diff --git a/lam/HISTORY b/lam/HISTORY
index fb41ac52..8d1b4ad3 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,4 +1,5 @@
March 2018 6.3
+ - Server profile: added option if referential integrity overlay is active to sip cleanup actions
- LAM Pro:
-> Support custom structural object classes with new custom type
-> Support dynamic lists
diff --git a/lam/docs/manual-sources/chapter-configuration.xml b/lam/docs/manual-sources/chapter-configuration.xml
index d92fbfa9..3b539b36 100644
--- a/lam/docs/manual-sources/chapter-configuration.xml
+++ b/lam/docs/manual-sources/chapter-configuration.xml
@@ -368,24 +368,49 @@
Advanced options
- Sometimes, you may not want to display the server address on the
- login page. In this case you can setup a display name here (e.g.
- "Production").
+ Display name: Sometimes, you may not want to display the server
+ address on the login page. In this case you can setup a display name
+ here (e.g. "Production").
- By default LAM will not follow LDAP referrals. This is ok for
- most installations. If you use LDAP referrals please activate the
- referral option in advanced settings.
+ Follow referrals: By default LAM will not follow LDAP referrals.
+ This is ok for most installations. If you use LDAP referrals please
+ activate the referral option in advanced settings.
- Paged results should be activated only if you encounter any
- problems regarding size limits on Active Directory. LAM will then
- query LDAP to return results in chunks of 999 entries.
+ Paged results: Paged results should be activated only if you
+ encounter any problems regarding size limits on Active Directory. LAM
+ will then query LDAP to return results in chunks of 999
+ entries.
+
+ Referential integrity overlay: Activate this checkbox if you
+ have any server side extension for referential integrity in place. In
+ this case the server will cleanup references to LDAP entries that are
+ deleted.
+
+ The following actions are skipped in this case:
+
+
+
+ Users: group of (unique) names: memberships are not deleted
+ when user is deleted
+
+
+
+ Users: organizational roles: role assignments are not
+ deleted when user is deleted
+
+
+
+ Groups: groupOf(Unique)Names: memberships are not deleted
+ when group is deleted
+
+
LAM is translated to many different languages. Here you can
select the default language for this server profile. The language
- setting may be overriden at the LAM login page.
+ setting may be overridden at the LAM login page.
Please also set your time zone here.
diff --git a/lam/docs/manual-sources/images/configProfiles4.png b/lam/docs/manual-sources/images/configProfiles4.png
index 0f7f6db5..d475cd05 100644
Binary files a/lam/docs/manual-sources/images/configProfiles4.png and b/lam/docs/manual-sources/images/configProfiles4.png differ
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 5e5f8af8..f4ed156d 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -904,6 +904,11 @@ class posixAccount extends baseModule implements passwordService {
for ($i = 0; $i < sizeof($groups); $i++) {
$return[$groups[$i]['dn']]['remove']['memberUid'][] = $this->attributes['uid'][0];
}
+ // stop here if referential integrity overlay is active
+ $config = $this->getAccountContainer()->get_type()->getTypeManager()->getConfig();
+ if ($config->isReferentialIntegrityOverlayActive()) {
+ return $return;
+ }
// remove from group of names
$dn = $this->getAccountContainer()->dn_orig;
$gons = searchLDAPByFilter('(|(member=' . $dn . ')(uniqueMember=' . $dn . '))', array('member', 'uniqueMember'), array('group', 'gon'));