diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index eb7bfd0b..f09b1a77 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -1648,6 +1648,64 @@ Have fun!
+
+ Password self reset (LAM Pro)
+
+ LAM Pro allows your users to reset their passwords by answering
+ a security question. The reset link is displayed on the self service page. Additionally,
+ you can set question + answer in the admin interface.
+
+ Schema
+
+ Please install the schema that comes with LAM Pro:
+ passwordSelfReset.schema or passwordSelfReset.ldif
+
+ This allows to set a security question + answer for each
+ account.
+
+ Activate password self reset
+ module
+
+ Please activate the password self reset module in your LAM Pro
+ server profile.
+
+
+
+
+
+
+
+
+
+ Now select the tab "Module settings" and specify the list of
+ possible security questions. Only these questions will be selectable
+ when you later edit accounts.
+
+
+
+
+
+
+
+
+
+ Edit users
+
+ After everything is setup please login to LAM Pro and edit your
+ users. You will see a new tab called "Password self reset". Here you
+ can activate/remove the password self reset function for each user.
+ You can also change the security question and answer.
+
+
+
+
+
+
+
+
+
+
Hosts
@@ -3458,114 +3516,229 @@ Have fun!
Edit your new profile
- On top of the page you see the link to the user login page. Copy
- this link address and give it to your users.
+
+ Basic settings
- Below the link you can specify several options.
+ On top of the page you see the link to the user login page. Copy
+ this link address and give it to your users.
-
-
-
-
-
-
-
+ Below the link you can specify several options.
-
- General options
+
+
+
+
+
+
+
-
-
-
- Server address
+
+ General options
- The address of your LDAP server
-
+
+
+
+ Server address
-
- LDAP suffix
+ The address of your LDAP server
+
- The part of the LDAP tree where LAM should search for
- users
-
+
+ LDAP suffix
-
- LDAP user + password
+ The part of the LDAP tree where LAM should search for
+ users
+
- The DN and password which is used to search for users in
- the LDAP database. It is sufficient if this DN has only read
- rights. If you leave these fields empty LAM will try to connect
- anonymously.
-
+
+ LDAP user + password
-
- LDAP search attribute
+ The DN and password which is used to search for users
+ in the LDAP database. It is sufficient if this DN has only
+ read rights. If you leave these fields empty LAM will try to
+ connect anonymously.
+
- Here you can specify if your users can login with user
- name + password, email + password or other attributes.
-
+
+ LDAP search attribute
-
- HTTP authentication
+ Here you can specify if your users can login with user
+ name + password, email + password or other attributes.
+
- You can enable HTTP authentication for your users. This
- way the web server is responsible to authenticate your users.
- LAM will use the given user name + password for the LDAP login.
- To setup HTTP authentication in Apache please see this link.
-
+
+ HTTP authentication
-
- Login attribute label
+ You can enable HTTP authentication for your users. This
+ way the web server is responsible to authenticate your users.
+ LAM will use the given user name + password for the LDAP
+ login. To setup HTTP authentication in Apache please see this
+ link.
+
- This is the description for the LDAP search attribute.
- Set it to something which your users are familiar with.
-
+
+ Login attribute label
-
- Login caption
+ This is the description for the LDAP search attribute.
+ Set it to something which your users are familiar
+ with.
+
- This text is displayed at the login page. You can input
- HTML, too.
-
+
+ Login caption
-
- Main page caption
+ This text is displayed at the login page. You can input
+ HTML, too.
+
- This text is displayed at self service main page where
- your users change their data. You can input HTML, too.
-
+
+ Main page caption
-
- Page header
+ This text is displayed at self service main page where
+ your users change their data. You can input HTML, too.
+
- This HTML code will be placed on top of all self service
- pages. E.g. you can use this to place your custom logo. Any HTML
- code is permitted.
-
+
+ Page header
-
- Additional CSS links
+ This HTML code will be placed on top of all self
+ service pages. E.g. you can use this to place your custom
+ logo. Any HTML code is permitted.
+
- Here you can specify additional CSS links to change the
- layout of the self service pages. This is useful to adapt them
- to your corporate design. Please enter one link per
- line.
-
-
-
-
+
+ Additional CSS links
- On the bottom you can specify what input fields your users can
- see. It is also possible to group several input fields.
+ Here you can specify additional CSS links to change the
+ layout of the self service pages. This is useful to adapt them
+ to your corporate design. Please enter one link per
+ line.
+
+
+
+
+
-
-
-
-
-
-
-
+
+ Page layout
+
+ On the bottom you can specify what input fields your users can
+ see. It is also possible to group several input fields.
+
+
+
+
+
+
+
+
+
+
+
+ Password self reset
+
+ Settings
+
+ You can allow your users to reset their passwords themselves.
+ This will reduce your administrative costs for cases where users
+ forget their passwords.
+
+ To enable this feature please activate the checkbox "Enable
+ password self reset link":
+
+
+
+
+
+
+
+
+
+ You can now configure the minimum answer length for password
+ reset answers. This is checked when you allow you users to specify
+ their answers via the self service. Additionally, you can specify the
+ text of the password reset link (default: "Forgot password?"). The
+ link is displayed below the password field on the self service login
+ page.
+
+ Next, please enter the DN and password of an LDAP entry that is
+ allowed to reset the passwords. This entry needs write access to the
+ attributes shadowLastChange, pwdAccountLockedTime and userPassword. It
+ also needs read access to uid, mail, passwordSelfResetQuestion and
+ passwordSelfResetAnswer. Please note that LAM Pro saves the password
+ on your server file system. Therefore, it is required to protect your
+ server against unauthorised access.
+
+ Finally, please specify the list of password reset questions
+ that the user can choose.
+
+ New fields for self service
+ page
+
+ There are two new fields that you may put on the self service
+ page for your users. These fields allow them to change the reset
+ question and its answer.
+
+
+
+
+
+
+
+
+
+ This is an example how can be presented to your users on the
+ self service page:
+
+
+
+
+
+
+
+
+
+ Password reset link
+
+ After activating the password self reset feature there will be a
+ new link on the self service login page. The text can be configured as
+ described above (default: "Forgot password?").
+
+
+
+
+
+
+
+
+
+ When a user clicks on the link then he will be asked for
+ identification with his user name and email address.
+
+
+
+
+
+
+
+
+
+ LAM Pro will use this information to find the correct LDAP entry
+ of this user. It then displays the user's security question and input
+ fields for his new password. If the answer is correct then the new
+ password will be set. Additionally, pwdAccountLockedTime will be
+ removed and shadowLastChange updated to the current time if
+ existing.
+
+
+
+
+
+
+
+
+
diff --git a/lam/docs/manual-sources/images/passwordSelfReset1.png b/lam/docs/manual-sources/images/passwordSelfReset1.png
new file mode 100644
index 00000000..0df9a79b
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset1.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset2.png b/lam/docs/manual-sources/images/passwordSelfReset2.png
new file mode 100644
index 00000000..14a3f0bc
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset2.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset3.png b/lam/docs/manual-sources/images/passwordSelfReset3.png
new file mode 100644
index 00000000..3bd4fe3d
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset3.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset4.png b/lam/docs/manual-sources/images/passwordSelfReset4.png
new file mode 100644
index 00000000..85d089db
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset4.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset5.png b/lam/docs/manual-sources/images/passwordSelfReset5.png
new file mode 100644
index 00000000..1b03dfd6
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset5.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset6.png b/lam/docs/manual-sources/images/passwordSelfReset6.png
new file mode 100644
index 00000000..f9a8b191
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset6.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset7.png b/lam/docs/manual-sources/images/passwordSelfReset7.png
new file mode 100644
index 00000000..4b37a15b
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset7.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset8.png b/lam/docs/manual-sources/images/passwordSelfReset8.png
new file mode 100644
index 00000000..8a521c11
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset8.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset9.png b/lam/docs/manual-sources/images/passwordSelfReset9.png
new file mode 100644
index 00000000..8f2c9677
Binary files /dev/null and b/lam/docs/manual-sources/images/passwordSelfReset9.png differ