1. What's exactly the license of FPDF? Are there any usage restrictions?
+FPDF is Freeware (it is stated at the beginning of the source file). There is no usage
+restriction. You may embed it freely in your application (commercial or not), with or
+without modification. You may redistribute it, too.
+
2. When I try to create a PDF, a lot of weird characters show on the screen. Why?
+These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
+IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
+without launching Acrobat. This happens frequently during the development stage: on the least
+script error, an HTML page is sent, and after correction, the PDF arrives.
+
+To solve the problem, simply quit and restart IE. You can also go to another URL and come
+back.
+
+To avoid this kind of inconvenience during the development, you can generate the PDF directly
+to a file and open it through the explorer.
+
3. I try to generate a PDF and IE displays a blank page. What happens?
+First of all, check that you send nothing to the browser after the PDF (not even a space or a
+carriage return). You can put an exit statement just after the call to the Output() method to
+be sure.
+
+If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
+conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
+test your application with as many IE versions as possible (at least if you're on the Internet).
+The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
+more that it causes other problems, see the next question). The GET works better but may fail
+when the URL becomes too long: don't use a query string with more than 45 characters. However, a
+tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a form, you
+can add a hidden field at the last position:
+
+
+
+The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching).
+See question 5 for a workaround.
+
+
+To avoid all these problems in a reliable manner, two main techniques exist:
+
+
+- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in
+the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat
+5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in
+IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask
+before opening this type of file" and choose Open. From now on, PDF files will open
+automatically in an external Acrobat window.
+
+The drawback of the method is that you need to alter the client configuration, which you can do
+in an intranet environment but not for the Internet.
+
+
+- Use a redirection technique. It consists in generating the PDF in a temporary file on the
+server and redirect the client on it (by using JavaScript, not the Location HTTP header which
+also causes trouble). For instance, at the end of the script, you can put the following:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>";
+
+
+Then create the getpdf.php file with this:
+
+
+
+
+<?php
+$f=$HTTP_GET_VARS['f'];
+//Check file (don't skip it!)
+if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))
+ die('Incorrect file name');
+if(!file_exists($f))
+ die('File does not exist');
+//Handle special IE request if needed
+if($HTTP_SERVER_VARS['HTTP_USER_AGENT']=='contype')
+{
+ Header('Content-Type: application/pdf');
+ exit;
+}
+//Output PDF
+Header('Content-Type: application/pdf');
+Header('Content-Length: '.filesize($f));
+readfile($f);
+//Remove file
+unlink($f);
+exit;
+?>
+
+
+This method works in most cases but IE6 can still experience trouble. The "ultimate" method
+consists in redirecting directly to the temporary file. The file name must therefore end with .pdf:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+rename($file,$file.'.pdf');
+$file.='.pdf';
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>";
+
+
+This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do
+some cleaning in order to delete the temporary files. For instance:
+
+
+
+This function deletes all files of the form tmp*.pdf older than an hour in the specified
+directory. You may call it where you want, for instance in the script which generates the PDF.
+
+
+Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the
+redirection.
+
4. I send parameters using the POST method and the values don't appear in the PDF.
+It's a problem affecting some versions of IE (especially the first 5.5). See the previous
+question for the ways to work around it.
+
5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.
+It's a problem affecting some versions of IE. To work around it, add the following line before
+session_start():
+
+
+
+
+session_cache_limiter('private');
+
+
+or do a redirection as explained in question 3.
+
6. When I'm on SSL, IE can't open the PDF.
+The problem may be fixed by adding this line:
+
+
+
+Header('Pragma: public');
+
+
+
+
7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".
+When the decimal separator is configured as a comma before including a file, there is a
+bug in some PHP versions and decimal
+numbers get truncated. Therefore you shouldn't make a call to setlocale() before including the class.
+On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a
+setlocale() call.
+
8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".
+Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per
+pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
+
9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)
+You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return,
+neither before nor after. The script outputs something at line X.
+
10. I try to display a variable in the Header method but nothing prints.
+You have to use the global keyword, for instance:
+
+
+
11. I defined the Header and Footer methods in my PDF class but nothing appears.
+You have to create an object from the PDF class, not FPDF:
+
+
+
+$pdf=new PDF();
+
+
+
+
12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.
+You have to enclose your string with double quotes, not single ones.
+
13. I try to put the euro symbol but it doesn't work.
+The standard fonts have the euro character at position 128. You can define a constant like this
+for convenience:
+
+
+
+
+define('EURO',chr(128));
+
+
+Note: Acrobat 4 or higher is required to display euro.
+
14. I draw a frame with very precise dimensions, but when printed I notice some differences.
+To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
+
15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?
+All printers have physical margins (different depending on the model), it is therefore impossible
+to remove them and print on the totality of the paper.
+
16. What's the limit of the file sizes I can generate with FPDF?
+There is no particular limit. There are some constraints however:
+
+
+- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
+especially with images, this limit may be reached (the file being built into memory). The
+parameter is configured in the php.ini file.
+
+
+- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
+reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
+
+
+- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
+reach the limit, it will be lost. It is therefore advised for very big documents to
+generate them in a file, and to send some data to the browser from time to time (for instance
+page 1, page 2... with flush() to force the output). When the document is finished, you can send
+a redirection on it with JavaScript or create a link.
+
+Remark: even when the browser goes in time-out, the script may continue to run on the server.
+
17. Can I modify a PDF with FPDF?
+No.
+
18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?
+No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
+a PDF. It is provided with the Xpdf package:
+
+http://www.foolabs.com/xpdf/
+
19. Can I convert an HTML page to PDF with FPDF?
+No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
+
+http://www.easysw.com/htmldoc/
+
20. Can I concatenate PDF files with FPDF?
+No. But a free C utility exists to perform this task:
+
+http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html
+
+
diff --git a/lam-0.4/docs/README.hosts.txt b/lam-0.4/docs/README.hosts.txt
new file mode 100644
index 00000000..8303992e
--- /dev/null
+++ b/lam-0.4/docs/README.hosts.txt
@@ -0,0 +1,28 @@
+The attribute "host" is only in objectclass account.
+Unfortunatly "account" conflicts with
+"inetorgperson". so there's no perfect way to use
+both.
+
+In order to get attribute host working you have to
+modify schema/inetorgperson and include host:
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 $ host )
+ )
+
diff --git a/lam-0.4/docs/README.lamdaemon.txt b/lam-0.4/docs/README.lamdaemon.txt
new file mode 100644
index 00000000..6335e4b8
--- /dev/null
+++ b/lam-0.4/docs/README.lamdaemon.txt
@@ -0,0 +1,56 @@
+lamdaemon.pl is used to modify quota and homedirs
+on a remote or local host via ssh.
+If you want wo use it you have to set up some
+things to get it to work:
+
+1. Setup values in LDAP Account Manager
+ * Set the remote or local host in the configuration
+ (e.g. 127.0.0.1)
+ * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
+
+
+2. Set up sudo
+ The perl script has to run as root. Therefore we need
+ a wrapper, sudo.
+ Edit /etc/sudoers on host where homedirs or quotas should be used
+ and add the following line:
+ $admin All= NOPASSWD: $path
+ $admin is the adminuser from LAM and $path
+ is the path to lamdaemon.pl e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
+ At the moment the password is a paramteter of lamdaemon.pl
+ therefore you should disable logging so the password does not
+ appear in any logfile.
+ This can be done by adding the following line to /etc/sudoers:
+ Defaults:$admin !syslog
+
+3. Set up Perl
+ We need some external Perl modules, Quota and Net::SSH::Perl
+ To install them, run:
+ perl -MCPAN -e shell
+ install Quota
+ install Net::SSH::Perl
+
+4. Test lamdaemon.pl
+ I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl
+ with the following attributes to test it:
+ lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
+ $ssh-server is the remote host lamdaemon.pl should be run on
+ $lam_path_on_host is the path to lamdaemon.pl on remote host
+ $admin-username is the name of the user which is allowed to run lamdaemon.pl
+ as root. It is the same user as in /etc/sudoers
+ $admin-password is the password of the admin user
+ *test is the command which tells lamdaemon.pl to test settings
+
+ You have to run the command as the user your webserver is running, e.g.
+
+ wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
+ 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test
+
+ You should get the following response:
+ Net::SSH::Perl successfully installed.
+ Perl quota module successfully installed.
+ If you have not seen any error lamdaemon.pl should be set up successfully.
+
+Now everything should work fine.
+
+Please send a mail to TiloLutz@gmx.de if you have any suggestions.
diff --git a/lam-0.4/docs/README.openldap.txt b/lam-0.4/docs/README.openldap.txt
new file mode 100644
index 00000000..b66ae625
--- /dev/null
+++ b/lam-0.4/docs/README.openldap.txt
@@ -0,0 +1,21 @@
+Some basic hints to configure the OpenLDAP server:
+
+SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts
+ change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values.
+
+INDICES: Indices will improve the performance when searching for entries in the LDAP directory.
+ The following indices are recommended:
+
+ index objectClass eq
+ index default sub
+ index uidNumber eq
+ index gidNumber eq
+ index memberUid eq
+ index cn,sn,uid,displayName pres,sub,eq
+ # Samba 2.x
+ index rid eq
+ index primaryGroupID eq
+ # Samba 3.x
+ index sambaSID eq
+ index sambaPrimaryGroupSID eq
+ index sambaDomainName eq
diff --git a/lam-0.4/docs/README.security.txt b/lam-0.4/docs/README.security.txt
new file mode 100644
index 00000000..cbae78d8
--- /dev/null
+++ b/lam-0.4/docs/README.security.txt
@@ -0,0 +1,36 @@
+
+1. Use of SSL
+
+ The data which is transfered between you and LAM is very sensitive.
+ Please always use SSL encrypted connections between LAM and your browser to
+ protect yourself against network sniffers.
+
+
+2. LDAP+SSL and TLS
+
+ LAM should start TLS automatically if possible. LDAP+SSL will be used if you use
+ ldaps://servername in your configuration profile.
+
+
+3. Chrooted servers
+
+ If your server is chrooted and you have no access to /dev/random or /dev/urandom
+ this can be a security risk. LAM stores your LDAP password encrypted in the session.
+ LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible.
+ Therefore the key can be easily guessed.
+ An attaker needs read access to the session file (e.g. by another Apache instance) to
+ exploit this.
+
+
+4. LDAP password protection
+
+ Your LDAP password is stored encrypted in the session file. The key and IV to decrypt
+ it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password.
+
+
+5. Protection of new user passwords
+
+ These passwords are, if stored in the session file, encrypted with the same key and IV
+ as your LDAP password.
+
+
diff --git a/lam/docs/README.fpdf.htm b/lam/docs/README.fpdf.htm
new file mode 100755
index 00000000..f556c9cd
--- /dev/null
+++ b/lam/docs/README.fpdf.htm
@@ -0,0 +1,286 @@
+
+
+
+FAQ
+
+
+
+
1. What's exactly the license of FPDF? Are there any usage restrictions?
+FPDF is Freeware (it is stated at the beginning of the source file). There is no usage
+restriction. You may embed it freely in your application (commercial or not), with or
+without modification. You may redistribute it, too.
+
2. When I try to create a PDF, a lot of weird characters show on the screen. Why?
+These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
+IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
+without launching Acrobat. This happens frequently during the development stage: on the least
+script error, an HTML page is sent, and after correction, the PDF arrives.
+
+To solve the problem, simply quit and restart IE. You can also go to another URL and come
+back.
+
+To avoid this kind of inconvenience during the development, you can generate the PDF directly
+to a file and open it through the explorer.
+
3. I try to generate a PDF and IE displays a blank page. What happens?
+First of all, check that you send nothing to the browser after the PDF (not even a space or a
+carriage return). You can put an exit statement just after the call to the Output() method to
+be sure.
+
+If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
+conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
+test your application with as many IE versions as possible (at least if you're on the Internet).
+The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
+more that it causes other problems, see the next question). The GET works better but may fail
+when the URL becomes too long: don't use a query string with more than 45 characters. However, a
+tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a form, you
+can add a hidden field at the last position:
+
+
+
+The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching).
+See question 5 for a workaround.
+
+
+To avoid all these problems in a reliable manner, two main techniques exist:
+
+
+- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in
+the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat
+5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in
+IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask
+before opening this type of file" and choose Open. From now on, PDF files will open
+automatically in an external Acrobat window.
+
+The drawback of the method is that you need to alter the client configuration, which you can do
+in an intranet environment but not for the Internet.
+
+
+- Use a redirection technique. It consists in generating the PDF in a temporary file on the
+server and redirect the client on it (by using JavaScript, not the Location HTTP header which
+also causes trouble). For instance, at the end of the script, you can put the following:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>";
+
+
+Then create the getpdf.php file with this:
+
+
+
+
+<?php
+$f=$HTTP_GET_VARS['f'];
+//Check file (don't skip it!)
+if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))
+ die('Incorrect file name');
+if(!file_exists($f))
+ die('File does not exist');
+//Handle special IE request if needed
+if($HTTP_SERVER_VARS['HTTP_USER_AGENT']=='contype')
+{
+ Header('Content-Type: application/pdf');
+ exit;
+}
+//Output PDF
+Header('Content-Type: application/pdf');
+Header('Content-Length: '.filesize($f));
+readfile($f);
+//Remove file
+unlink($f);
+exit;
+?>
+
+
+This method works in most cases but IE6 can still experience trouble. The "ultimate" method
+consists in redirecting directly to the temporary file. The file name must therefore end with .pdf:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+rename($file,$file.'.pdf');
+$file.='.pdf';
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>";
+
+
+This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do
+some cleaning in order to delete the temporary files. For instance:
+
+
+
+This function deletes all files of the form tmp*.pdf older than an hour in the specified
+directory. You may call it where you want, for instance in the script which generates the PDF.
+
+
+Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the
+redirection.
+
4. I send parameters using the POST method and the values don't appear in the PDF.
+It's a problem affecting some versions of IE (especially the first 5.5). See the previous
+question for the ways to work around it.
+
5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.
+It's a problem affecting some versions of IE. To work around it, add the following line before
+session_start():
+
+
+
+
+session_cache_limiter('private');
+
+
+or do a redirection as explained in question 3.
+
6. When I'm on SSL, IE can't open the PDF.
+The problem may be fixed by adding this line:
+
+
+
+Header('Pragma: public');
+
+
+
+
7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".
+When the decimal separator is configured as a comma before including a file, there is a
+bug in some PHP versions and decimal
+numbers get truncated. Therefore you shouldn't make a call to setlocale() before including the class.
+On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a
+setlocale() call.
+
8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".
+Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per
+pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
+
9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)
+You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return,
+neither before nor after. The script outputs something at line X.
+
10. I try to display a variable in the Header method but nothing prints.
+You have to use the global keyword, for instance:
+
+
+
11. I defined the Header and Footer methods in my PDF class but nothing appears.
+You have to create an object from the PDF class, not FPDF:
+
+
+
+$pdf=new PDF();
+
+
+
+
12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.
+You have to enclose your string with double quotes, not single ones.
+
13. I try to put the euro symbol but it doesn't work.
+The standard fonts have the euro character at position 128. You can define a constant like this
+for convenience:
+
+
+
+
+define('EURO',chr(128));
+
+
+Note: Acrobat 4 or higher is required to display euro.
+
14. I draw a frame with very precise dimensions, but when printed I notice some differences.
+To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
+
15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?
+All printers have physical margins (different depending on the model), it is therefore impossible
+to remove them and print on the totality of the paper.
+
16. What's the limit of the file sizes I can generate with FPDF?
+There is no particular limit. There are some constraints however:
+
+
+- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
+especially with images, this limit may be reached (the file being built into memory). The
+parameter is configured in the php.ini file.
+
+
+- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
+reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
+
+
+- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
+reach the limit, it will be lost. It is therefore advised for very big documents to
+generate them in a file, and to send some data to the browser from time to time (for instance
+page 1, page 2... with flush() to force the output). When the document is finished, you can send
+a redirection on it with JavaScript or create a link.
+
+Remark: even when the browser goes in time-out, the script may continue to run on the server.
+
17. Can I modify a PDF with FPDF?
+No.
+
18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?
+No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
+a PDF. It is provided with the Xpdf package:
+
+http://www.foolabs.com/xpdf/
+
19. Can I convert an HTML page to PDF with FPDF?
+No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
+
+http://www.easysw.com/htmldoc/
+
20. Can I concatenate PDF files with FPDF?
+No. But a free C utility exists to perform this task:
+
+http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html
+
+
diff --git a/lam/docs/README.hosts.txt b/lam/docs/README.hosts.txt
new file mode 100644
index 00000000..8303992e
--- /dev/null
+++ b/lam/docs/README.hosts.txt
@@ -0,0 +1,28 @@
+The attribute "host" is only in objectclass account.
+Unfortunatly "account" conflicts with
+"inetorgperson". so there's no perfect way to use
+both.
+
+In order to get attribute host working you have to
+modify schema/inetorgperson and include host:
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 $ host )
+ )
+
diff --git a/lam/docs/README.lamdaemon.txt b/lam/docs/README.lamdaemon.txt
new file mode 100644
index 00000000..6335e4b8
--- /dev/null
+++ b/lam/docs/README.lamdaemon.txt
@@ -0,0 +1,56 @@
+lamdaemon.pl is used to modify quota and homedirs
+on a remote or local host via ssh.
+If you want wo use it you have to set up some
+things to get it to work:
+
+1. Setup values in LDAP Account Manager
+ * Set the remote or local host in the configuration
+ (e.g. 127.0.0.1)
+ * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
+
+
+2. Set up sudo
+ The perl script has to run as root. Therefore we need
+ a wrapper, sudo.
+ Edit /etc/sudoers on host where homedirs or quotas should be used
+ and add the following line:
+ $admin All= NOPASSWD: $path
+ $admin is the adminuser from LAM and $path
+ is the path to lamdaemon.pl e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
+ At the moment the password is a paramteter of lamdaemon.pl
+ therefore you should disable logging so the password does not
+ appear in any logfile.
+ This can be done by adding the following line to /etc/sudoers:
+ Defaults:$admin !syslog
+
+3. Set up Perl
+ We need some external Perl modules, Quota and Net::SSH::Perl
+ To install them, run:
+ perl -MCPAN -e shell
+ install Quota
+ install Net::SSH::Perl
+
+4. Test lamdaemon.pl
+ I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl
+ with the following attributes to test it:
+ lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
+ $ssh-server is the remote host lamdaemon.pl should be run on
+ $lam_path_on_host is the path to lamdaemon.pl on remote host
+ $admin-username is the name of the user which is allowed to run lamdaemon.pl
+ as root. It is the same user as in /etc/sudoers
+ $admin-password is the password of the admin user
+ *test is the command which tells lamdaemon.pl to test settings
+
+ You have to run the command as the user your webserver is running, e.g.
+
+ wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
+ 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test
+
+ You should get the following response:
+ Net::SSH::Perl successfully installed.
+ Perl quota module successfully installed.
+ If you have not seen any error lamdaemon.pl should be set up successfully.
+
+Now everything should work fine.
+
+Please send a mail to TiloLutz@gmx.de if you have any suggestions.
diff --git a/lam/docs/README.openldap.txt b/lam/docs/README.openldap.txt
new file mode 100644
index 00000000..b66ae625
--- /dev/null
+++ b/lam/docs/README.openldap.txt
@@ -0,0 +1,21 @@
+Some basic hints to configure the OpenLDAP server:
+
+SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts
+ change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values.
+
+INDICES: Indices will improve the performance when searching for entries in the LDAP directory.
+ The following indices are recommended:
+
+ index objectClass eq
+ index default sub
+ index uidNumber eq
+ index gidNumber eq
+ index memberUid eq
+ index cn,sn,uid,displayName pres,sub,eq
+ # Samba 2.x
+ index rid eq
+ index primaryGroupID eq
+ # Samba 3.x
+ index sambaSID eq
+ index sambaPrimaryGroupSID eq
+ index sambaDomainName eq
diff --git a/lam/docs/README.security.txt b/lam/docs/README.security.txt
new file mode 100644
index 00000000..cbae78d8
--- /dev/null
+++ b/lam/docs/README.security.txt
@@ -0,0 +1,36 @@
+
+1. Use of SSL
+
+ The data which is transfered between you and LAM is very sensitive.
+ Please always use SSL encrypted connections between LAM and your browser to
+ protect yourself against network sniffers.
+
+
+2. LDAP+SSL and TLS
+
+ LAM should start TLS automatically if possible. LDAP+SSL will be used if you use
+ ldaps://servername in your configuration profile.
+
+
+3. Chrooted servers
+
+ If your server is chrooted and you have no access to /dev/random or /dev/urandom
+ this can be a security risk. LAM stores your LDAP password encrypted in the session.
+ LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible.
+ Therefore the key can be easily guessed.
+ An attaker needs read access to the session file (e.g. by another Apache instance) to
+ exploit this.
+
+
+4. LDAP password protection
+
+ Your LDAP password is stored encrypted in the session file. The key and IV to decrypt
+ it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password.
+
+
+5. Protection of new user passwords
+
+ These passwords are, if stored in the session file, encrypted with the same key and IV
+ as your LDAP password.
+
+