313 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			XML
		
	
	
	
		
		
			
		
	
	
			313 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			XML
		
	
	
	
|  | <?xml version="1.0" encoding="UTF-8"?> | ||
|  | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | ||
|  | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">  | ||
|  |   <chapter> | ||
|  |     <title>Big picture</title> | ||
|  | 
 | ||
|  |     <section> | ||
|  |       <title>Overview</title> | ||
|  | 
 | ||
|  |       <para>LAM has two major areas:</para> | ||
|  | 
 | ||
|  |       <itemizedlist> | ||
|  |         <listitem> | ||
|  |           <para>Admin interface to manage all sorts of different LDAP entries | ||
|  |           (e.g. users/groups/hosts)</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Self service (LAM Pro) where end users can edit their own | ||
|  |           data</para> | ||
|  |         </listitem> | ||
|  |       </itemizedlist> | ||
|  | 
 | ||
|  |       <para></para> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/bigPicture1.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Admin interface</emphasis></para> | ||
|  | 
 | ||
|  |       <para>This is the main part of the application. It allows to manage a | ||
|  |       large list of LDAP entries (e.g. users, groups, DNS entries, ...). This | ||
|  |       part is accessed by LDAP admins and support staff.</para> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/bigPicture2.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  | 
 | ||
|  |       <para>Functional areas:</para> | ||
|  | 
 | ||
|  |       <orderedlist> | ||
|  |         <listitem> | ||
|  |           <para>Account tabs: These tabs allow to switsch between different | ||
|  |           account types</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Tree view: Provides an LDAP browser to edit LDAP entries on | ||
|  |           attribute level</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Tools menu: Contains useful tools such as profile and PDF | ||
|  |           editor</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Help: Link to manual</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Logout: Logout of the application</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>List view: Lists all entries of the selected account type | ||
|  |           (e.g. users)</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>List configuration: Configuration settings for list view (e.g. | ||
|  |           number of entries per page)</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para>Filter: Filter boxes allow to enter simple filters like | ||
|  |           "a*"</para> | ||
|  |         </listitem> | ||
|  |       </orderedlist> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Self Service</emphasis></para> | ||
|  | 
 | ||
|  |       <para>The self service provides a simple interface for your users to | ||
|  |       edit their own data (e.g. telephone number). It also supports user self | ||
|  |       registration and password reset functionality.</para> | ||
|  | 
 | ||
|  |       <para>You can fully customize the layout of the self service | ||
|  |       page.</para> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/bigPicture3.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Configuration</emphasis></para> | ||
|  | 
 | ||
|  |       <para>Configuration is done on multiple levels:</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Global</emphasis></para> | ||
|  | 
 | ||
|  |       <para>Effective for all parts of LAM (e.g. logging and password | ||
|  |       policy).</para> | ||
|  | 
 | ||
|  |       <para>Configured via LAM admin login -> LAM configuration -> <link | ||
|  |       linkend="generalSettings">Edit general settings</link>.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Server profile</emphasis></para> | ||
|  | 
 | ||
|  |       <para>All settings for an LDAP connection (e.g. server name, LDAP | ||
|  |       suffixes, account types/modules to activate) in admin interface. There | ||
|  |       may be multiple for one LDAP server (e.g. for multiple departments, | ||
|  |       different user groups, ...).</para> | ||
|  | 
 | ||
|  |       <para>Configured via LAM admin login -> LAM configuration -> <link | ||
|  |       linkend="serverProfiles">Edit server profile</link>.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Self service</emphasis></para> | ||
|  | 
 | ||
|  |       <para>All settings for a self service interface (e.g. fields that can be | ||
|  |       edited, password reset functionality, ...).</para> | ||
|  | 
 | ||
|  |       <para>Configured via LAM admin login -> LAM configuration -> <link | ||
|  |       linkend="a_selfService">Edit self service</link>.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Profiles</emphasis></para> | ||
|  | 
 | ||
|  |       <para><link linkend="a_accountProfile">Account profiles</link> store | ||
|  |       default values for new LDAP entries.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">PDF structures</emphasis></para> | ||
|  | 
 | ||
|  |       <para><link linkend="pdfEditor">PDF structures</link> define the layout | ||
|  |       and list of data fields to include in PDF export.</para> | ||
|  |     </section> | ||
|  | 
 | ||
|  |     <section> | ||
|  |       <title>Glossary</title> | ||
|  | 
 | ||
|  |       <para>Here you can find a list of common terms used in LAM.</para> | ||
|  | 
 | ||
|  |       <table> | ||
|  |         <title>Glossary</title> | ||
|  | 
 | ||
|  |         <tgroup cols="2"> | ||
|  |           <thead> | ||
|  |             <row> | ||
|  |               <entry align="center">Term</entry> | ||
|  | 
 | ||
|  |               <entry align="center">Description</entry> | ||
|  |             </row> | ||
|  |           </thead> | ||
|  | 
 | ||
|  |           <tbody> | ||
|  |             <row> | ||
|  |               <entry>Account module</entry> | ||
|  | 
 | ||
|  |               <entry>Plugin for a specific account type (e.g. Unix plugin for | ||
|  |               user type)</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Account type</entry> | ||
|  | 
 | ||
|  |               <entry>Type of an LDAP entry (e.g. user/group/host)</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Admin interface</entry> | ||
|  | 
 | ||
|  |               <entry>LAM webpages for admin user (e.g. to create new | ||
|  |               users)</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Lamdaemon</entry> | ||
|  | 
 | ||
|  |               <entry>Support script to manage user file system quotas and | ||
|  |               create home directories</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>PDF editor</entry> | ||
|  | 
 | ||
|  |               <entry>Manages PDF structures</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>PDF export</entry> | ||
|  | 
 | ||
|  |               <entry>Exports an entry to PDF by using a PDF structure</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>PDF structure</entry> | ||
|  | 
 | ||
|  |               <entry>Defines the layout and list of data fields to include in | ||
|  |               PDF export</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Profile</entry> | ||
|  | 
 | ||
|  |               <entry>Template for creation of LDAP entries, contains default | ||
|  |               values</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Profile editor</entry> | ||
|  | 
 | ||
|  |               <entry>Manages profiles for all account types</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Self Service</entry> | ||
|  | 
 | ||
|  |               <entry>LAM webpages for normal users where they can edit their | ||
|  |               own data</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Self service profile</entry> | ||
|  | 
 | ||
|  |               <entry>Configuration for self service pages (multiple | ||
|  |               configurations can exist)</entry> | ||
|  |             </row> | ||
|  | 
 | ||
|  |             <row> | ||
|  |               <entry>Tree view</entry> | ||
|  | 
 | ||
|  |               <entry>LDAP browser that allows to modify LDAP entries on | ||
|  |               attribute/object class level</entry> | ||
|  |             </row> | ||
|  |           </tbody> | ||
|  |         </tgroup> | ||
|  |       </table> | ||
|  |     </section> | ||
|  | 
 | ||
|  |     <section> | ||
|  |       <title>Architecture</title> | ||
|  | 
 | ||
|  |       <para>There are basically two groups of users for LAM:</para> | ||
|  | 
 | ||
|  |       <itemizedlist> | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">LDAP administrators and support | ||
|  |           staff:</emphasis></para> | ||
|  | 
 | ||
|  |           <para>These people administer LDAP entries like user accounts, | ||
|  |           groups, ...</para> | ||
|  |         </listitem> | ||
|  | 
 | ||
|  |         <listitem> | ||
|  |           <para><emphasis role="bold">Users:</emphasis></para> | ||
|  | 
 | ||
|  |           <para>This includes all people who need to manage their own data | ||
|  |           inside the LDAP directory. E.g. these people edit their contact | ||
|  |           information with LAM self service (LAM Pro).</para> | ||
|  |         </listitem> | ||
|  |       </itemizedlist> | ||
|  | 
 | ||
|  |       <screenshot> | ||
|  |         <mediaobject> | ||
|  |           <imageobject> | ||
|  |             <imagedata fileref="images/lam_architecture.png" /> | ||
|  |           </imageobject> | ||
|  |         </mediaobject> | ||
|  |       </screenshot> | ||
|  | 
 | ||
|  |       <para>Therefore, LAM is split into two separate parts, LAM for admins | ||
|  |       and for users. LAM for admins allows to manage various types of LDAP | ||
|  |       entries (e.g. users, groups, hosts, ...). It also contains tools like | ||
|  |       batch upload, account profiles, LDAP schema viewer and an LDAP browser. | ||
|  |       LAM for users focuses on end users. It provides a self service for the | ||
|  |       users to edit their personal data (e.g. contact information). The LAM | ||
|  |       administrator is able to specify what data may be changed by the users. | ||
|  |       The design is also adaptable to your corporate design.</para> | ||
|  | 
 | ||
|  |       <para>LAM for admins/users is accessible via HTTP(S) by all major web | ||
|  |       browsers (Firefox, IE, Opera, ...).</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">LAM runtime environment:</emphasis></para> | ||
|  | 
 | ||
|  |       <para>LAM runs on PHP. Therefore, it is independant of CPU architecture | ||
|  |       and operating system (OS). You can run LAM on any OS which supports | ||
|  |       Apache, Nginx or other PHP compatible web servers.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">Home directory server:</emphasis></para> | ||
|  | 
 | ||
|  |       <para>You can manage user home directories and their quotas inside LAM. | ||
|  |       The home directories may reside on the server where LAM is installed or | ||
|  |       any remote server. The commands for home directory management are | ||
|  |       secured by SSH. LAM will use the user name and password of the logged in | ||
|  |       LAM administrator for authentication.</para> | ||
|  | 
 | ||
|  |       <para><emphasis role="bold">LDAP directory:</emphasis></para> | ||
|  | 
 | ||
|  |       <para>LAM connects to your LDAP server via standard LDAP protocol. It | ||
|  |       also supports encrypted connections with SSL and TLS.</para> | ||
|  |     </section> | ||
|  |   </chapter> |