187 lines
		
	
	
		
			6.7 KiB
		
	
	
	
		
			XML
		
	
	
	
		
		
			
		
	
	
			187 lines
		
	
	
		
			6.7 KiB
		
	
	
	
		
			XML
		
	
	
	
|  | <?xml version="1.0" encoding="UTF-8"?> | ||
|  | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | ||
|  | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">  | ||
|  |   <chapter id="a_accessLevelPasswordReset"> | ||
|  |     <title>Access levels and password reset page (LAM Pro)</title> | ||
|  | 
 | ||
|  |     <para>You can define different access levels for each profile to allow or | ||
|  |     disallow write access. The password reset page helps your deskside support | ||
|  |     staff to reset user passwords.</para> | ||
|  | 
 | ||
|  |     <section> | ||
|  |       <title id="s_accessLevel">Access levels</title> | ||
|  | 
 | ||
|  |       <para>There are three access levels:</para> | ||
|  | 
 | ||
|  |       <itemizedlist> | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Write access (default)</emphasis></para> | ||
|  | 
 | ||
|  |           <para>There are no restrictions. LAM admin users can manage account, | ||
|  |           create profiles and set passwords.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Change passwords</emphasis></para> | ||
|  | 
 | ||
|  |           <para>Similar to "Read only" except that the <link | ||
|  |           linkend="s_pwdReset">password reset page</link> is available.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Read only</emphasis></para> | ||
|  | 
 | ||
|  |           <para>No write access to the LDAP database is allowed. It is also | ||
|  |           impossible to manage account and PDF profiles.</para> | ||
|  | 
 | ||
|  |           <para>Accounts may be viewed but no changes can be saved.</para> | ||
|  |         </listitem> | ||
|  |       </itemizedlist> | ||
|  | 
 | ||
|  |       <para>The access level can be set on the server configuration | ||
|  |       page:</para> | ||
|  | 
 | ||
|  |       <para><screenshot> | ||
|  |           <mediaobject> | ||
|  |             <imageobject> | ||
|  |               <imagedata fileref="images/accessLevel.png" /> | ||
|  |             </imageobject> | ||
|  |           </mediaobject> | ||
|  |         </screenshot></para> | ||
|  |     </section> | ||
|  | 
 | ||
|  |     <section id="s_pwdReset"> | ||
|  |       <title>Password reset page</title> | ||
|  | 
 | ||
|  |       <para>This special page allows your deskside support staff to reset the | ||
|  |       Unix and Samba passwords of your users. Account may also be (un)locked | ||
|  |       If you set the <link linkend="s_accessLevel">access level</link> to | ||
|  |       "Change passwords" then LAM will not allow any changes to the LDAP | ||
|  |       database except password changes via this page. The account pages will | ||
|  |       be still available in read-only mode.</para> | ||
|  | 
 | ||
|  |       <para>You can open the password reset page by clicking on the key symbol | ||
|  |       on each user account:</para> | ||
|  | 
 | ||
|  |       <para><screenshot> | ||
|  |           <mediaobject> | ||
|  |             <imageobject> | ||
|  |               <imagedata fileref="images/passwordReset1.png" /> | ||
|  |             </imageobject> | ||
|  |           </mediaobject> | ||
|  |         </screenshot>There are three different options to set a new password. | ||
|  |       You can further restrict these options in server profile | ||
|  |       settings.</para> | ||
|  | 
 | ||
|  |       <itemizedlist> | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">set random password and display it on | ||
|  |           screen</emphasis></para> | ||
|  | 
 | ||
|  |           <para>This will set the user's password to a random value. The | ||
|  |           password will be 11 characters long with a random combination of | ||
|  |           letters, digits and ".-_".</para> | ||
|  | 
 | ||
|  |           <para>You may want to use this method to tell users their new | ||
|  |           passwords via phone.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">set random password and mail it to | ||
|  |           user</emphasis></para> | ||
|  | 
 | ||
|  |           <para>If the user account has set the mail attribute then LAM can | ||
|  |           send your user a mail with the new password. You can change the mail | ||
|  |           template to fit your needs. Please configure your LAM server profile | ||
|  |           to setup the sender address, subject and mail body. Please see <link | ||
|  |           linkend="mailEOL">email format option</link> in case of broken | ||
|  |           mails. See <link linkend="mailSetup">here</link> for setting up your | ||
|  |           SMTP server.</para> | ||
|  | 
 | ||
|  |           <para>Using this method will prevent that your support staff knows | ||
|  |           the new password.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">set specific password</emphasis></para> | ||
|  | 
 | ||
|  |           <para>Here you can specify your own password.</para> | ||
|  |         </listitem> | ||
|  |       </itemizedlist> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/passwordReset2.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  | 
 | ||
|  |       <para>LAM will display contact information about the user like the | ||
|  |       user's name, email address and telephone number. This will help your | ||
|  |       deskside support to easily contact your users.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Options:</emphasis></para> | ||
|  | 
 | ||
|  |       <para>Depending on the account there may be additional options | ||
|  |       available.</para> | ||
|  | 
 | ||
|  |       <itemizedlist> | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Sync Samba NT/LM password with Unix | ||
|  |           password:</emphasis> If a user account has Samba passwords set then | ||
|  |           LAM will offer to synchronize the passwords.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Unlock Samba account:</emphasis> Locked | ||
|  |           Samba accounts can be unlocked with the password change.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Update Samba password | ||
|  |           timestamps:</emphasis> This will set the timestamps when the | ||
|  |           password was changed (sambaPwdLastSet). Only existing attributes are | ||
|  |           updated. No new attributes are added.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Sync Kerberos password with Unix | ||
|  |           password:</emphasis> This will also update the Heimdal Kerberos | ||
|  |           password.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Sync Asterisk (voicemail) password with | ||
|  |           Unix password:</emphasis> Changes also the Asterisk | ||
|  |           passwords.</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Force password change:</emphasis> This | ||
|  |           will force the user to change his password at next login. This | ||
|  |           option supports Shadow, Samba 3 and PPolicy (automatically | ||
|  |           detected).</para> | ||
|  |         </listitem> | ||
|  |       </itemizedlist> | ||
|  | 
 | ||
|  |       <literallayout> | ||
|  | </literallayout> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Account (un)locking:</emphasis></para> | ||
|  | 
 | ||
|  |       <para>Depending if the account includes a Unix/Samba extension and | ||
|  |       PPolicy is activated the page will show options to (un)lock the account. | ||
|  |       E.g. if the account is fully unlocked then there will be no unlocking | ||
|  |       options printed.</para> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/passwordReset3.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  |     </section> | ||
|  |   </chapter> |