WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

auto delete module

This commit is contained in:
Roland Gruber 2018-06-30 11:02:40 +02:00
parent 31862c5bc5
commit 5c796f84ec
6 changed files with 147 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/HISTORY
View File

@ -1,4 +1,6 @@
September 2018 6.5 September 2018 6.5
- LAM Pro:
-> Auto deletion of entries with dynamic directory services support (requires PHP 7.2).
- Fixed bugs: - Fixed bugs:
-> Issue during uppercase login modification (#197) -> Issue during uppercase login modification (#197)

57
lam/docs/manual-sources/appendix-schema.xml
View File

@ -14,7 +14,7 @@
<tgroup cols="6"> <tgroup cols="6">
<thead> <thead>
<row> <row>
<entry></entry> <entry/>
<entry>Account type</entry> <entry>Account type</entry>
@ -65,7 +65,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -83,7 +83,7 @@
<entry>Part of Samba tarball (examples/LDAP/samba.schema)</entry> <entry>Part of Samba tarball (examples/LDAP/samba.schema)</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -97,11 +97,11 @@
<entry>user, group, computer</entry> <entry>user, group, computer</entry>
<entry></entry> <entry/>
<entry>Samba 4 built-in</entry> <entry>Samba 4 built-in</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -119,7 +119,7 @@
<entry>Part of Kolab 2/3 installation</entry> <entry>Part of Kolab 2/3 installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -137,7 +137,7 @@
<entry>Part of Asterisk installation</entry> <entry>Part of Asterisk installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -156,7 +156,7 @@
<entry>Part of PyKota installation</entry> <entry>Part of PyKota installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -174,7 +174,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -210,7 +210,7 @@
<entry>Part of libpam-ldap installation</entry> <entry>Part of libpam-ldap installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -228,7 +228,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -265,7 +265,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -303,7 +303,7 @@
url="https://github.com/puppetlabs/puppet/blob/master/ext/ldap/puppet.schema">Puppet url="https://github.com/puppetlabs/puppet/blob/master/ext/ldap/puppet.schema">Puppet
on GitHub</ulink></entry> on GitHub</ulink></entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -322,7 +322,7 @@
<entry><ulink <entry><ulink
url="http://middleware.internet2.edu/eduperson/">http://middleware.internet2.edu</ulink></entry> url="http://middleware.internet2.edu/eduperson/">http://middleware.internet2.edu</ulink></entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -340,7 +340,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -359,7 +359,7 @@
<entry>Included in patch from <ulink <entry>Included in patch from <ulink
url="http://code.google.com/p/openssh-lpk/">http://code.google.com/p/openssh-lpk/</ulink></entry> url="http://code.google.com/p/openssh-lpk/">http://code.google.com/p/openssh-lpk/</ulink></entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -379,7 +379,7 @@
url="http://sourceforge.net/projects/linuxquota/">Linux url="http://sourceforge.net/projects/linuxquota/">Linux
DiskQuota</ulink></entry> DiskQuota</ulink></entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -490,7 +490,7 @@
<entry>Part of OpenLDAP installation</entry> <entry>Part of OpenLDAP installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -583,7 +583,7 @@
<entry>Part of FreeRadius installation</entry> <entry>Part of FreeRadius installation</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -712,6 +712,25 @@
<entry>LAM Pro only</entry> <entry>LAM Pro only</entry>
</row> </row>
<row>
<entry><inlinemediaobject>
<imageobject>
<imagedata fileref="images/schema_autoDelete.png"/>
</imageobject>
</inlinemediaobject></entry>
<entry>All</entry>
<entry>dynamicObject</entry>
<entry>built-in with DDS module</entry>
<entry>Part of LDAP server installation</entry>
<entry>LAM Pro only, requires DDS extension on LDAP server
side</entry>
</row>
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>

70
lam/docs/manual-sources/chapter-modules.xml
View File

@ -5792,6 +5792,76 @@ OK (10 msec)</programlisting>
</screenshot> </screenshot>
</section> </section>
<section>
<title>Auto delete (LAM Pro)</title>
<para>This module allows to mark any new entry to be marked for auto
deletion. The cleanup is done by the LDAP server itself. Please note that
this will not delete any relations etc. in other entries (e.g. group
memberships).</para>
<para><emphasis role="bold">Requirements</emphasis></para>
<itemizedlist>
<listitem>
<para>PHP 7.2 or later: the module will not be shown if you use an
older PHP version since the required LDAP commands are not
supported.</para>
</listitem>
<listitem>
<para>LDAP server with DDS (Dynamic Directory Services) support: your
LDAP server needs to be configured to allow auto deletion of entries.
See e.g. <ulink
url="http://www.openldap.org/doc/admin24/overlays.html">OpenLDAP
configuration</ulink>.</para>
</listitem>
<listitem>
<para>Your user has the right to set a deletion date. This is
configured on your LDAP server via ACLs. E.g. OpenLDAP requires manage
rights to attribute "entryTtl".</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Restrictions</emphasis></para>
<para>The maximum time for auto deletion is one year and six days. This is
a restriction by the DDS standard itself. The deletion date can be
extended for existing accounts but always by a maximum of one year and six
days.</para>
<para>You should configure the maximum TTL value on your LDAP server as
default is often much less than a year.</para>
<para>A deletion date on an existing entry cannot be removed but only be
extended.</para>
<para><emphasis role="bold">Configuration</emphasis></para>
<para>You can add the auto delete module to any account type.</para>
<para><graphic fileref="images/mod_autoDelete1.png"/></para>
<para><emphasis role="bold">Usage</emphasis></para>
<para>You can set a deletion time for any new account. Please note the
restrictions above. If you get an error about invalid TTL then you might
have exceeded the maximum TTL.</para>
<para>Existing accounts cannot be marked for deletion. But you may update
the deletion date on existing accounts that are already marked for
deletion.</para>
<para>Profile editor can be used to setup a default deletion time.</para>
<screenshot>
<graphic fileref="images/mod_autoDelete2.png"/>
</screenshot>
<para/>
</section>
<section> <section>
<title>General information</title> <title>General information</title>

BIN
lam/docs/manual-sources/images/mod_autoDelete1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
lam/docs/manual-sources/images/mod_autoDelete2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
lam/docs/manual-sources/images/schema_autoDelete.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB