the database tools | 
					
						
							|  |  |  |       reading LDAP. Edit network/admin/sqlnet.ora like this:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <programlisting>NAMES.DIRECTORY_PATH= (TNSNAMES, LDAP)</programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add a file called ldap.ora next to your sqlnet.ora and set | 
					
						
							|  |  |  |       the LDAP server and DN suffix where cn=OracleContext is stored:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <programlisting>DIRECTORY_SERVERS= (ldap.example.com:389:636) | 
					
						
							|  |  |  | DEFAULT_ADMIN_CONTEXT = "ou=ctx1,ou=oracle,o=test,c=de" | 
					
						
							|  |  |  | DIRECTORY_SERVER_TYPE = OID</programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This will allow e.g. tnsping to get the connection data from | 
					
						
							|  |  |  |       LDAP:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <programlisting>[oracle@oracle bin]$ tnsping mydb | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | TNS Ping Utility for Linux: Version 12.1.0.1.0 - Production on 09-FEB-2014 18:06:54 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Copyright (c) 1997, 2013, Oracle.  All rights reserved. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Used parameter files: | 
					
						
							|  |  |  | /home/oracle/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Used <emphasis role="bold">LDAP</emphasis> adapter to resolve the alias | 
					
						
							| 
									
										
										
										
											2014-02-09 18:10:34 +00:00
										 |  |  | Attempting to contact (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=mydb.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=orcl))) | 
					
						
							| 
									
										
										
										
											2014-02-09 17:51:11 +00:00
										 |  |  | OK (10 msec)</programlisting> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |     <section id="a_ppolicy"> | 
					
						
							|  |  |  |       <title>Password policies (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>OpenLDAP supports the <ulink | 
					
						
							|  |  |  |       url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay | 
					
						
							|  |  |  |       to manage password policies for LDAP entries. This allows you to set | 
					
						
							|  |  |  |       password policies which are independent from your applications. The | 
					
						
							|  |  |  |       policies are managed internally by the LDAP server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can manage these policies with LAM Pro with the account type | 
					
						
							|  |  |  |       "Password policies".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/ppolicy.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You will need to add the ppolicy schema to your OpenLDAP | 
					
						
							|  |  |  |       configuration and activate the <ulink | 
					
						
							|  |  |  |       url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay | 
					
						
							|  |  |  |       module in slapd.conf to use this feature.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>PyKota printers</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please add the account type "Printers (PyKota printers)" on tab | 
					
						
							|  |  |  |       "Account types" in your server profile and setup the LDAP suffix where | 
					
						
							|  |  |  |       printers are stored.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaPrinter1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaPrinter2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add the PyKota printer module on tab "Account | 
					
						
							|  |  |  |       modules".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaPrinter3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Next you can start managing printers inside LAM. Here you can | 
					
						
							|  |  |  |       setup the costs for a print job. LAM will also show if the printer is | 
					
						
							|  |  |  |       member of any printer groups.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaPrinter4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can also setup printer groups. Just add some members to your | 
					
						
							|  |  |  |       new group.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaPrinter5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>PyKota billing codes</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please add the account type "Billing codes" on tab "Account types" | 
					
						
							|  |  |  |       in your server profile and setup the LDAP suffix where billing codes are | 
					
						
							|  |  |  |       stored.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaCode1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaCode2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then add the PyKota billing code module on tab "Account | 
					
						
							|  |  |  |       modules".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaCode3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now login to LAM and you will see the billing code tab where you | 
					
						
							|  |  |  |       can manage your entries. If jobs were printed with a billing code then | 
					
						
							|  |  |  |       you will also see the balance and page count.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_pykotaCode4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Custom fields (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This module allows you to manage LDAP attributes that are not | 
					
						
							|  |  |  |       covered by the other LAM modules (e.g. if you use custom LDAP schemas). | 
					
						
							|  |  |  |       You can fully define how your input fields look like:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Label</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>LDAP attribute name</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Unique name for field</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-06 19:19:29 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Help text</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Read-only display</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Field type: text, password, text area, checkbox, radio | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  |           buttons, select list, file upload</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Validation via regular expression</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Error message if validation fails</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Limitations:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Custom fields cannot manage</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>structural object classes</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>attributes that require validation rules across multiple | 
					
						
							|  |  |  |           attributes or cannot be described by a simple regular | 
					
						
							|  |  |  |           expression</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Activating the custom fields | 
					
						
							|  |  |  |       module:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You may specify custom fields for all of your account types. | 
					
						
							|  |  |  |       Please enter tab "Modules" in your server profile. Now activate the | 
					
						
							|  |  |  |       "Custom fields (customFields)" module for all needed account | 
					
						
							|  |  |  |       types.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields14.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							| 
									
										
										
										
											2013-09-29 08:08:56 +00:00
										 |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Setting label and icon:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You may set the label that is displayed e.g. on the tab when | 
					
						
							|  |  |  |       editing an account. It is also possible to specify an icon (must be a | 
					
						
							|  |  |  |       valid URL like "/images/icon.png" or "http://server/images/icon.png"). | 
					
						
							|  |  |  |       The icon size should be 32x32 pixels.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM will display a default icon and "Custom fields" as label if | 
					
						
							|  |  |  |       you do not enter any values.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-08 16:37:16 +00:00
										 |  |  |       <para>You may also specify how LAM displays cutom fields when there are | 
					
						
							|  |  |  |       multiple field groups. The default is accordion view where you can | 
					
						
							|  |  |  |       switch field groups by clicking on the title. You may also deactivate | 
					
						
							|  |  |  |       this mode. Then all field groups are displayed one below the | 
					
						
							|  |  |  |       other.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-29 08:08:56 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields25.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Defining groups:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>All input fields are devided into groups. A group may contain one | 
					
						
							|  |  |  |       or more object classes and allows you to add/remove a certain set of | 
					
						
							|  |  |  |       input fields.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>E.g. you may define two groups - "My application A" and "My | 
					
						
							|  |  |  |       application B" - that manage different LDAP attributes and object | 
					
						
							|  |  |  |       classes. This way you will be able to control both attribute sets | 
					
						
							|  |  |  |       independently.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>To create a group please edit your server profile and switch to | 
					
						
							|  |  |  |       tab "Module settings". You will see the section "Custom fields" which | 
					
						
							|  |  |  |       allows you to add new groups. Now select your account type (e.g. Users) | 
					
						
							|  |  |  |       and specify an alias for your group. This alias will be printed as group | 
					
						
							|  |  |  |       header when you later edit an account in the admin interface.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields15.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>After you created your new group you can setup the managed object | 
					
						
							|  |  |  |       classes. If you specify any object classes then you will later be able | 
					
						
							|  |  |  |       to add/remove a complete set of attributes including their object | 
					
						
							|  |  |  |       classes.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Skipping the object classes field is only useful if you want to | 
					
						
							|  |  |  |       manage some attributes that are not yet supported by LAM but there is | 
					
						
							|  |  |  |       already a LAM module that manages the object class.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields16.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The group may look like when you edit a user.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields19.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields20.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Adding fields:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now you can add a new field that manages an LDAP attribute. Simply | 
					
						
							|  |  |  |       fill the fields and press on "Add".</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Please note that the field name cannot be changed later. It is the | 
					
						
							|  |  |  |       unique ID for this field.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |             <imagedata fileref="images/customFields17.png" /> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Examples for fields and their representation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Text field:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Text fields allow to specify a <link | 
					
						
							|  |  |  |       linkend="customFields_validation_expressions_admin">validation | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |       expression</link> and error message.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 10:54:03 +00:00
										 |  |  |       <para>You can also enable auto-completion. In this case LAM will search | 
					
						
							|  |  |  |       all accounts for the given attribute and provide auto-completion hints | 
					
						
							|  |  |  |       when the user edits this field. This should only be used if there is a | 
					
						
							|  |  |  |       limited number of different values for this attribute.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Password field:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can also manage custom password fields. LAM Pro will display | 
					
						
							|  |  |  |       two fields where the user must enter the same password. You can hash the | 
					
						
							|  |  |  |       password if needed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Text area:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This adds a multi-line field. The options are similar to text | 
					
						
							|  |  |  |       fields. Additionally, you can set the size with the number of columns | 
					
						
							|  |  |  |       and rows.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please note that the <link | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       linkend="customFields_validation_expressions_admin">validation | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |       expression</link> should be set to multi-line. This is done by adding | 
					
						
							|  |  |  |       "m" at the end.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields6.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields7.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Checkbox:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Sometimes you may want to allow only yes/no values for your LDAP | 
					
						
							|  |  |  |       attributes. This can be represented by a checkbox. You can specify the | 
					
						
							|  |  |  |       values for checked and unchecked. The default value is set if the LDAP | 
					
						
							|  |  |  |       attribute has no value.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields8.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields9.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Radio buttons:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This displays a list of radio buttons where the user can select | 
					
						
							|  |  |  |       one value.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can specify a mapping of LDAP attribute values and their | 
					
						
							|  |  |  |       display (label) on the Self Service page. To add more mapping fields | 
					
						
							|  |  |  |       please press "Add more mapping fields".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields10.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields11.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Select list:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Select lists allow the user to select a value in a large list of | 
					
						
							|  |  |  |       options. The definition of the possible values and their display is | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       similar to radio buttons.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can also allow multiple values.</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields12.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields13.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields18.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para id="customFields_validation_expressions_admin"><emphasis | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |       role="bold">Validation expressions:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The validation expressions follow the standard of <ulink | 
					
						
							|  |  |  |       url="http://perldoc.perl.org/perlre.html">Perl regular | 
					
						
							|  |  |  |       expressions</ulink>. They start and end with a "/". The beginning of a | 
					
						
							|  |  |  |       line is specified by "^" and the end by "$".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Examples:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>/^[a-z0-9]+$/ allows small letters and numbers. The value must not | 
					
						
							|  |  |  |       be empty ("+").</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>/^[a-z0-9]+$/i allows small and capital letters ("i" at the end | 
					
						
							|  |  |  |       means ignore case) and numbers. The value must not be empty | 
					
						
							|  |  |  |       ("+").</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Special characters that must be escaped with "\": "\", ".", "(", | 
					
						
							|  |  |  |       ")"</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>E.g. /^[a-z0-9\.]$/i</para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">File upload:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This is used for binary data. You can restrict uploaded data to a | 
					
						
							|  |  |  |       given file extension and set the maximum file size.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields21.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Presentation:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The uploaded data may also be downloaded via LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customFields22.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2012-05-17 10:06:00 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |       <title>Custom scripts (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM Pro allows you to execute scripts whenever an account is | 
					
						
							|  |  |  |       created, modified or deleted. This can be useful to automate processes | 
					
						
							|  |  |  |       which needed manual work afterwards (e.g. sending your user a welcome | 
					
						
							| 
									
										
										
										
											2012-06-05 19:09:22 +00:00
										 |  |  |       mail or register a mailbox). Additionally, you can specify manual scipts | 
					
						
							|  |  |  |       that can be executed from within LAM Pro.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>To activate this feature please add the "Custom scripts" module to | 
					
						
							|  |  |  |       all needed account types on the configuration pages.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>You can specify multiple scripts for each action type (e.g. | 
					
						
							|  |  |  |       modify) and account type (e.g. user). The scripts need to be located on | 
					
						
							|  |  |  |       the filesystem of your webserver and will be executed in its user | 
					
						
							|  |  |  |       environment. E.g. if you webserver runs as user www-data with the group | 
					
						
							|  |  |  |       www-data then the custom scripts will be run under this user with his | 
					
						
							|  |  |  |       rights. The output of the scripts will be shown in LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can specify the scripts on the LAM configuration pages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customScripts.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Syntax:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please enter one script per line. Each line has the following | 
					
						
							|  |  |  |       format: <account type> <action> <script></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>E.g.: user preModify /usr/bin/myCustomScript -u $uid$</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Account types:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can setup scripts for all available account types (e.g. user, | 
					
						
							|  |  |  |       group, host, ...). Please see the help on the configuration page about | 
					
						
							|  |  |  |       your current active account types.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Actions:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <table> | 
					
						
							|  |  |  |         <title>Action types</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <tgroup cols="2"> | 
					
						
							|  |  |  |           <tbody> | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry><emphasis role="bold">Action name</emphasis></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry><emphasis role="bold">Description</emphasis></entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>preCreate</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>executed before creating a new account (cancels operation | 
					
						
							| 
									
										
										
										
											2012-01-15 14:15:56 +00:00
										 |  |  |               if a script returns an exit code > 0, not available for file | 
					
						
							|  |  |  |               upload)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>postCreate</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-30 18:50:56 +00:00
										 |  |  |               <entry>executed after creating a new account (does <emphasis | 
					
						
							|  |  |  |               role="bold">not</emphasis> run if preCreate or LDAP operations | 
					
						
							|  |  |  |               fail)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>preModify</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-30 18:50:56 +00:00
										 |  |  |               <entry>executed before an account is modified (cancels operation | 
					
						
							|  |  |  |               if a script returns an exit code > 0)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>postModify</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-30 18:50:56 +00:00
										 |  |  |               <entry>executed after an account was modified (does <emphasis | 
					
						
							|  |  |  |               role="bold">not</emphasis> run if preModify or LDAP operations | 
					
						
							|  |  |  |               fail)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>preDelete</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-30 18:50:56 +00:00
										 |  |  |               <entry>executed before an account is modified (cancels operation | 
					
						
							|  |  |  |               if a script returns an exit code > 0)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>postDelete</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-30 18:50:56 +00:00
										 |  |  |               <entry>executed after an account was modified (does <emphasis | 
					
						
							|  |  |  |               role="bold">not</emphasis> run if preDelete or LDAP operations | 
					
						
							|  |  |  |               fail)</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |             </row> | 
					
						
							| 
									
										
										
										
											2012-06-05 19:09:22 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <row> | 
					
						
							|  |  |  |               <entry>manual</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <entry>can be run manually on account page</entry> | 
					
						
							|  |  |  |             </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           </tbody> | 
					
						
							|  |  |  |         </tgroup> | 
					
						
							|  |  |  |       </table> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Script:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can execute any script which is located on the filesystem of | 
					
						
							|  |  |  |       your webserver. The path may be absolute or relative to the | 
					
						
							|  |  |  |       PATH-variable of the environment of your webserver process. It is also | 
					
						
							|  |  |  |       possible to add commandline arguments to your scripts. Additionally, LAM | 
					
						
							|  |  |  |       will resolve wildcards to LDAP attributes. If your script includes an | 
					
						
							|  |  |  |       wildcard in the format $ATTRIBUTE$ then LAM will replace it with the | 
					
						
							|  |  |  |       attribute value of the current LDAP entry. The values of multi-value | 
					
						
							|  |  |  |       attributes are separated by commas. E.g. if you create an account with | 
					
						
							|  |  |  |       the attribute "uid" and value "steve" then LAM will resolve "$uid$" to | 
					
						
							|  |  |  |       "steve".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-05 19:09:22 +00:00
										 |  |  |       <para>Please note that manual scripts can only use the current LDAP | 
					
						
							|  |  |  |       attribute values of the account. Any modifications done that are not | 
					
						
							|  |  |  |       saved will not be available. Manual scripts are also not available for | 
					
						
							|  |  |  |       new accounts that are not yet saved to LDAP.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  |       <para>You can switch LAM's logging to debug mode if you are unsure which | 
					
						
							|  |  |  |       attributes with which values are available.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-05 19:09:22 +00:00
										 |  |  |       <para>The following special wildcards are available for automatical | 
					
						
							|  |  |  |       scripts:</para> | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">$INFO.userPasswordClearText$:</emphasis> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |           cleartext password when Unix/Windows password is changed (e.g. | 
					
						
							|  |  |  |           useful for external password synchronisation) for new/modified | 
					
						
							|  |  |  |           accounts</para> | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis | 
					
						
							|  |  |  |           role="bold">$INFO.userPasswordStatusChange$:</emphasis> provides | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  |           additional information if the Unix password locking status was | 
					
						
							|  |  |  |           changed, possible values: locked, unlocked, unchanged</para> | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-15 09:52:30 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis | 
					
						
							|  |  |  |           role="bold">$INFO.passwordSelfResetAnswerClearText$</emphasis>: | 
					
						
							|  |  |  |           cleartext answer to security question</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">$NEW.<attribute>$:</emphasis> the | 
					
						
							|  |  |  |           value of a new attribute (e.g. $NEW.telephoneNumber$) for modified | 
					
						
							|  |  |  |           accounts</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">$DEL.<attribute>$:</emphasis> the | 
					
						
							|  |  |  |           value of a deleted attribute (e.g. $DEL.telephoneNumber$) for | 
					
						
							|  |  |  |           modified accounts</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">$MOD.<attribute>$:</emphasis> the | 
					
						
							|  |  |  |           new value of a modified attribute (e.g. $MOD.telephoneNumber$) for | 
					
						
							|  |  |  |           modified accounts</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2012-07-25 19:17:37 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">$ORIG.<attribute>$:</emphasis> the | 
					
						
							|  |  |  |           original value of an attribute (e.g. $ORIG.telephoneNumber$) for | 
					
						
							|  |  |  |           modified accounts</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2011-02-26 13:14:10 +00:00
										 |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-05-02 17:17:32 +00:00
										 |  |  |       <para><emphasis role="bold">Output may contain HTML:</emphasis> If your | 
					
						
							|  |  |  |       scripts generate HTML output then activate this option.</para> | 
					
						
							| 
									
										
										
										
											2010-04-04 11:13:22 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-05-02 17:17:32 +00:00
										 |  |  |       <para><emphasis role="bold">Hide command in messages:</emphasis> You may | 
					
						
							|  |  |  |       want to prevent that your users see the executed commands. In this case | 
					
						
							| 
									
										
										
										
											2010-04-04 11:13:22 +00:00
										 |  |  |       activating this option will only show the command output but not the | 
					
						
							|  |  |  |       command itself.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para></para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-05 19:09:22 +00:00
										 |  |  |       <para>You can see a preview of the commands which will be automatically | 
					
						
							|  |  |  |       executed on the "Custom scripts" tab. Here you can also run the manual | 
					
						
							|  |  |  |       scripts.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/customScripts2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-23 17:52:26 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Sudo roles (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can manage your sudo roles in LDAP if you have installed the | 
					
						
							|  |  |  |       sudo-ldap package or <ulink | 
					
						
							|  |  |  |       url="http://www.sudo.ws/sudo/readme_ldap.html">compiled sudo with LDAP | 
					
						
							|  |  |  |       support</ulink>. To activate sudo management in LAM Pro edit your server | 
					
						
							|  |  |  |       profile and add the type "Sudo roles".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/sudoRole.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The sudo roles in LDAP work similar to those in /etc/sudoers. You | 
					
						
							|  |  |  |       can specify who may run which commands as which user. It is also | 
					
						
							|  |  |  |       possible to specify options like NOPASSWD.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-26 17:37:39 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>General information</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This module is available for all account types. It shows some | 
					
						
							|  |  |  |       internal information about the LDAP entries like the creation time and | 
					
						
							|  |  |  |       who modified the entry.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you use the "memberOf" overlay in OpenLDAP then this will also | 
					
						
							|  |  |  |       show group memberships done by the overlay.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/mod_generalInformation.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     <section> | 
					
						
							| 
									
										
										
										
											2010-02-16 19:11:10 +00:00
										 |  |  |       <title>Tree view (LDAP browser)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>The tree view provides a raw view on your LDAP directory. This | 
					
						
							|  |  |  |       feature is for people who are experienced with LDAP and need special | 
					
						
							|  |  |  |       functionality which the LAM account modules not provide. E.g. if you | 
					
						
							|  |  |  |       want to add a special object class to an account or edit attributes | 
					
						
							|  |  |  |       ignoring LAM's syntax checks.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/tree1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>There are also some special functions available:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Export:</emphasis> This allows you to export | 
					
						
							|  |  |  |       entries to a file (e.g. LDIF or CSV format).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Show internal attributes:</emphasis> Shows | 
					
						
							|  |  |  |       internal attributes of the current entry. This includes information | 
					
						
							|  |  |  |       about the creator and creation time of the entry.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |   <chapter> | 
					
						
							|  |  |  |     <title>Tools</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section id="a_accountProfile"> | 
					
						
							|  |  |  |       <title>Profile editor</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <para>The account profiles are templates for your accounts. Here you can | 
					
						
							|  |  |  |       specify default values which can then be loaded when you create | 
					
						
							|  |  |  |       accounts. You may also load a template for an existing account to reset | 
					
						
							|  |  |  |       it to default values. When you create a new account then LAM will always | 
					
						
							|  |  |  |       load the profile named <emphasis role="bold">"default"</emphasis>. This | 
					
						
							|  |  |  |       account profile can include default values for all your accounts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-28 10:46:04 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/profileEditor2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can enter the LDAP suffix, RDN identifier and various other | 
					
						
							|  |  |  |       attributes depending on account type and activated modules.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/profileEditor.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2012-10-28 10:46:04 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Import/export:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Profiles can be exported to and imported from other server | 
					
						
							|  |  |  |       profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/profileEditor3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/profileEditor4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>There is a special export target called "*Global templates". All | 
					
						
							|  |  |  |       profiles exported here will be copied to all other server profiles | 
					
						
							|  |  |  |       (incl. new ones). But existing profiles with the same name are not | 
					
						
							|  |  |  |       overwritten. So a profile in global templates is treated as default | 
					
						
							|  |  |  |       profile for all server profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Use this if you would like to setup default profiles that are | 
					
						
							|  |  |  |       valid for all server profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/profileEditor5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>File upload</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <para>When you need to create lots of accounts then you can use LAM's | 
					
						
							|  |  |  |       file upload to create them. LAM will read a CSV formatted file and | 
					
						
							|  |  |  |       create the related LDAP entries. Please check the data in you CSV file | 
					
						
							|  |  |  |       carefully. LAM will do less checks for the file upload than for single | 
					
						
							|  |  |  |       account creation.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>At the first page please select the account type and what | 
					
						
							|  |  |  |       extensions should be activated.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/fileUpload1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The next page shows all available options for the file upload. You | 
					
						
							|  |  |  |       will also find a sample CSV file which can be used as template for your | 
					
						
							|  |  |  |       CSV file. All red options are required columns in the file. You need to | 
					
						
							|  |  |  |       specify a value for each account.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>When you upload the CSV file then LAM first does some checks on | 
					
						
							|  |  |  |       this file. This includes syntax checks and if all required data was | 
					
						
							|  |  |  |       entered. No changes in the LDAP directory are done at this time.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If the checks were successful then LAM will ask again if you want | 
					
						
							|  |  |  |       to create the accounts. You will also have the chance to check the | 
					
						
							|  |  |  |       upload by viewing the changes in LDIF format.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/fileUpload2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-23 13:51:48 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title id="toolMultiEdit">Multi edit</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This tool allows you to modify a large list of LDAP entries in | 
					
						
							|  |  |  |       batch mode. You can add new attributes/object classes, remove attributes | 
					
						
							|  |  |  |       and set attributes to a specific value.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>At the beginning, you need to specify where the entries are stored | 
					
						
							|  |  |  |       that should be changed. You can select an account suffix, the tree | 
					
						
							|  |  |  |       suffix or enter your own DN by selecting "Other".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Next, enter an additional LDAP filter to limit the entries that | 
					
						
							|  |  |  |       should be changed. E.g. use "(objectclass=inetOrgPerson)" to filter for | 
					
						
							|  |  |  |       users. You may also enter e.g. "(!(objectClass=passwordSelfReset))" to | 
					
						
							|  |  |  |       match all accounts that do not yet have the <link | 
					
						
							|  |  |  |       linkend="passwordSelfResetUser">password self reset</link> | 
					
						
							|  |  |  |       feature.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now, it is time to define the changes that should be done. The | 
					
						
							|  |  |  |       following operations are possible:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Add: Adds an attribute value if not yet existing. Please do | 
					
						
							|  |  |  |           not use for single-value attributes that already have a | 
					
						
							|  |  |  |           value.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Modify: Sets an attribute to the given value. If the attribute | 
					
						
							|  |  |  |           does not yet exist then it is added. If the attribute has multiple | 
					
						
							|  |  |  |           values then all other values are removed.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Delete: Deletes the specified value from this attribute. If | 
					
						
							|  |  |  |           you leave the value field blank then all attribute values are | 
					
						
							|  |  |  |           removed.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please note that all actions are run as separate LDAP commands. | 
					
						
							|  |  |  |       You cannot add an object class and a required attribute at the same | 
					
						
							|  |  |  |       time.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/multiEdit1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Dry run</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You should always start with a dry run. It will not do any changes | 
					
						
							|  |  |  |       to your LDAP directory but print out all modifications that will be | 
					
						
							|  |  |  |       done. You will also be able to download the changes in LDIF format to | 
					
						
							|  |  |  |       use with ldapmodify. This is useful if you want to adjust some actions | 
					
						
							|  |  |  |       manually.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/multiEdit2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Apply changes</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This will run the actions against your LDAP directory. You will | 
					
						
							|  |  |  |       see which accounts are edited in the progress area and also if any | 
					
						
							|  |  |  |       errors occured.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/multiEdit3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>OU editor</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <para>This is a simple editor to add/delete organisational units in your | 
					
						
							|  |  |  |       LDAP tree. This way you can structure the accounts.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/ouEditor.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>PDF editor</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <para>All accounts in LAM may be exported as PDF files. You can specify | 
					
						
							|  |  |  |       the page structure and displayed information by editing the PDF | 
					
						
							|  |  |  |       profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-28 10:46:04 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  |       <para>When you export accounts to PDF then each account will get its own | 
					
						
							|  |  |  |       page inside the PDF. There is a headline on each page where you can show | 
					
						
							| 
									
										
										
										
											2013-10-08 19:19:05 +00:00
										 |  |  |       a page title. You may also add a logo to each page. To add more logos | 
					
						
							|  |  |  |       please use the logo management on the PDF editor main page.</para> | 
					
						
							| 
									
										
										
										
											2010-03-13 15:26:06 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The main part is structured into sections of information. Each | 
					
						
							|  |  |  |       section has a title. This can either be static text or the value of an | 
					
						
							|  |  |  |       attribute. You may also insert a static text block as section. Sections | 
					
						
							|  |  |  |       can be moved by using the arrows next to the section title.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Each section can contain multiple fields which usually represent | 
					
						
							|  |  |  |       LDAP attributes. You can simply add new fields by selecting the field | 
					
						
							|  |  |  |       name and its position. Then use the arrows to move the field inside the | 
					
						
							|  |  |  |       section.</para> | 
					
						
							| 
									
										
										
										
											2012-10-28 10:46:04 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Import/export:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>PDF structures can be exported to and imported from other server | 
					
						
							|  |  |  |       profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor4.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>There is a special export target called "*Global templates". All | 
					
						
							|  |  |  |       PDF structures exported here will be copied to all other server profiles | 
					
						
							|  |  |  |       (incl. new ones). But existing PDF structures with the same name are not | 
					
						
							|  |  |  |       overwritten. So a PDF structure in global templates is treated as | 
					
						
							|  |  |  |       default structure for all server profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Use this if you would like to setup default PDF structures that | 
					
						
							|  |  |  |       are valid for all server profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor5.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2013-10-08 19:19:05 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Logo management:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You can upload image files to put a custom logo on the PDF files. | 
					
						
							|  |  |  |       The image file name must end with .png or .jpg and the size must not | 
					
						
							|  |  |  |       exceed 2000x300px.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/pdfEditor6.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Schema browser</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Here you browse the schema of your LDAP server. You can view what | 
					
						
							|  |  |  |       object classes, attributes, syntaxes and matching rules are available. | 
					
						
							|  |  |  |       This is useful if you need to check if a certain object class is | 
					
						
							|  |  |  |       available.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/schemaBrowser.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Server information</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-03 18:21:02 +00:00
										 |  |  |       <para>This shows information and statistics about your LDAP server. This | 
					
						
							|  |  |  |       includes the suffixes, used overlays, connection data and operation | 
					
						
							|  |  |  |       statistics. You will need "cn=monitor" setup to see all details. Some | 
					
						
							|  |  |  |       data may not be available depending on your LDAP server software.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please see the following links how to setup "cn=monitor":</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><ulink | 
					
						
							|  |  |  |           url="http://www.openldap.org/doc/admin24/monitoringslapd.html">OpenLDAP</ulink></para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><ulink type="" | 
					
						
							|  |  |  |           url="http://directory.fedoraproject.org/wiki/Howto:CN%3DMonitor_LDAP_Monitoring">389 | 
					
						
							|  |  |  |           server</ulink></para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/serverInfo.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Tests</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This allows you to check if your LDAP schema is compatible with | 
					
						
							|  |  |  |       LAM and to find possible problems.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Lamdaemon test</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM provides an external script to manage home directories and | 
					
						
							|  |  |  |         quotas. You can test here if everything is setup correctly.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-09-29 10:56:18 +00:00
										 |  |  |         <para>If you get an error like "no tty present and no askpass program | 
					
						
							|  |  |  |         specified" then the path to the lamdaemon.pl may be wrong. Please see | 
					
						
							|  |  |  |         the <link linkend="a_lamdaemon">lamdaemon installation | 
					
						
							|  |  |  |         instructions</link> for setup details.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-13 13:59:20 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/lamdaemonTest.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Schema test</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This will test if your LDAP schema supports all object classes | 
					
						
							|  |  |  |         and attributes of the active LAM modules. If you get a message that | 
					
						
							|  |  |  |         something is missing please check that you installed all <link | 
					
						
							|  |  |  |         linkend="a_schema">required schemas</link>.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you get error messages about object class violations then | 
					
						
							|  |  |  |         this test can tell you what is missing.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/schemaTest.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-20 17:25:25 +00:00
										 |  |  |   <chapter id="a_accessLevelPasswordReset"> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |     <title>Access levels and password reset page (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para>You can define different access levels for each profile to allow or | 
					
						
							|  |  |  |     disallow write access. The password reset page helps your deskside support | 
					
						
							|  |  |  |     staff to reset user passwords.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title id="s_accessLevel">Access levels</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>There are three access levels:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Write access (default)</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>There are no restrictions. LAM admin users can manage account, | 
					
						
							|  |  |  |           create profiles and set passwords.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Change passwords</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Similar to "Read only" except that the <link | 
					
						
							|  |  |  |           linkend="s_pwdReset">password reset page</link> is available.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Read only</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>No write access to the LDAP database is allowed. It is also | 
					
						
							|  |  |  |           impossible to manage account and PDF profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Accounts may be viewed but no changes can be saved.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The access level can be set on the server configuration | 
					
						
							|  |  |  |       page:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/accessLevel.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot></para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section id="s_pwdReset"> | 
					
						
							|  |  |  |       <title>Password reset page</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This special page allows your deskside support staff to reset the | 
					
						
							| 
									
										
										
										
											2012-05-27 20:37:26 +00:00
										 |  |  |       Unix and Samba passwords of your users. Account may also be (un)locked | 
					
						
							|  |  |  |       If you set the <link linkend="s_accessLevel">access level</link> to | 
					
						
							|  |  |  |       "Change passwords" then LAM will not allow any changes to the LDAP | 
					
						
							|  |  |  |       database except password changes via this page. The account pages will | 
					
						
							|  |  |  |       be still available in read-only mode.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>You can open the password reset page by clicking on the key symbol | 
					
						
							|  |  |  |       on each user account:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordReset1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot>There are three different options to set a new | 
					
						
							|  |  |  |       password:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">set random password and display it on | 
					
						
							|  |  |  |           screen</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>This will set the user's password to a random value. The | 
					
						
							|  |  |  |           password will be 11 characters long with a random combination of | 
					
						
							|  |  |  |           letters, digits and ".-_".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>You may want to use this method to tell users their new | 
					
						
							|  |  |  |           passwords via phone.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">set random password and mail it to | 
					
						
							|  |  |  |           user</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>If the user account has set the mail attribute then LAM can | 
					
						
							|  |  |  |           send your user a mail with the new password. You can change the mail | 
					
						
							| 
									
										
										
										
											2011-04-26 17:55:37 +00:00
										 |  |  |           template to fit your needs. Please configure your LAM server profile | 
					
						
							| 
									
										
										
										
											2013-10-16 16:48:59 +00:00
										 |  |  |           to setup the sender address, subject and mail body. Please see <link | 
					
						
							|  |  |  |           linkend="mailEOL">email format option</link> in case of broken | 
					
						
							| 
									
										
										
										
											2014-01-12 15:27:07 +00:00
										 |  |  |           mails. See <link linkend="mailSetup">here</link> for setting up your | 
					
						
							|  |  |  |           SMTP server.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <para>Using this method will prevent that your support staff knows | 
					
						
							|  |  |  |           the new password.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">set specific password</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Here you can specify your own password.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/passwordReset2.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM will display contact information about the user like the | 
					
						
							|  |  |  |       user's name, email address and telephone number. This will help your | 
					
						
							|  |  |  |       deskside support to easily contact your users.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Options:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Depending on the account there may be additional options | 
					
						
							|  |  |  |       available.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Sync Samba NT/LM password with Unix | 
					
						
							|  |  |  |           password:</emphasis> If a user account has Samba passwords set then | 
					
						
							|  |  |  |           LAM will offer to synchronize the passwords.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Unlock Samba account:</emphasis> Locked | 
					
						
							|  |  |  |           Samba accounts can be unlocked with the password change.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Update Samba password | 
					
						
							|  |  |  |           timestamps:</emphasis> This will set the timestamps when the | 
					
						
							| 
									
										
										
										
											2013-08-22 16:46:32 +00:00
										 |  |  |           password was changed (sambaPwdLastSet). Only existing attributes are | 
					
						
							|  |  |  |           updated. No new attributes are added.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2012-01-21 21:21:46 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-07 19:31:10 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Sync Kerberos password with Unix | 
					
						
							|  |  |  |           password:</emphasis> This will also update the Heimdal Kerberos | 
					
						
							|  |  |  |           password.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-21 21:21:46 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Sync Asterisk (voicemail) password with | 
					
						
							|  |  |  |           Unix password:</emphasis> Changes also the Asterisk | 
					
						
							|  |  |  |           passwords.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">Force password change:</emphasis> This | 
					
						
							|  |  |  |           will force the user to change his password at next login. This | 
					
						
							|  |  |  |           option supports Shadow, Samba 3 and PPolicy (automatically | 
					
						
							|  |  |  |           detected).</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-27 20:37:26 +00:00
										 |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Account (un)locking:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Depending if the account includes a Unix/Samba extension and | 
					
						
							|  |  |  |       PPolicy is activated the page will show options to (un)lock the account. | 
					
						
							|  |  |  |       E.g. if the account is fully unlocked then there will be no unlocking | 
					
						
							|  |  |  |       options printed.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/passwordReset3.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-01 19:00:21 +00:00
										 |  |  |   <chapter id="a_selfService"> | 
					
						
							| 
									
										
										
										
											2010-02-28 14:37:30 +00:00
										 |  |  |     <title>Self service (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Preparations</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>OpenLDAP ACLs</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>By default only a few administrative users have write access to | 
					
						
							|  |  |  |         the LDAP database. Before your users may change their settings you | 
					
						
							|  |  |  |         must allow them to change their LDAP data.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 15:54:49 +00:00
										 |  |  |         <para>Hint: The ACLs below are not required if you decide to run all | 
					
						
							|  |  |  |         operations as the LDAP bind user (option "Use for all | 
					
						
							|  |  |  |         operations").</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-12 17:27:08 +00:00
										 |  |  |         <para>This can be done by adding ACLs to your slapd.conf or | 
					
						
							|  |  |  |         slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to | 
					
						
							|  |  |  |         these:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">access to</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> attrs=userPassword</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> by self write</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> by anonymous auth</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> by * none</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">access to</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> | 
					
						
							| 
									
										
										
										
											2013-02-12 17:27:08 +00:00
										 |  |  |         attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,roomNumber,shadowLastChange</emphasis></para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold"> by self write</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-11-01 19:24:49 +00:00
										 |  |  |         <para><emphasis role="bold"> by * read</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |         <para>If you do not want them to change all attributes then reduce the | 
					
						
							|  |  |  |         list to fit your needs. Some modules may require additional LDAP | 
					
						
							| 
									
										
										
										
											2011-11-01 20:01:36 +00:00
										 |  |  |         attributes. You can use the tree view to get the technical attribute | 
					
						
							|  |  |  |         names e.g. by selecting an user account.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para>Usually, the slapd.conf file is located in /etc/ldap or | 
					
						
							|  |  |  |         /etc/openldap.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Other LDAP servers</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>There exist many LDAP implementations. If you do not use | 
					
						
							|  |  |  |         OpenLDAP you need to write your own ACLs. Please check the manual of | 
					
						
							|  |  |  |         your LDAP server for instructions.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Creating a self service profile</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>A self service profile defines what input fields your users see | 
					
						
							|  |  |  |       and some other general settings like the login caption.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>When you go to the LAM configuration page you will see the self | 
					
						
							|  |  |  |       service link at the bottom. This will lead you to the self service | 
					
						
							|  |  |  |       configuration pages</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |             <imagedata fileref="images/conf1.png" /> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now we need to create a new self service profile. Click on the | 
					
						
							|  |  |  |       link to manage the self service profiles.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |             <imagedata fileref="images/conf2.png" /> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |       <para>Specify a name for the new profile and enter your master | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |       configuration password (default is "lam") to save the profile.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |             <imagedata fileref="images/conf3.png" /> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Now go back to the profile login and enter your master | 
					
						
							|  |  |  |       configuration password to edit your new profile.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Edit your new profile</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 16:26:57 +00:00
										 |  |  |       <section id="selfServiceBasicSettings"> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <title>Basic settings</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <para>On top of the page you see the link to the user login page. Copy | 
					
						
							|  |  |  |         this link address and give it to your users.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <para>Below the link you can specify several options.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |               <imagedata fileref="images/conf4.png" /> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 15:54:49 +00:00
										 |  |  |         <table border="0"> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |           <title>General options</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |           <tgroup cols="2"> | 
					
						
							|  |  |  |             <tbody> | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Server address</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 15:54:49 +00:00
										 |  |  |                 <entry>The address of your LDAP server. For LDAP+SSL use | 
					
						
							|  |  |  |                 "ldaps://myserver"</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Activate TLS</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Activates TLS encryption. Please note that this cannot | 
					
						
							|  |  |  |                 be combined with LDAP+SSL ("ldaps://").</entry> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>LDAP suffix</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>The part of the LDAP tree where LAM should search for | 
					
						
							|  |  |  |                 users</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 15:54:49 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>LDAP search attribute</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Here you can specify if your users can login with user | 
					
						
							|  |  |  |                 name + password, email + password or other attributes.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>LDAP user + password</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>The DN and password which is used to search for users | 
					
						
							|  |  |  |                 in the LDAP database. It is sufficient if this DN has only | 
					
						
							|  |  |  |                 read rights. If you leave these fields empty LAM will try to | 
					
						
							|  |  |  |                 connect anonymously.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							| 
									
										
										
										
											2013-11-01 15:54:49 +00:00
										 |  |  |                 <entry>Use for all operations</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>By default LAM will use the credentials of the user | 
					
						
							|  |  |  |                 that logged in to self service for read/modify operations. If | 
					
						
							|  |  |  |                 you select this box then the connection user specified before | 
					
						
							|  |  |  |                 will be used instead. Please note that this can be a security | 
					
						
							|  |  |  |                 risk because the user requires write access to all users. You | 
					
						
							|  |  |  |                 need to make sure that your LAM server is well | 
					
						
							|  |  |  |                 protected.</entry> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2011-08-24 20:03:43 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-29 14:17:30 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Additional LDAP filter</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Use this to enter an additional LDAP filter (e.g. | 
					
						
							|  |  |  |                 "(objectClass=passwordSelfReset)") to reduce the number of | 
					
						
							|  |  |  |                 accounts who may use self service.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>HTTP authentication</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>You can enable HTTP authentication for your users. This | 
					
						
							|  |  |  |                 way the web server is responsible to authenticate your users. | 
					
						
							|  |  |  |                 LAM will use the given user name + password for the LDAP | 
					
						
							|  |  |  |                 login. To setup HTTP authentication in Apache please see this | 
					
						
							|  |  |  |                 <ulink | 
					
						
							|  |  |  |                 url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2011-08-24 20:03:43 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Login attribute label</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>This is the description for the LDAP search attribute. | 
					
						
							|  |  |  |                 Set it to something which your users are familiar | 
					
						
							|  |  |  |                 with.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-29 13:51:37 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Password field label</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>This text is placed as label for the password field on | 
					
						
							|  |  |  |                 the login page. LAM will use "Password" if you do not enter | 
					
						
							|  |  |  |                 any text.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Login caption</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>This text is displayed at the login page. You can input | 
					
						
							|  |  |  |                 HTML, too.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Main page caption</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>This text is displayed at self service main page where | 
					
						
							|  |  |  |                 your users change their data. You can input HTML, too.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Page header</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>This HTML code will be placed on top of all self | 
					
						
							|  |  |  |                 service pages. E.g. you can use this to place your custom | 
					
						
							|  |  |  |                 logo. Any HTML code is permitted.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Additional CSS links</entry> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |                 <entry>Here you can specify additional CSS links to change the | 
					
						
							|  |  |  |                 layout of the self service pages. This is useful to adapt them | 
					
						
							|  |  |  |                 to your corporate design. Please enter one link per | 
					
						
							|  |  |  |                 line.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  |             </tbody> | 
					
						
							|  |  |  |           </tgroup> | 
					
						
							|  |  |  |         </table> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Page layout</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-08-18 15:55:43 +00:00
										 |  |  |         <para>Here you can specify what input fields your users can see. It is | 
					
						
							|  |  |  |         also possible to group several input fields.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please use the arrow signs to change the order of the | 
					
						
							|  |  |  |         fields/groups.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You may also set some fields as read-only for your users. This | 
					
						
							|  |  |  |         can be done by clicking on the lock symbol. Read-only fields can be | 
					
						
							|  |  |  |         used to show your users additional data on the self service page that | 
					
						
							|  |  |  |         must not be changed by themselves (e.g. first/last name).</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-30 15:02:06 +00:00
										 |  |  |         <para>Sometimes, you may want to set a custom label for an input | 
					
						
							|  |  |  |         field. Click on the edit icon to set your own label text (Personal: | 
					
						
							|  |  |  |         Department is relabeled as "Business unit" here).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |               <imagedata fileref="images/conf5.png" /> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Possible input fields</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This is a list of input fields you may add to the self service | 
					
						
							|  |  |  |         page.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <table> | 
					
						
							|  |  |  |           <title>Self service fields</title> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <tgroup cols="3"> | 
					
						
							|  |  |  |             <tbody> | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry align="center"><emphasis role="bold">Account | 
					
						
							|  |  |  |                 type</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry align="center"><emphasis | 
					
						
							|  |  |  |                 role="bold">Option</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry align="center"><emphasis | 
					
						
							|  |  |  |                 role="bold">Description</emphasis></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows=""><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_asterisk.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Asterisk (voicemail)</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Sync Asterisk password with Unix password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>This is a hidden field. It will update the Asterisk | 
					
						
							|  |  |  |                 password each time the Unix password is changed.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_heimdal.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Kerberos</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Sync Kerberos password with Unix password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>This is a hidden field. It will update the Kerberos | 
					
						
							|  |  |  |                 password each time the Unix password is changed.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="1"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_kolab.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Kolab</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Delegates</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Allows to manage delegate permissions</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Invitation policy</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Invitation policy management</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_ssh.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Password policy</entry> | 
					
						
							| 
									
										
										
										
											2013-10-27 18:53:55 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Last password change</entry> | 
					
						
							| 
									
										
										
										
											2013-10-27 18:53:55 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>read-only</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-10-27 18:53:55 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="2"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_ssh.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Password self reset</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Question</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Security question selection</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Answer</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Security answer</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Backup email</entry> | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>(External) backup email address that has no relation to | 
					
						
							|  |  |  |                 user password.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="23"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_user.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Personal</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Business category</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Car license</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Department</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Email address</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Fax number</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>First name</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Home telephone number</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Initials</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Job title</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Last name</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Location</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Mobile number</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Office name</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Photo</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Shows the user photo if set. The user may also remove | 
					
						
							|  |  |  |                 the photo or upload a new one.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Postal address</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Postal code</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Post office box</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Registered address</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Room number</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>State</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Street</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Telephone number</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>User certificates</entry> | 
					
						
							| 
									
										
										
										
											2013-03-30 14:22:26 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Upload of user certificates in PEM or DER | 
					
						
							|  |  |  |                 format</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-03-30 14:22:26 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Web site</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="4"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_samba.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Samba 3</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Input field to set a new NT/LM password. The attribute | 
					
						
							|  |  |  |                 "sambaPwdLastSet" is updated if it existed before.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Sync Samba LM password with Unix password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>This is a hidden field. It will update the Samba LM | 
					
						
							|  |  |  |                 password each time the Unix password is changed.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Sync Samba NT password with Unix password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>This is a hidden field. It will update the Samba NT | 
					
						
							|  |  |  |                 password each time the Unix password is changed.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Update attribute "sambaPwdLastSet" on password | 
					
						
							|  |  |  |                 change</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Updates the password timestamp when password is | 
					
						
							|  |  |  |                 synchronized with Unix.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Last password change (read-only)</entry> | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Displays the date and time of the user's last password | 
					
						
							|  |  |  |                 change.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_ssh.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Shadow</entry> | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Last password change (read-only)</entry> | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Displays the date and time of the user's last password | 
					
						
							|  |  |  |                 change (Unix).</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-09-28 11:46:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="8"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_samba.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Windows</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Password</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Change the user's password</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Location</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Office name</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Postal code</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Post office box</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>State</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Street</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Telephone number</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Web site</entry> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-04-21 18:52:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="2"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_unix.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Unix</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Common name</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Login shell</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Password</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>This is also the source for several password | 
					
						
							|  |  |  |                 synchronization options.</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="1"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_zarafa.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> Zarafa</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>"Send as" privileges</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Define user who may send mails as this user</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Email aliases</entry> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Email aliases</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry morerows="3"><inlinemediaobject> | 
					
						
							|  |  |  |                     <imageobject> | 
					
						
							|  |  |  |                       <imagedata fileref="images/schema_pykota.png" /> | 
					
						
							|  |  |  |                     </imageobject> | 
					
						
							|  |  |  |                   </inlinemediaobject> PyKota</entry> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Balance (read-only)</entry> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Current balance for printing</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Total paid (read-only)</entry> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Total money paid</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Payment history</entry> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>History of user payments</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Job history</entry> | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>History of printed jobs</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  |             </tbody> | 
					
						
							|  |  |  |           </tgroup> | 
					
						
							| 
									
										
										
										
											2012-09-06 14:31:05 +00:00
										 |  |  |         </table> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-08-18 15:55:43 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Module settings</title> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-08-18 15:55:43 +00:00
										 |  |  |         <para>This allows to configure some module specific options (e.g. | 
					
						
							|  |  |  |         custom scripts or password hash type).</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							| 
									
										
										
										
											2014-03-11 16:52:52 +00:00
										 |  |  |               <imagedata fileref="images/conf6.png" /> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2012-01-08 19:18:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |       <section id="PasswordSelfReset"> | 
					
						
							|  |  |  |         <title>Password self reset</title> | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Schema installation</emphasis></para> | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please install the LDAP schema as described <link | 
					
						
							|  |  |  |         linkend="a_passwordSelfResetSchema">here</link>.</para> | 
					
						
							| 
									
										
										
										
											2012-07-08 18:25:27 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Settings</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-01-08 19:18:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can allow your users to reset their passwords themselves. | 
					
						
							|  |  |  |         This will reduce your administrative costs for cases where users | 
					
						
							|  |  |  |         forget their passwords.</para> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>To enable this feature please activate the checkbox "Enable | 
					
						
							|  |  |  |         password self reset link".</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Hint:</emphasis> Plese note that LAM Pro | 
					
						
							|  |  |  |         uses security questions by default. Activate confirmation mails and | 
					
						
							|  |  |  |         then deactivate security questions if you want to use only email | 
					
						
							|  |  |  |         validation.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can now configure the minimum answer length for password | 
					
						
							|  |  |  |         reset answers. This is checked when you allow you users to specify | 
					
						
							|  |  |  |         their answers via the self service. Additionally, you can specify the | 
					
						
							|  |  |  |         text of the password reset link (default: "Forgot password?"). The | 
					
						
							|  |  |  |         link is displayed below the password field on the self service login | 
					
						
							|  |  |  |         page.</para> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Next, please enter the DN and password of an LDAP entry that is | 
					
						
							|  |  |  |         allowed to reset the passwords. This entry needs write access to the | 
					
						
							|  |  |  |         attributes shadowLastChange, pwdAccountLockedTime and userPassword. It | 
					
						
							|  |  |  |         also needs read access to uid, mail, passwordSelfResetQuestion and | 
					
						
							|  |  |  |         passwordSelfResetAnswer. Please note that LAM Pro saves the password | 
					
						
							|  |  |  |         on your server file system. Therefore, it is required to protect your | 
					
						
							|  |  |  |         server against unauthorised access.</para> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please also specify the list of password reset questions that | 
					
						
							|  |  |  |         the user can choose.</para> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please note that self service and LAM admin interface are | 
					
						
							|  |  |  |         separated functionalities. You need to specify the list of possible | 
					
						
							|  |  |  |         security questions in both self service profile(s) and server | 
					
						
							|  |  |  |         profile(s).</para> | 
					
						
							| 
									
										
										
										
											2013-01-14 17:07:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <literallayout> </literallayout> | 
					
						
							| 
									
										
										
										
											2012-08-18 15:55:43 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can inform your users via mail about their password change. | 
					
						
							|  |  |  |         The mail can include the new password by using the special wildcard | 
					
						
							|  |  |  |         "@@newPassword@@". Additionally, you may want to insert other | 
					
						
							|  |  |  |         wildcards that are replaced by the corresponding LDAP attributes. E.g. | 
					
						
							|  |  |  |         "@@uid@@" will be replaced by the user name. Please see <link | 
					
						
							|  |  |  |         linkend="mailEOL">email format option</link> in case of broken mails. | 
					
						
							|  |  |  |         See <link linkend="mailSetup">here</link> for setting up your SMTP | 
					
						
							|  |  |  |         server.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <literallayout> </literallayout> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>LAM Pro can send your users an email with a confirmation link to | 
					
						
							|  |  |  |         validate their email address. Of course, this should only be used if | 
					
						
							|  |  |  |         the email account is independent from the user password (e.g. at | 
					
						
							|  |  |  |         external provider) or you use the backup email address feature. The | 
					
						
							|  |  |  |         mail body must include the confirmation link by using the special | 
					
						
							|  |  |  |         wildcard "@@resetLink@@". Additionally, you may want to insert other | 
					
						
							|  |  |  |         wildcards that are replaced by the corresponding LDAP attributes. E.g. | 
					
						
							|  |  |  |         "@@uid@@" will be replaced by the user name.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>There is also an option to skip the security question at all if | 
					
						
							|  |  |  |         email verification is enabled. In this case the password can be reset | 
					
						
							|  |  |  |         directly after clicking on the confirmation link. Please handle with | 
					
						
							|  |  |  |         care since anybody with access to the user's mail account can reset | 
					
						
							|  |  |  |         the password.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Troubleshooting:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>If you get messages like "Unable to find user account." this can | 
					
						
							|  |  |  |         have multiple reasons:</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>security questions enabled but no security question and/or | 
					
						
							|  |  |  |             answer set for this user</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>user name + email combination does not exist</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>no connection to LDAP server</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Turn on logging in LAM's main configuration settings. The exact | 
					
						
							|  |  |  |         reason is logged on notice level.</para> | 
					
						
							| 
									
										
										
										
											2011-08-25 19:54:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">New fields for self service | 
					
						
							|  |  |  |         page</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>There are special fields that you may put on the self service | 
					
						
							|  |  |  |         page for your users. These fields allow them to change the reset | 
					
						
							|  |  |  |         question and its answer. It is also possible to set a backup email | 
					
						
							|  |  |  |         address to reset passwords with an external email address.</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>This is an example how can be presented to your users on the | 
					
						
							|  |  |  |         self service page:</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Password reset link</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>After activating the password self reset feature there will be a | 
					
						
							|  |  |  |         new link on the self service login page. The text can be configured as | 
					
						
							|  |  |  |         described above (default: "Forgot password?").</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>When a user clicks on the link then he will be asked for | 
					
						
							|  |  |  |         identification with his user name and email address.</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>LAM Pro will use this information to find the correct LDAP entry | 
					
						
							|  |  |  |         of this user. It then displays the user's security question and input | 
					
						
							|  |  |  |         fields for his new password. If the answer is correct then the new | 
					
						
							|  |  |  |         password will be set. Additionally, pwdAccountLockedTime will be | 
					
						
							|  |  |  |         removed and shadowLastChange updated to the current time if | 
					
						
							|  |  |  |         existing.</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/passwordSelfReset6.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>User self registration</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>With LAM Pro your users can create their own accounts if you | 
					
						
							|  |  |  |         like. LAM Pro will display an additional link on the self service | 
					
						
							|  |  |  |         login page that allows you users to create a new account including | 
					
						
							|  |  |  |         email validation (see <link linkend="mailSetup">here</link> for | 
					
						
							|  |  |  |         setting up your SMTP server).</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You enable this feature in your self service profile. Just | 
					
						
							|  |  |  |         activate the checkbox "Enable self registration link".</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/accountRegistration1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Options:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis>Link text:</emphasis> This is the label for the link | 
					
						
							|  |  |  |         to the self registration. If empty "Register new account" will be | 
					
						
							|  |  |  |         used.</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis>Admin DN and password:</emphasis> Please enter the | 
					
						
							|  |  |  |         LDAP DN and its password that should be used to create new users. This | 
					
						
							|  |  |  |         DN also needs to be able to do LDAP searches by uid in the self | 
					
						
							|  |  |  |         service part of your LDAP tree.</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis>Object classes:</emphasis> This is a list of object | 
					
						
							|  |  |  |         classes that are used to build the new user accounts. Please enter one | 
					
						
							|  |  |  |         object class in each line.</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis>Attributes:</emphasis> This is a list of additional | 
					
						
							|  |  |  |         attributes that the user can enter. Please note that user name, | 
					
						
							|  |  |  |         password and email address are mandatory anyway and need not be | 
					
						
							|  |  |  |         specified.</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Each line represents one LDAP attribute. The settings are | 
					
						
							|  |  |  |         separated by "::". The first setting specifies the field type. The | 
					
						
							|  |  |  |         second setting is the LDAP attribute name. Depending on the field type | 
					
						
							|  |  |  |         you can enter additional options:</para> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <table> | 
					
						
							|  |  |  |           <title></title> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <tgroup cols="6"> | 
					
						
							|  |  |  |             <tbody> | 
					
						
							|  |  |  |               <row> | 
					
						
							|  |  |  |                 <entry><emphasis role="bold">Description</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry><emphasis role="bold">Type</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry><emphasis role="bold">Attribute name</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry><emphasis role="bold">First option</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry><emphasis role="bold">Second option</emphasis></entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry><emphasis role="bold">Third option</emphasis></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>An optional input field that is displayed on the | 
					
						
							|  |  |  |                 registration page.</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>optional</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>e.g. "givenName"</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>Label that is displayed on page</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>optional regular expression for validation (e.g. | 
					
						
							|  |  |  |                 "/^[0-9a-zA-Z]+$/")</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>validation message if value does not match validation | 
					
						
							|  |  |  |                 expression</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>A required input field that is displayed on the | 
					
						
							|  |  |  |                 registration page. Self registration cannot be done if such a | 
					
						
							|  |  |  |                 field is left empty by the user.</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>required</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>e.g. "sn"</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>Label that is displayed on page</entry> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>optional regular expression for validation (e.g. | 
					
						
							|  |  |  |                 "/^[0-9a-zA-Z]+$/")</entry> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>validation message if value does not match validation | 
					
						
							|  |  |  |                 expression</entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |               <row> | 
					
						
							|  |  |  |                 <entry>Constant attribute value, not visible for the user. Can | 
					
						
							|  |  |  |                 be used to set some initial values or data that must not be | 
					
						
							|  |  |  |                 edited by the user.</entry> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>constant</entry> | 
					
						
							| 
									
										
										
										
											2013-11-10 12:58:56 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry>e.g. "homeDirectory"</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry>attribute value, supports wirldcards to insert other | 
					
						
							|  |  |  |                 attribute values (e.g. "@@uid@@")</entry> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |                 <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 <entry></entry> | 
					
						
							|  |  |  |               </row> | 
					
						
							|  |  |  |             </tbody> | 
					
						
							|  |  |  |           </tgroup> | 
					
						
							|  |  |  |         </table> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>For a syntax description of validation expressions see <ulink | 
					
						
							|  |  |  |         url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is | 
					
						
							|  |  |  |         optional, you can leave these options blank.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Example:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please | 
					
						
							|  |  |  |         enter a valid first name.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a | 
					
						
							|  |  |  |         valid last name.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>constant::homeDirectory::/home/@@uid@@</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you use the object class "inetOrgPerson" and do not provide | 
					
						
							|  |  |  |         the "cn" attribute then LAM will set it to the user name value.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please note that only simple input boxes are supported for | 
					
						
							|  |  |  |         account registration. The user may log in to self service when his | 
					
						
							|  |  |  |         account was created to manage all his attributes.</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <literallayout> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">User view:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>The user can register by clicking on a link on the self service | 
					
						
							|  |  |  |         login page:</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/accountRegistration2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Here he can insert the data that you specified in the self | 
					
						
							|  |  |  |         service profile:</para> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/accountRegistration3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>LAM will then send him an email with a validation link that is | 
					
						
							|  |  |  |         valid for 24 hours. When he clicks on this link then the account will | 
					
						
							|  |  |  |         be created in the self service user suffix. The DN will look like | 
					
						
							|  |  |  |         this: <emphasis>uid=<user name>,...</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-10-16 16:48:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please see <link linkend="mailEOL">email format option</link> in | 
					
						
							|  |  |  |         case of broken mails.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Custom fields (LAM Pro)</title> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>This module allows you to manage LDAP attributes that are not | 
					
						
							|  |  |  |         covered by the other LAM modules (e.g. if you use custom LDAP | 
					
						
							|  |  |  |         schemas). You can fully define how your input fields look like:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Label</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>LDAP attribute name</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Unique name for field</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Help text</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2014-02-06 19:19:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Read-only display</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Field type: text, password, text area, checkbox, radio | 
					
						
							|  |  |  |             buttons, select list, file upload</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Validation via regular expression</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>Error message if validation fails</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>To create custom fields for the Self Service please edit your | 
					
						
							|  |  |  |         Self Service profile and switch to tab "Module settings". Here you can | 
					
						
							|  |  |  |         add a new field. Simply fill the fields and press on "Add".</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please note that the field name cannot be changed later. It is | 
					
						
							|  |  |  |         the unique ID for this field.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>After you created your fields please press on "Sync fields with | 
					
						
							|  |  |  |         page layout". Now you can switch to tab "Page layout" and add your new | 
					
						
							|  |  |  |         fields like any other standard field.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Examples for fields and their representation in Self | 
					
						
							|  |  |  |         Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Text field:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Text fields allow to specify a <link | 
					
						
							|  |  |  |         linkend="customFields_validation_expressions">validation | 
					
						
							|  |  |  |         expression</link> and error message.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can also enable auto-completion. In this case LAM will | 
					
						
							|  |  |  |         search all accounts for the given attribute and provide | 
					
						
							|  |  |  |         auto-completion hints when the user edits this field. This should only | 
					
						
							|  |  |  |         be used if there is a limited number of different values for this | 
					
						
							|  |  |  |         attribute.</para> | 
					
						
							| 
									
										
										
										
											2013-11-01 10:54:03 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields2.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields3.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Password field:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can also manage custom password fields. LAM Pro will display | 
					
						
							|  |  |  |         two fields where the user must enter the same password. You can hash | 
					
						
							|  |  |  |         the password if needed.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields5.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Text area:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>This adds a multi-line field. The options are similar to text | 
					
						
							|  |  |  |         fields. Additionally, you can set the size with the number of columns | 
					
						
							|  |  |  |         and rows.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Please note that the <link | 
					
						
							|  |  |  |         linkend="customFields_validation_expressions">validation | 
					
						
							|  |  |  |         expression</link> should be set to multi-line. This is done by adding | 
					
						
							|  |  |  |         "m" at the end.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields6.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields7.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Checkbox:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Sometimes you may want to allow only yes/no values for your LDAP | 
					
						
							|  |  |  |         attributes. This can be represented by a checkbox. You can specify the | 
					
						
							|  |  |  |         values for checked and unchecked. The default value is set if the LDAP | 
					
						
							|  |  |  |         attribute has no value.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields8.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields9.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Radio buttons:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>This displays a list of radio buttons where the user can select | 
					
						
							|  |  |  |         one value.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can specify a mapping of LDAP attribute values and their | 
					
						
							|  |  |  |         display (label) on the Self Service page. To add more mapping fields | 
					
						
							|  |  |  |         please press "Add more mapping fields".</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields10.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields11.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">Select list:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Select lists allow the user to select a value in a large list of | 
					
						
							|  |  |  |         options. The definition of the possible values and their display is | 
					
						
							|  |  |  |         similar to radio buttons.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>You can also allow multiple values.</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields12.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation in Self Service:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields13.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields18.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para id="customFields_validation_expressions"><emphasis | 
					
						
							|  |  |  |         role="bold">Validation expressions:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>The validation expressions follow the standard of <ulink | 
					
						
							|  |  |  |         url="http://perldoc.perl.org/perlre.html">Perl regular | 
					
						
							|  |  |  |         expressions</ulink>. They start and end with a "/". The beginning of a | 
					
						
							|  |  |  |         line is specified by "^" and the end by "$".</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Examples:</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>/^[a-z0-9]+$/ allows small letters and numbers. The value must | 
					
						
							|  |  |  |         not be empty ("+").</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>/^[a-z0-9]+$/i allows small and capital letters ("i" at the end | 
					
						
							|  |  |  |         means ignore case) and numbers. The value must not be empty | 
					
						
							|  |  |  |         ("+").</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Special characters that must be escaped with "\": "\", ".", "(", | 
					
						
							|  |  |  |         ")"</para> | 
					
						
							| 
									
										
										
										
											2012-12-01 11:21:29 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>E.g. /^[a-z0-9\.]$/i</para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <literallayout> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para><emphasis role="bold">File upload:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>This is used for binary data. You can restrict uploaded data to | 
					
						
							|  |  |  |         a given file extension and set the maximum file size.</para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields23.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>Presentation:</para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <para>The uploaded data may also be downloaded via LAM.</para> | 
					
						
							| 
									
										
										
										
											2013-09-26 18:14:00 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/customFields24.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2012-06-03 19:16:17 +00:00
										 |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2014-03-10 18:46:28 +00:00
										 |  |  |     </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Adapt the self service to your corporate design</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |       <para>LAM Pro allows you to integrate customs CSS style definitions and | 
					
						
							|  |  |  |       design the header of all self service pages. This way you can integrate | 
					
						
							|  |  |  |       you own logo and use your company's colors.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Custom header</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |         <para>The default LAM Pro header includes a logo and a horizontal | 
					
						
							|  |  |  |         line. You can enter any HTML code here. It will be included in the | 
					
						
							|  |  |  |         self services pages after the body tag.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configPageHeader.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>CSS files</title> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |         <para>Usually, companies have regulations about their corporate design | 
					
						
							|  |  |  |         and use common CSS files. This assures a common appearance of all | 
					
						
							|  |  |  |         intranet pages (e.g. colors and fonts). To include additional CSS | 
					
						
							|  |  |  |         files just use the following setting for this task. The additional CSS | 
					
						
							|  |  |  |         links will be added after LAM Pro's default CSS link. This way you can | 
					
						
							|  |  |  |         overwrite LAM Pro's style.</para> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-14 18:29:21 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configCSS.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2010-02-13 09:32:34 +00:00
										 |  |  |     </section> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |   </chapter> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   <appendix id="a_schema"> | 
					
						
							|  |  |  |     <title>LDAP schema files</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Here is a list of needed LDAP schema files for the different LAM | 
					
						
							|  |  |  |     modules. For OpenLDAP we also provide a source where you can get the | 
					
						
							|  |  |  |     files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <table frame="none" lang="" role="" tabstyle="nogrid"> | 
					
						
							|  |  |  |       <title>LDAP schema files</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <tgroup cols="6"> | 
					
						
							|  |  |  |         <thead> | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Account type</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Object class(es)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Schema name</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Source</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Notes</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  |         </thead> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <tbody> | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_unix.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Unix accounts</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |             <entry>posixAccount, shadowAccount, hostObject, posixGroup</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |             <entry>nis.schema, rfc2307bis.schema, ldapns.schema | 
					
						
							|  |  |  |             (hostObject)</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-03 17:20:10 +00:00
										 |  |  |             <entry>Part of OpenLDAP installation, part of libpam-ldap | 
					
						
							|  |  |  |             (ldapns.schema)</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <entry>The rfc2307bis.schema is only supported by LAM Pro. Use the | 
					
						
							|  |  |  |             nis.schema if you do not want to upgrade to LAM Pro.</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_inetOrgPerson.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Address book entries</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>inetOrgPerson</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>inetorgperson.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_samba.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Samba 3 accounts</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>sambaSamAccount, sambaGroupMapping, sambaDomain</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>samba.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of Samba tarball (examples/LDAP/samba.schema)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-12 13:18:22 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_samba.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Windows AD (Samba 4)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>user, group, computer</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Samba 4 built-in</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_kolab.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-01 09:03:24 +00:00
										 |  |  |             <entry>Kolab 2/3 users</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <entry>kolabUser</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-01 09:03:24 +00:00
										 |  |  |             <entry>kolab2/3.schema, rfc2739.schema</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-01 09:03:24 +00:00
										 |  |  |             <entry>Part of Kolab 2/3 installation</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-12-12 20:20:18 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_asterisk.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Asterisk (extension)</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>AsteriskSIPUser, AsteriskExtension</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>asterisk.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of Asterisk installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_pykota.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>PyKota users, groups, printers and billing codes</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>pykotaObject, pykotaAccount, pykotaAccountBalance, | 
					
						
							|  |  |  |             pykotaGroup, pykotaPrinter, pykotaBilling</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>pykota.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of PyKota installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mailAlias.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Mail routing</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>inetLocalMailRecipient</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>misc.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_hostObject.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Hosts</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-24 14:13:30 +00:00
										 |  |  |             <entry>hostObject, device</entry> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-09-27 18:38:39 +00:00
										 |  |  |             <entry>ldapns.schema</entry> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-09-27 18:38:39 +00:00
										 |  |  |             <entry>Part of libpam-ldap installation</entry> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-24 14:13:30 +00:00
										 |  |  |             <entry>The device object class is only available in LAM | 
					
						
							|  |  |  |             Pro.</entry> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-21 17:43:41 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_authorizedServices.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Authorized services</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>authorizedServiceObject</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>ldapns.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of libpam-ldap installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mailAlias.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Mail aliases</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nisMailAlias</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>misc.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mailAlias.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Qmail user</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>qmailUser</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>qmail.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of <ulink | 
					
						
							|  |  |  |             url="http://www.nrg4u.com/">qmail_ldap</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>LAM Pro only</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mac.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>MAC addresses</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>ieee802device</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nis.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-08 18:43:28 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_ipHost.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>IP addresses</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>ipHost</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nis.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2010-03-08 18:43:28 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-09-17 18:22:59 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_puppet.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Puppet</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>puppetClient</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>puppet.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry><ulink | 
					
						
							|  |  |  |             url="https://github.com/puppetlabs/puppet/blob/master/ext/ldap/puppet.schema">Puppet | 
					
						
							|  |  |  |             on GitHub</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-15 17:32:33 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_eduPerson.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>EDU person</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>eduPerson</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>eduperson.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry><ulink | 
					
						
							|  |  |  |             url="http://middleware.internet2.edu/eduperson/">http://middleware.internet2.edu</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_user.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Simple Accounts</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>account</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>cosine.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_ssh.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>SSH public keys</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>ldapPublicKey</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>openssh-lpk.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Included in patch from <ulink | 
					
						
							|  |  |  |             url="http://code.google.com/p/openssh-lpk/">http://code.google.com/p/openssh-lpk/</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-21 10:55:48 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_quota.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Filesystem quotas</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>systemQuotas</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>quota.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry><ulink | 
					
						
							|  |  |  |             url="http://sourceforge.net/projects/linuxquota/">Linux | 
					
						
							|  |  |  |             DiskQuota</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							| 
									
										
										
										
											2014-01-19 13:30:30 +00:00
										 |  |  |                   <imagedata fileref="images/schema_group.png" /> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Group of (unique) names</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>groupOfNames, groupOfUniqueNames</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>core.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-19 13:30:30 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_group.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Groups</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>organizationalRole</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>core.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>LAM Pro only</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_dhcp.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>DHCP</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-12-12 20:20:18 +00:00
										 |  |  |             <entry>dhcpOptions, dhcpSubnet, dhcpServer</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <entry>dhcp.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>docs/schema/dhcp.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>The LDAP suffix should be set to your dhcpServer | 
					
						
							|  |  |  |             entry.</entry> | 
					
						
							| 
									
										
										
										
											2013-10-27 17:19:33 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_bind.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Bind DLZ DNS</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>dlzZone, dlzHost, dlzSOARecord, dlzNSRecord, dlzARecord, | 
					
						
							|  |  |  |             dlzMXRecord, dlzCNameRecord, dlzPTRRecord</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>dlz.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>part of <ulink url="http://bind-dlz.sourceforge.net/">Bind | 
					
						
							|  |  |  |             DLZ patch</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_alias.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Aliases</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>alias, uidObject</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>core.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |           </row> | 
					
						
							| 
									
										
										
										
											2009-12-12 20:20:18 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_netgroup.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>NIS netgroups</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nisNetgroup</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nis.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_nisObject.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>NIS objects</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nisObject</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>nis.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_nisObject.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Automount objects</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>automount</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-08-13 17:44:42 +00:00
										 |  |  |             <entry>autofs.schema, rfc2307bis.schema</entry> | 
					
						
							| 
									
										
										
										
											2011-02-15 20:24:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |             <entry>Autofs LDAP</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2010-02-28 18:43:14 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-09 18:06:41 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_oracle.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Oracle databases</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>orclNetService</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>oidbase.schema, oidnet.schema, oidrdbms.schema, | 
					
						
							|  |  |  |             alias.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Preinstalled on Oracle directory server, OpenLDAP schemas | 
					
						
							|  |  |  |             can be downloaded e.g. <ulink | 
					
						
							|  |  |  |             url="http://www.idevelopment.info/data/Oracle/DBA_tips/LDAP/LDAP_8.shtml">here</ulink></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>LAM Pro only</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-28 18:43:14 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_ppolicy.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Password policies</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>pwdPolicy, device</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>ppolicy.schema, core.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of OpenLDAP installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2009-12-12 20:20:18 +00:00
										 |  |  |           </row> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-31 20:48:29 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_freeRadius.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>FreeRadius users</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>radiusprofile</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>openldap.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of FreeRadius installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry></entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-03-18 17:49:54 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_heimdal.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Heimdal Kerberos</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>krb5KDCEntry</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>hdb.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of Heimdal Kerberos installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2012-03-18 17:49:54 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-11 14:19:36 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mitKerberos.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>MIT Kerberos</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>krbPrincipal, krbPrincipalAux, krbTicketPolicyAux</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>kerberos.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of MIT Kerberos installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2012-11-11 14:19:36 +00:00
										 |  |  |           </row> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_sudo.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Sudo roles</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>sudoRole</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>sudo.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of sudo-ldap installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2010-06-13 18:39:03 +00:00
										 |  |  |           </row> | 
					
						
							| 
									
										
										
										
											2010-10-24 14:13:30 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_zarafa.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Zarafa</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>zarafa-user, zarafa-group, zarafa-server</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>zarafa.schema</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Part of Zarafa installation</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-11-17 19:31:21 +00:00
										 |  |  |             <entry>LAM Pro only</entry> | 
					
						
							| 
									
										
										
										
											2010-10-24 14:13:30 +00:00
										 |  |  |           </row> | 
					
						
							| 
									
										
										
										
											2010-11-29 20:50:00 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           <row> | 
					
						
							|  |  |  |             <entry><inlinemediaobject> | 
					
						
							|  |  |  |                 <imageobject> | 
					
						
							|  |  |  |                   <imagedata fileref="images/schema_mailAlias.png" /> | 
					
						
							|  |  |  |                 </imageobject> | 
					
						
							|  |  |  |               </inlinemediaobject></entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>IMAP mailboxes</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>-</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>-</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>-</entry> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <entry>Does not require any schema.</entry> | 
					
						
							|  |  |  |           </row> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </tbody> | 
					
						
							|  |  |  |       </tgroup> | 
					
						
							|  |  |  |     </table> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   <appendix id="a_security"> | 
					
						
							|  |  |  |     <title>Security</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-17 19:56:36 +00:00
										 |  |  |     <section id="a_configPasswords"> | 
					
						
							|  |  |  |       <title>LAM configuration passwords</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM supports a two level authorization system for its | 
					
						
							|  |  |  |       configuration. Therefore, there are two types of configuration | 
					
						
							|  |  |  |       passwords:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">master configuration | 
					
						
							|  |  |  |           password:</emphasis> needed to change general settings, | 
					
						
							|  |  |  |           create/delete server profiles and self service profiles</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para><emphasis role="bold">server profile password:</emphasis> used | 
					
						
							|  |  |  |           to change the settings of a server profile (e.g. LDAP server and | 
					
						
							|  |  |  |           account types to manage)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The master configuration password can be used to reset a server | 
					
						
							|  |  |  |       profile password. Each server profile has its own profile | 
					
						
							|  |  |  |       password.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Both password types are stored as hash values in the configuration | 
					
						
							|  |  |  |       files for enhanced security.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Use of SSL</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The data which is transfered between you and LAM is very | 
					
						
							|  |  |  |       sensitive. Please always use SSL encrypted connections between LAM and | 
					
						
							|  |  |  |       your browser to protect yourself against network sniffers.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>LDAP with SSL and TLS</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>SSL will be used if you use ldaps://servername in your | 
					
						
							|  |  |  |       configuration profile. TLS can be activated with the "Activate TLS" | 
					
						
							|  |  |  |       option.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |       <para>If your LDAP server uses a SSL certificate of a well-know | 
					
						
							|  |  |  |       certificate authority (CA) then you probably need no changes. If you use | 
					
						
							|  |  |  |       a custom CA in your company then there are two ways to setup the CA | 
					
						
							|  |  |  |       certificates.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Setup SSL certificates in LAM general settings</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |         <para>This is much easier than system level setup and will only affect | 
					
						
							|  |  |  |         LAM. There might be some cases where other web applications on the | 
					
						
							|  |  |  |         same web server are influenced.</para> | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |         <para>See <link linkend="conf_sslCert">here</link> for details.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section id="ssl_certSystem"> | 
					
						
							|  |  |  |         <title>Setup SSL certificates on system level</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This will make the CA certificates available also to other | 
					
						
							|  |  |  |         applications on your system (e.g. other web applications).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You will need to setup ldap.conf to trust your server | 
					
						
							|  |  |  |         certificate. Some installations use /etc/ldap.conf and some use | 
					
						
							|  |  |  |         /etc/ldap/ldap.conf. It is a good idea to symlink /etc/ldap.conf to | 
					
						
							|  |  |  |         /etc/ldap/ldap.conf. Specify the server CA certificate with the | 
					
						
							|  |  |  |         following option:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <programlisting>TLS_CACERT /etc/ldap/ca/myCA/cacert.pem</programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This needs to be the public part of the signing certificate | 
					
						
							|  |  |  |         authority. See "man ldap.conf" for additional options.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |         <para>You may also need to specify the CA certificate in your Apache | 
					
						
							|  |  |  |         configuration by using the option "LDAPTrustedGlobalCert":</para> | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-10 13:25:09 +00:00
										 |  |  |         <programlisting>LDAPTrustedGlobalCert CA_BASE64 /etc/ldap/ca/myCA/cacert.pem</programlisting> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Chrooted servers</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If your server is chrooted and you have no access to /dev/random | 
					
						
							|  |  |  |       or /dev/urandom this can be a security risk. LAM stores your LDAP | 
					
						
							|  |  |  |       password encrypted in the session. LAM uses rand() to generate the key | 
					
						
							|  |  |  |       if /dev/random and /dev/urandom are not accessible. Therefore the key | 
					
						
							|  |  |  |       can be easily guessed. An attaker needs read access to the session file | 
					
						
							|  |  |  |       (e.g. by another Apache instance) to exploit this.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Protection of your LDAP password and directory contents</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>You have to install the MCrypt extension for PHP to enable | 
					
						
							|  |  |  |       encryption.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Your LDAP password is stored encrypted in the session file. The | 
					
						
							|  |  |  |       key and IV to decrypt it are stored in two cookies. We use MCrypt/AES to | 
					
						
							|  |  |  |       encrypt the password. All data that was read from LDAP and needs to be | 
					
						
							|  |  |  |       stored in the session file is also encrypted.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Apache configuration</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |       <section> | 
					
						
							|  |  |  |         <title>Sensitive directories</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para>LAM includes several .htaccess files to protect your | 
					
						
							|  |  |  |         configuration files and temporary data. Apache is often configured to | 
					
						
							|  |  |  |         not use .htaccess files by default. Therefore, please check your | 
					
						
							|  |  |  |         Apache configuration and change the override setting to:</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para>AllowOverride All</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para>If you are experienced in configuring Apache then you can also | 
					
						
							|  |  |  |         copy the security settings from the .htaccess files to your main | 
					
						
							|  |  |  |         Apache configuration.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para>If possible, you should not rely on .htaccess files but also | 
					
						
							|  |  |  |         move the config and sess directory to a place outside of your WWW | 
					
						
							|  |  |  |         root. You can put a symbolic link in the LAM directory so that LAM | 
					
						
							|  |  |  |         finds the configuration/session files.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para>Security sensitive directories:</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para><emphasis role="bold">config: </emphasis>Contains your LAM | 
					
						
							|  |  |  |         configuration and account profiles</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>LAM configuration passwords (SSHA hashed)</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>default values for new accounts</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>directory must be accessibly by Apache but needs not to be | 
					
						
							|  |  |  |             accessible by the browser</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para><emphasis role="bold">sess:</emphasis> PHP session files</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>LAM admin password in clear text or MCrypt encrypted</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>cached LDAP entries in clear text or MCrypt encrypted</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>directory must be accessibly by Apache but needs not to be | 
					
						
							|  |  |  |             accessible by the browser</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <para><emphasis role="bold">tmp:</emphasis> temporary files</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |         <itemizedlist> | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>PDF documents which may also include passwords</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-14 18:21:49 +00:00
										 |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>images of your users</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <listitem> | 
					
						
							|  |  |  |             <para>directory contents must be accessible by browser but | 
					
						
							|  |  |  |             directory itself needs not to be browseable</para> | 
					
						
							|  |  |  |           </listitem> | 
					
						
							|  |  |  |         </itemizedlist> | 
					
						
							|  |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section id="apache_http_auth"> | 
					
						
							|  |  |  |         <title>Use LDAP HTTP authentication for LAM</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>With HTTP authentication Apache will be responsible to ask for | 
					
						
							|  |  |  |         the user name and password. Both will then be forwarded to LAM which | 
					
						
							|  |  |  |         will use it to access LDAP. This approach gives you more flexibility | 
					
						
							|  |  |  |         to restrict the number of users that may access LAM (e.g. by requiring | 
					
						
							|  |  |  |         group memberships).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>First of all you need to load additional Apache modules. These | 
					
						
							|  |  |  |         are "<ulink | 
					
						
							|  |  |  |         url="http://httpd.apache.org/docs/2.2/mod/mod_ldap.html">mod_ldap</ulink>" | 
					
						
							|  |  |  |         and "<ulink type="" | 
					
						
							|  |  |  |         url="http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html">mod_authnz_ldap</ulink>".</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Next you can add a file called "lam_auth_ldap" to | 
					
						
							|  |  |  |         /etc/apache/conf.d. This simple example restricts access to all URLs | 
					
						
							|  |  |  |         beginning with "lam" to LDAP authentication.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <programlisting><location /lam> | 
					
						
							|  |  |  |   AuthType Basic | 
					
						
							|  |  |  |   AuthBasicProvider ldap | 
					
						
							|  |  |  |   AuthName "LAM" | 
					
						
							|  |  |  |   AuthLDAPURL "ldap://localhost:389/ou=People,dc=company,dc=com?uid" | 
					
						
							|  |  |  |   Require valid-user | 
					
						
							|  |  |  | </location></programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>You can also require that your users belong to a certain Unix | 
					
						
							|  |  |  |         group in LDAP:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <programlisting><location /lam> | 
					
						
							|  |  |  |   AuthType Basic | 
					
						
							|  |  |  |   AuthBasicProvider ldap | 
					
						
							|  |  |  |   AuthName "LAM" | 
					
						
							|  |  |  |   AuthLDAPURL "ldap://localhost:389/ou=People,dc=company,dc=com?uid" | 
					
						
							|  |  |  |   Require valid-user | 
					
						
							|  |  |  |   # force membership of lam-admins | 
					
						
							|  |  |  |   AuthLDAPGroupAttribute memberUid | 
					
						
							|  |  |  |   AuthLDAPGroupAttributeIsDN off | 
					
						
							|  |  |  |   Require ldap-group cn=lam-admins,ou=group,dc=company,dc=com | 
					
						
							|  |  |  | </location></programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Please see the <ulink | 
					
						
							|  |  |  |         url="http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html">Apache | 
					
						
							|  |  |  |         documentation</ulink> for more details.</para> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2013-12-18 17:37:36 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>Self Service behind proxy in DMZ (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>In some cases you might want to make the self service accessible | 
					
						
							|  |  |  |         via the internet. Here is an Apache config to forward only the | 
					
						
							|  |  |  |         required URLs via a proxy server (lamproxy.company.com) in your DMZ to | 
					
						
							|  |  |  |         the internal LAM server (lam.company.com).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><inlinemediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/selfServiceProxy.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </inlinemediaobject></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This configuration allows your users to open | 
					
						
							|  |  |  |         https://lamproxy.company.com which will then proxy the self service on | 
					
						
							|  |  |  |         the internal server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <programlisting><VirtualHost lamproxy.company.com:443> | 
					
						
							|  |  |  |         ServerName lamproxy.company.com | 
					
						
							|  |  |  |         ErrorLog /var/log/apache2/lam-proxy-error.log | 
					
						
							|  |  |  |         CustomLog /var/log/apache2/lam-proxy-access.log combined | 
					
						
							|  |  |  |         DocumentRoot /var/www/lam-proxy | 
					
						
							|  |  |  |         <Proxy *> | 
					
						
							|  |  |  |             Order deny,allow | 
					
						
							|  |  |  |             Allow from all | 
					
						
							|  |  |  |         </Proxy> | 
					
						
							|  |  |  |         SSLProxyEngine on | 
					
						
							|  |  |  |         SSLEngine on | 
					
						
							|  |  |  |         SSLCertificateFile /etc/apache2/ssl/apache.pem | 
					
						
							|  |  |  |         ProxyPreserveHost On | 
					
						
							|  |  |  |         ProxyRequests off | 
					
						
							|  |  |  |         loglevel info | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         # redirect front page to self service login page | 
					
						
							|  |  |  |         RewriteEngine on | 
					
						
							|  |  |  |         RedirectMatch ^/$ /templates/selfService/selfServiceLogin.php?scope=user\&name=lam | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         # proxy required URLs | 
					
						
							|  |  |  |         ProxyPass /tmp https://lam.company.com/lam/tmp | 
					
						
							|  |  |  |         ProxyPass /sess https://lam.company.com/lam/sess | 
					
						
							|  |  |  |         ProxyPass /templates/lib https://lam.company.com/lam/templates/lib | 
					
						
							|  |  |  |         ProxyPass /templates/selfService https://lam.company.com/lam/templates/selfService | 
					
						
							|  |  |  |         ProxyPass /style https://lam.company.com/lam/style | 
					
						
							|  |  |  |         ProxyPass /graphics https://lam.company.com/lam/graphics | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ProxyPassReverse /tmp https://lam.company.com/lam/tmp | 
					
						
							|  |  |  |         ProxyPassReverse /sess https://lam.company.com/lam/sess | 
					
						
							|  |  |  |         ProxyPassReverse /templates/lib https://lam.company.com/lam/templates/lib | 
					
						
							|  |  |  |         ProxyPassReverse /templates/selfService https://lam.company.com/lam/templates/selfService | 
					
						
							|  |  |  |         ProxyPassReverse /style https://lam.company.com/lam/style | 
					
						
							|  |  |  |         ProxyPassReverse /graphics https://lam.company.com/lam/graphics | 
					
						
							|  |  |  | </VirtualHost></programlisting> | 
					
						
							|  |  |  |       </section> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   <appendix> | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  |     <title>Typical OpenLDAP settings</title> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para>Some basic hints to configure the OpenLDAP server:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  |     <para><emphasis id="size_limit_exceeded" role="bold">Size | 
					
						
							|  |  |  |     limit:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para>You will get a message like "LDAP sizelimit exceeded, not all | 
					
						
							|  |  |  |     entries are shown." when you hit the LDAP search limit.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>OpenLDAP allows by default 500 return values per search, if you have | 
					
						
							|  |  |  |     more users/groups/hosts please change this:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>slapd.conf:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return | 
					
						
							|  |  |  |     values</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>slapd.d:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>e.g. "olcSizeLimit: 10000" or "olcSizeLimit: -1" for unlimited | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  |     return values in /etc/ldap/slapd.d/cn=config.ldif</para> | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis id="a_openldap_unique" role="bold">Unique | 
					
						
							|  |  |  |     attributes:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>There are cases where you do not want that same attribute values | 
					
						
							|  |  |  |     exist multiple times in your database. A good example are UID/GID | 
					
						
							|  |  |  |     numbers.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>OpenLDAP provides the <ulink | 
					
						
							|  |  |  |     url="http://www.openldap.org/doc/admin24/overlays.html">attribute | 
					
						
							|  |  |  |     uniqueness overlay</ulink> for this task.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Example to force unique UID numbers:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>In | 
					
						
							|  |  |  |     <emphasis>/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif</emphasis> add | 
					
						
							|  |  |  |     "olcModuleLoad: {3}unique" (replace "3" with the highest existing number | 
					
						
							|  |  |  |     plus one).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Now in /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif add e.g. | 
					
						
							|  |  |  |     "olcUniqueURI: ldap:///?uidNumber?sub"</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |     <para id="indices"><emphasis role="bold">Indices:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-21 10:04:12 +00:00
										 |  |  |     <para>Indices will improve the performance when searching for entries in | 
					
						
							|  |  |  |     the LDAP directory. The following indices are recommended:</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <simplelist> | 
					
						
							|  |  |  |       <member>index objectClass eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index default sub</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index uidNumber eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index gidNumber eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index memberUid eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index cn,sn,uid,displayName pres,sub,eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member># Samba 3.x</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index sambaSID eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index sambaPrimaryGroupSID eq</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <member>index sambaDomainName eq</member> | 
					
						
							|  |  |  |     </simplelist> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 15:27:07 +00:00
										 |  |  |   <appendix id="mailSetup"> | 
					
						
							|  |  |  |     <title>Setup of email (SMTP) server</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM always uses a local SMTP email server on the machine where LAM | 
					
						
							|  |  |  |     is installed. Therefore, there is no need to configure any SMTP settings | 
					
						
							|  |  |  |     inside LAM itself.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The local email server should be configured to forward all emails to | 
					
						
							|  |  |  |     your company mail server (so-called smarthost). You can use any SMTP | 
					
						
							|  |  |  |     software that ships with a Sendmail wrapper (e.g. Exim, Postfix, QMail or | 
					
						
							|  |  |  |     Sendmail itself).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <screenshot> | 
					
						
							|  |  |  |       <mediaobject> | 
					
						
							|  |  |  |         <imageobject> | 
					
						
							|  |  |  |           <imagedata fileref="images/lam_mail.png" /> | 
					
						
							|  |  |  |         </imageobject> | 
					
						
							|  |  |  |       </mediaobject> | 
					
						
							|  |  |  |     </screenshot> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-02 18:46:10 +00:00
										 |  |  |   <appendix id="a_lamdaemon"> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     <title>Setup for home directory and quota management</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Lamdaemon.pl is used to modify quota and home directories on a | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |     remote or local host via SSH (even if homedirs are located on | 
					
						
							|  |  |  |     localhost).</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |     <para>If you want wo use it you have to set up the following things to get | 
					
						
							|  |  |  |     it to work:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section id="a_lamdaemonConf"> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |       <title>LDAP Account Manager configuration</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Set the remote or local host in the configuration (e.g. | 
					
						
							|  |  |  |           127.0.0.1)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Path to lamdaemon.pl, e.g. | 
					
						
							|  |  |  |           /srv/www/htdocs/lam/lib/lamdaemon.pl If you installed a Debian or | 
					
						
							| 
									
										
										
										
											2012-09-29 10:56:18 +00:00
										 |  |  |           RPM package then the script will be located at | 
					
						
							|  |  |  |           /usr/share/ldap-account-manager/lib/lamdaemon.pl.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Your LAM admin user must be a valid Unix account. It needs to | 
					
						
							|  |  |  |           have the object class "posixAccount" and an attribute "uid". This | 
					
						
							|  |  |  |           account must be accepted by the SSH daemon of your home directory | 
					
						
							|  |  |  |           server. Do not create a second local account but change your system | 
					
						
							|  |  |  |           to accept LDAP users. You can use LAM to add the Unix account part | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  |           to your admin user or create a new account. Please do not forget to | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |           setup LDAP write access (<ulink | 
					
						
							|  |  |  |           url="http://www.openldap.org/doc/admin24/access-control.html">ACLs</ulink>) | 
					
						
							|  |  |  |           if you create a new account.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  |       <para></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/lamdaemon.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Note that the builtin admin/manager entries do not work for | 
					
						
							|  |  |  |       lamdaemon. You need to login with a Unix account.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/lamdaemon1.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-15 17:49:24 +00:00
										 |  |  |       <para><emphasis role="bold">OpenLDAP ACL location:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The access rights for OpenLDAP are configured in | 
					
						
							|  |  |  |       /etc/ldap/slapd.conf or | 
					
						
							| 
									
										
										
										
											2012-10-15 17:51:51 +00:00
										 |  |  |       /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Setup sudo</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The perl script has to run as root. Therefore we need a wrapper, | 
					
						
							|  |  |  |       sudo. Edit /etc/sudoers on host where homedirs or quotas should be used | 
					
						
							|  |  |  |       and add the following line:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-05-14 10:14:19 +00:00
										 |  |  |       <para>$admin All= NOPASSWD: $path_to_lamdaemon *</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-24 12:10:10 +00:00
										 |  |  |       <para><emphasis condition="">$admin</emphasis> is the admin user from | 
					
						
							|  |  |  |       LAM (must be a valid Unix account) and | 
					
						
							|  |  |  |       <emphasis>$path_to_lamdaemon</emphasis> is the path to | 
					
						
							|  |  |  |       lamdaemon.pl.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Example:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-05-14 10:14:19 +00:00
										 |  |  |       <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl | 
					
						
							|  |  |  |       *</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>You might need to run the sudo command once manually to init sudo. | 
					
						
							|  |  |  |       The command "sudo -l" will show all possible sudo commands of the | 
					
						
							|  |  |  |       current user.</para> | 
					
						
							| 
									
										
										
										
											2011-05-04 15:19:40 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Attention:</emphasis> Please do not use the | 
					
						
							|  |  |  |       options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers. | 
					
						
							|  |  |  |       Otherwise you might get errors like "you must have a tty to run sudo" or | 
					
						
							|  |  |  |       "no tty present and no askpass program specified".</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Setup Perl</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>We need an extra Perl module - Quota. To install it, run:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <simplelist> | 
					
						
							|  |  |  |         <member>perl -MCPAN -e shell</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <member>install Quota</member> | 
					
						
							|  |  |  |       </simplelist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If your Perl executable is not located in /usr/bin/perl you will | 
					
						
							|  |  |  |       have to edit the path in the first line of lamdaemon.pl. If you have | 
					
						
							|  |  |  |       problems compiling the Perl modules try installing a newer release of | 
					
						
							|  |  |  |       your GCC compiler and the "make" application.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Several Linux distributions already include a quota package for | 
					
						
							|  |  |  |       Perl.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Set up SSH</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Your SSH daemon must offer the password authentication method. To | 
					
						
							|  |  |  |       activate it just use this configuration option in | 
					
						
							|  |  |  |       /etc/ssh/sshd_config:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>PasswordAuthentication yes</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section> | 
					
						
							|  |  |  |       <title>Troubleshooting</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you have problems managing quotas and home directories then | 
					
						
							|  |  |  |       these points might help:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>There is a test page for lamdaemon: Login to LAM and open | 
					
						
							|  |  |  |           Tools -> Tests -> Lamdaemon test</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Check /var/log/auth.log or its equivalent on your system. This | 
					
						
							|  |  |  |           file contains messages about all logins. If the ssh login failed | 
					
						
							|  |  |  |           then you will find a description about the reason here.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Set sshd in debug mode. In /etc/ssh/sshd_conf add these | 
					
						
							|  |  |  |           lines:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <simplelist> | 
					
						
							|  |  |  |             <member>SyslogFacility AUTH</member> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             <member>LogLevel DEBUG3</member> | 
					
						
							|  |  |  |           </simplelist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           <para>Now check /var/log/syslog for messages from sshd.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							| 
									
										
										
										
											2013-06-03 18:42:27 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |       <para>Error message <emphasis role="bold">"Your LAM admin user (...) | 
					
						
							|  |  |  |       must be a valid Unix account to work with lamdaemon!"</emphasis>: This | 
					
						
							|  |  |  |       happens if you use the default LDAP admin/manager user to login to LAM. | 
					
						
							|  |  |  |       Please see <link linkend="a_lamdaemonConf">here</link> and setup a Unix | 
					
						
							|  |  |  |       account.</para> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  |     </section> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-02-16 12:18:59 +00:00
										 |  |  |   <appendix id="a_passwordSelfResetSchema"> | 
					
						
							|  |  |  |     <title>Setup password self reset schema (LAM Pro)</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section id="passwordSelfResetSchema_new"> | 
					
						
							|  |  |  |       <title>New installation</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please see <link | 
					
						
							|  |  |  |       linkend="passwordSelfResetSchema_update">here</link> if you want to | 
					
						
							|  |  |  |       upgrade an existing schema version.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Schema installation</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please install the schema that comes with LAM Pro. The schema | 
					
						
							|  |  |  |       files are located in:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>tar.bz2: docs/schema</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>DEB: /usr/share/doc/ldap-account-manager/docs/schema</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>RPM: | 
					
						
							|  |  |  |           /usr/share/doc/ldap-account-manager-{VERSION}/schema</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">OpenLDAP with slapd.conf | 
					
						
							|  |  |  |       configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>For a configuration with slapd.conf-file copy | 
					
						
							|  |  |  |       passwordSelfReset.schema to /etc/ldap/schema/ and add this line to | 
					
						
							|  |  |  |       slapd.conf:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout>  include         /etc/ldap/schema/passwordSelfReset.schema | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">OpenLDAP with slapd.d | 
					
						
							|  |  |  |       configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>For slapd.d configurations you need to upload the schema file | 
					
						
							|  |  |  |       passwordSelfReset.ldif via ldapadd command:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f | 
					
						
							|  |  |  |       passwordSelfReset.ldif</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please replace "localhost" with your LDAP server and | 
					
						
							|  |  |  |       "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with | 
					
						
							|  |  |  |       cn=admin or cn=manager).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Samba 4</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The schema files are passwordSelfReset-Samba4-attributes.ldif and | 
					
						
							|  |  |  |       passwordSelfReset-Samba4-objectClass.ldif.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>First, you need to edit them and replace "DOMAIN_TOP_DN" with your | 
					
						
							|  |  |  |       LDAP suffix (e.g. dc=samba4,dc=test).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then install the attribute and afterwards the object class schema | 
					
						
							|  |  |  |       file:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout>  ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true | 
					
						
							|  |  |  |   ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Windows</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The schema file is passwordSelfReset-Windows.ldif.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>First, you need to edit it and replace "DOMAIN_TOP_DN" with your | 
					
						
							|  |  |  |       LDAP suffix (e.g. dc=windows,dc=test).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Then install the schema file as administrator on a command | 
					
						
							|  |  |  |       line:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout>  ldifde -v -i -f passwordSelfReset-Windows.ldif | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>This allows to set a security question + answer for each | 
					
						
							|  |  |  |       account.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <section id="passwordSelfResetSchema_update"> | 
					
						
							|  |  |  |       <title>Schema update</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The schema files are located in:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>tar.bz2: docs/schema/updates</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>DEB: | 
					
						
							|  |  |  |           /usr/share/doc/ldap-account-manager/docs/schema/updates</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>RPM: | 
					
						
							|  |  |  |           /usr/share/doc/ldap-account-manager-{VERSION}/schema/updates</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Schema versions:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <orderedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Initial version (LAM Pro 3.6)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Added passwordSelfResetBackupMail (LAM Pro 4.5)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </orderedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">OpenLDAP with slapd.conf | 
					
						
							|  |  |  |       configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Install the schema file like a <link | 
					
						
							|  |  |  |       linkend="passwordSelfResetSchema_new">new install</link> (skip | 
					
						
							|  |  |  |       modification of slapd.conf file).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">OpenLDAP with slapd.d | 
					
						
							|  |  |  |       configuration</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The upgrade requires to stop the LDAP server.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Steps:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <orderedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Stop OpenLDAP with e.g. "/etc/init.d/slapd stop"</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Delete the old schema file. It is located in e.g. | 
					
						
							|  |  |  |           "/etc/ldap/slapd.d/cn=config/cn=schema" and called | 
					
						
							|  |  |  |           "cn={XX}passwordselfreset.ldif" (XX can be any number)</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Start OpenLDAP with e.g. "/etc/init.d/slapd start"</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>Install the schema file like a <link | 
					
						
							|  |  |  |           linkend="passwordSelfResetSchema_new">new install</link></para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </orderedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Samba 4</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Install the these update files by following the install | 
					
						
							|  |  |  |       instructions in the file:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>samba4_version_1_to_2_attributes.ldif</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>samba4_version_1_to_2_objectClass.ldif</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Please note that attributes file needs to be installed | 
					
						
							|  |  |  |       first.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para><emphasis role="bold">Windows</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>Install the file "windows_version_1_to_2.ldif" by following the | 
					
						
							|  |  |  |       install instructions in the file.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-01 16:26:57 +00:00
										 |  |  |   <appendix> | 
					
						
							|  |  |  |     <title>Adapt LAM to your corporate design</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>There are cases where you might want to change LAM's default | 
					
						
							|  |  |  |     look'n'feel to better integrate it in your company network. Changes can be | 
					
						
							|  |  |  |     done like this:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Change colors, fonts and other parts with | 
					
						
							|  |  |  |     custom CSS</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>You can integrate custom CSS files in LAM. It is recommended to | 
					
						
							|  |  |  |     write a separate CSS file instead of modifying LAM's default files.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The CSS files are located in</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> DEB/RPM: /usr/share/ldap-account-manager/style | 
					
						
							|  |  |  |  tar.bz2: style | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM will automatically integrate all CSS files in alphabetical | 
					
						
							|  |  |  |     order. E.g. you can create a file called "900_myCompany.css" which will be | 
					
						
							|  |  |  |     added as last file.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Example:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>This will change the background color of all pages to turquoise. See | 
					
						
							|  |  |  |     500_layout.css for LAM's default settings.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <programlisting>body { | 
					
						
							|  |  |  |   background-color: #b6eeff; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | </programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>You can use the same way to change fonts, sizes and more.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-12-22 13:46:45 +00:00
										 |  |  |     <para>E.g. this will reduce the default font size to 80%:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <programlisting>body { | 
					
						
							|  |  |  |   font-size: 80%; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | .ui-button-text-only { | 
					
						
							|  |  |  |   font-size: 100%; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | .ui-button-text-icon-primary { | 
					
						
							|  |  |  |   font-size: 100%; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | </programlisting> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-29 11:11:37 +00:00
										 |  |  |     <para><emphasis role="bold">Custom logo</emphasis><programlisting>/* image in login box */ | 
					
						
							|  |  |  | td.loginLogo { | 
					
						
							|  |  |  |   background-image: url(/logos/mylogo.png); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* image (24x24) in header line */ | 
					
						
							|  |  |  | a.lamLogo { | 
					
						
							|  |  |  |   background-image: url(/logos/mylogo.png); | 
					
						
							|  |  |  | }</programlisting></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Other images</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-11-01 16:26:57 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     <para>All images are located in</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> DEB/RPM: /usr/share/ldap-account-manager/graphics | 
					
						
							|  |  |  |  tar.bz2: graphics</literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Please note that if you replace images then you need to reapply your | 
					
						
							|  |  |  |     changes every time you upgrade LAM.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Special changes with custom | 
					
						
							|  |  |  |     JavaScript</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>In rare cases it might not be sufficient to write custom CSS or | 
					
						
							|  |  |  |     replace some image files. E.g. you might want to add custom content to all | 
					
						
							|  |  |  |     pages.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>For these cases you can add a custom JavaScript file that contains | 
					
						
							|  |  |  |     your code.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>The JavaScript files are located in</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <literallayout> DEB/RPM: /usr/share/ldap-account-manager/templates/lib | 
					
						
							|  |  |  |  tar.bz2: templates/lib</literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM will automatically integrate all .js files in alphabetical | 
					
						
							|  |  |  |     order. E.g. you can create a file called "900_myCompany.js" which will be | 
					
						
							|  |  |  |     added as last file.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Self service</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>See <link linkend="selfServiceBasicSettings">here</link> for self | 
					
						
							|  |  |  |     service customisations.</para> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |   <appendix id="clustering"> | 
					
						
							| 
									
										
										
										
											2013-02-04 18:34:56 +00:00
										 |  |  |     <title>Clustering LAM</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM is a web application based on PHP. Therefore, clustering is not | 
					
						
							|  |  |  |     directly a part of the application.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>But here are some hints to run LAM in a clustered | 
					
						
							|  |  |  |     environment.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Application parts:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>LAM can be divided into three parts</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <itemizedlist> | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>Software</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>Configuration files</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>Session files and temporary data</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  |     </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Software:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>This is the simplest part. Just install LAM on each cluster node. | 
					
						
							|  |  |  |     Please note that if you run LAM Pro you will need either one license for | 
					
						
							|  |  |  |     each active cluster node or a company license.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Configuration files:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>These files include the LAM server profiles, account profiles, PDF | 
					
						
							|  |  |  |     structures, ... Usually, they do not change frequently and can be put on a | 
					
						
							|  |  |  |     shared file system (e.g. NFS, AFS, ...).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Please link "config" or "/var/lib/ldap-account-manager/config" to a | 
					
						
							|  |  |  |     directory on your shared file system.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para><emphasis role="bold">Session data and temporary | 
					
						
							|  |  |  |     files:</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>These are critical because the files may change on every page load. | 
					
						
							|  |  |  |     There are basically two options:</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <itemizedlist> | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>load balancer with session stickiness: In this case your load | 
					
						
							|  |  |  |         balancer will forward all requests of a user to the same cluster node. | 
					
						
							|  |  |  |         In this case you can keep the files locally on your cluster nodes. If | 
					
						
							|  |  |  |         you already have a load balancer then this is the simplest solution | 
					
						
							|  |  |  |         and performs best. The disadvantage is that if a node fails then all | 
					
						
							|  |  |  |         users connected to this node will loose their session and need to | 
					
						
							|  |  |  |         relogin.</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <listitem> | 
					
						
							|  |  |  |         <para>shared file system: This should only be used if your load | 
					
						
							|  |  |  |         balancer does not support session stickiness or you use a different | 
					
						
							|  |  |  |         system to distribute request across the cluster. A shared file system | 
					
						
							|  |  |  |         will decrease performance for all page loads.</para> | 
					
						
							|  |  |  |       </listitem> | 
					
						
							|  |  |  |     </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     <para>Session data and temporary files are located in "tmp" + "sess" or | 
					
						
							|  |  |  |     "/var/lib/ldap-account-manager/tmp" + | 
					
						
							|  |  |  |     "/var/lib/ldap-account-manager/sess".</para> | 
					
						
							|  |  |  |   </appendix> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  |   <appendix> | 
					
						
							|  |  |  |     <title>Troubleshooting</title> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Functional issues</title> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para><emphasis role="bold">Size limit</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para>You will get a message like "LDAP sizelimit exceeded, not all | 
					
						
							|  |  |  |       entries are shown." when you hit the LDAP search limit. See the <link | 
					
						
							|  |  |  |       linkend="size_limit_exceeded">OpenLDAP settings</link> to fix | 
					
						
							|  |  |  |       this.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para><emphasis role="bold">Invalid syntax errors:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para>If you get any strange errors like "Invalid syntax" or "Invalid DN | 
					
						
							|  |  |  |       syntax" please check if your LDAP schema matches LAM's | 
					
						
							|  |  |  |       requirements.</para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <literallayout> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para><emphasis role="bold">Schema test:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para>This can be done by running "Tools" -> "Tests" -> "Schema | 
					
						
							|  |  |  |       test" inside LAM.</para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para>If there are any object classes or attributes missing you will get | 
					
						
							|  |  |  |       a notice. See <link linkend="a_schema">LDAP schema files</link> for a | 
					
						
							|  |  |  |       list of used schemas. You may also want to deactive unused modules in | 
					
						
							|  |  |  |       your LAM server profile (tab "Modules").</para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <screenshot> | 
					
						
							|  |  |  |         <mediaobject> | 
					
						
							|  |  |  |           <imageobject> | 
					
						
							|  |  |  |             <imagedata fileref="images/schemaTest.png" /> | 
					
						
							|  |  |  |           </imageobject> | 
					
						
							|  |  |  |         </mediaobject> | 
					
						
							|  |  |  |       </screenshot> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para><literallayout> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | </literallayout><emphasis role="bold">Logging:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para>If your schema is correct you can turn on LDAP logging to get more | 
					
						
							|  |  |  |       detailed error messages from your LDAP server.</para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <literallayout> | 
					
						
							| 
									
										
										
										
											2013-12-17 20:29:51 +00:00
										 |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <para><emphasis role="bold">OpenLDAP logging:</emphasis></para> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       <itemizedlist> | 
					
						
							|  |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>slapd.conf: In /etc/ldap/slapd.conf turn logging on with the | 
					
						
							|  |  |  |           line "loglevel 256".</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |         <listitem> | 
					
						
							|  |  |  |           <para>slapd.d: In /etc/ldap/slapd.d/cn=config.ldif please change the | 
					
						
							|  |  |  |           attribute "olcLogLevel" to "Stats". Please add a line "olcLogLevel: | 
					
						
							|  |  |  |           Stats" if the attribute is missing.</para> | 
					
						
							|  |  |  |         </listitem> | 
					
						
							|  |  |  |       </itemizedlist> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>After changing the configuration please restart OpenLDAP. It | 
					
						
							|  |  |  |       usually uses /var/log/syslog for log output.</para> | 
					
						
							|  |  |  |     </section> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |     <section> | 
					
						
							|  |  |  |       <title>Performance issues</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>LAM is tested to work with 10000 users with acceptable | 
					
						
							|  |  |  |       performance. If you have a larger directory or slow hardware then here | 
					
						
							|  |  |  |       are some points to increase performance.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>The first step is to check if performance problems are caused by | 
					
						
							|  |  |  |       the LAM web server or the LDAP server. Please check which machine | 
					
						
							|  |  |  |       suffers from high system load (CPU/memory consumption).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>High network latency may also be a problem. For large | 
					
						
							|  |  |  |       installations please make sure that LAM web server and LDAP server are | 
					
						
							|  |  |  |       located in the same building/server room.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <para>If you run LAM on multiple nodes (DNS load balancing/hardware load | 
					
						
							|  |  |  |       balancer) then also check the <link linkend="clustering">clustering | 
					
						
							|  |  |  |       section</link>.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>LDAP server</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Use indices</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>Depending on the queries it may help to add some more indices on | 
					
						
							|  |  |  |         the LDAP server. Depending on your LDAP software it may already | 
					
						
							|  |  |  |         suggest indices in its log files. See <link | 
					
						
							|  |  |  |         linkend="indices">here</link> for typical OpenLDAP indices.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Reduce query results by splitting LDAP | 
					
						
							|  |  |  |         management into multiple server profiles</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you manage a very large directory then it might already be | 
					
						
							|  |  |  |         separated into multiple subtrees (e.g. by country, subsidiary, ...). | 
					
						
							|  |  |  |         Do not use a single LAM server profile to manage your whole directory. | 
					
						
							|  |  |  |         Use different server profiles for each separated LDAP subtree where | 
					
						
							|  |  |  |         possible (e.g. one for German users and one for French ones).</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Limit query results</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>LAM allows to set an <ulink url="general_settings">LDAP search | 
					
						
							|  |  |  |         limit</ulink> for each server profile. This will limit the number of | 
					
						
							|  |  |  |         entries returned by your LDAP server. Use with caution because it can | 
					
						
							|  |  |  |         cause problems (e.g. with automatic UID generation) when LAM is not | 
					
						
							|  |  |  |         able to read all entries.</para> | 
					
						
							| 
									
										
										
										
											2014-01-12 11:17:16 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configProfiles4.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       <section> | 
					
						
							|  |  |  |         <title>LAM web server</title> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Install a PHP | 
					
						
							|  |  |  |         accelerator</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>There are tools like <ulink | 
					
						
							|  |  |  |         url="http://www.php.net/manual/en/book.apc.php">APC</ulink> (free) or | 
					
						
							|  |  |  |         <ulink url="http://www.zend.com/en/products/server/">Zend | 
					
						
							|  |  |  |         Server</ulink> (commercial) that provide caching of PHP pages to | 
					
						
							|  |  |  |         improve performance. They will reduce the time for parsing the PHP | 
					
						
							|  |  |  |         pages and IO load.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>This is a simply way to enhance performance since APC is part of | 
					
						
							|  |  |  |         most Linux distributions.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para>If you use APC then make sure that it uses enough memory (e.g. | 
					
						
							|  |  |  |         "apc.shm_size=128M"). You can check the memory usage with the file | 
					
						
							|  |  |  |         apc.php that is shipped with APC.</para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 11:17:16 +00:00
										 |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/apc.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |         <literallayout> | 
					
						
							|  |  |  | </literallayout> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         <para><emphasis role="bold">Disable session | 
					
						
							|  |  |  |         encryption</emphasis></para> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-12 11:08:43 +00:00
										 |  |  |         <para>LAM encrypts sensitive data in your session files. You can <link | 
					
						
							|  |  |  |         linkend="sessionEncryption">disable</link> it to reduce CPU | 
					
						
							|  |  |  |         load.</para> | 
					
						
							| 
									
										
										
										
											2014-01-12 11:17:16 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         <screenshot> | 
					
						
							|  |  |  |           <mediaobject> | 
					
						
							|  |  |  |             <imageobject> | 
					
						
							|  |  |  |               <imagedata fileref="images/configGeneral1.png" /> | 
					
						
							|  |  |  |             </imageobject> | 
					
						
							|  |  |  |           </mediaobject> | 
					
						
							|  |  |  |         </screenshot> | 
					
						
							| 
									
										
										
										
											2014-01-11 14:08:47 +00:00
										 |  |  |       </section> | 
					
						
							|  |  |  |     </section> | 
					
						
							| 
									
										
										
										
											2012-10-30 19:08:35 +00:00
										 |  |  |   </appendix> | 
					
						
							| 
									
										
										
										
											2009-11-07 18:08:11 +00:00
										 |  |  | </book> |