|
@ -0,0 +1,11 @@
|
|||
<Files *>
|
||||
Options +FollowSymLinks
|
||||
<IfModule !mod_authz_core.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
<IfModule mod_authz_core.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
DirectoryIndex index.html
|
||||
</Files>
|
|
@ -0,0 +1,346 @@
|
|||
Most parts of LDAP Account Manager are licensed under the GNU GENERAL PUBLIC LICENSE.
|
||||
See the copyright file for a detailed list of licenses.
|
||||
|
||||
-------------------------------------------------------------------------------------
|
||||
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
|
@ -0,0 +1,843 @@
|
|||
September 2015 5.1
|
||||
- IMAP: support Windows users
|
||||
- SSH public key: check uploaded files if in right format
|
||||
- LAM Pro:
|
||||
-> Self Service optimized also for mobile devices
|
||||
-> MySQL support for cron jobs
|
||||
-> Self registration: support auto-numbering for attributes (e.g. to create Unix accounts)
|
||||
|
||||
|
||||
30.06.2015 5.0
|
||||
- Microsoft IE 8 no longer supported
|
||||
- Security: added CSRF protection
|
||||
- NIS net groups: user module to manage NIS net groups on user page
|
||||
- Zarafa users: allow to change display format of "Send As"
|
||||
- User list: support to filter by account status
|
||||
- Lamdaemon: update group of home directory if user's primary group changes
|
||||
- Personal: allow to add ou=addressbook subentry for users (RFE 117)
|
||||
- Unix: support auto-UID/GID with msSFU30DomainInfo
|
||||
- Windows groups: support editing of member of
|
||||
- Central time zone setting in server profile
|
||||
- LAM Pro:
|
||||
-> Cron job to notify users before password expires (PPolicy)
|
||||
-> Password Self Reset: added 389 Directory Server schema file
|
||||
-> Support for groupOfMembers (RFE 121)
|
||||
-> Rfc2307bis Unix groups: added option to force syncing with group of names
|
||||
|
||||
|
||||
31.03.2015 4.9
|
||||
- Requires PHP 5.3.2 or higher
|
||||
- Templates for server profiles
|
||||
- Unix/Personal: support SASL as password hash type
|
||||
- PDF export: added option to print primary group members
|
||||
- Use HTTP_X_REAL_IP/HTTP_X_FORWARDED_FOR to log IP addresses (RFE 120)
|
||||
- LAM Pro:
|
||||
-> Personal: support image file size limit and cropping (requires php-imagick) in self service
|
||||
-> Password self reset: allow to enter custom security questions (RFE 115)
|
||||
-> Unix groups (rfc2307bis): allow to sync members from group of (unique) names (RFE 116)
|
||||
-> Self Service: support password change with old password (requires PHP >= 5.4.26)
|
||||
- Fixed bugs:
|
||||
-> Self Service shows password reuse error after password change was required
|
||||
|
||||
|
||||
16.12.2014 4.8
|
||||
- Active Directory: support paged result as workaround for size limit exceeded
|
||||
- FreeRadius: support dialupAccess and radiusProfileDn
|
||||
- Usability improvements
|
||||
- LAM Pro:
|
||||
-> Self service: added option if referrals should be followed
|
||||
- fixed bugs:
|
||||
-> missing LDAP_DEREF_NEVER in some cases (169)
|
||||
|
||||
|
||||
07.10.2014 4.7.1
|
||||
- fixed bugs:
|
||||
-> Blank page and "User tried to access entry of type ..." log message when DN suffix does not exactly match case in LDAP
|
||||
|
||||
|
||||
28.09.2014 4.7
|
||||
- Nginx webserver support
|
||||
- DHCP: support pooling of IP ranges (RFE 107)
|
||||
- Personal: support pager attribute (hidden by default)
|
||||
- Renamed config/lam.conf_sample to lam.conf.sample and config.cfg_sample to config.cfg.sample
|
||||
- LAM Pro:
|
||||
-> Password dialog: preset alternate email address with backup email address (RFE 111)
|
||||
|
||||
|
||||
12.06.2014 4.6
|
||||
- Unix groups: allow to disable membership management
|
||||
- Extended LAM's internal password policies
|
||||
- Lamdaemon: move home directory on server if changed
|
||||
- Password policy check during typing
|
||||
- LAM Pro:
|
||||
-> Password self reset and user self registration support to set a header text
|
||||
-> Sudo roles: support latest schema
|
||||
-> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values
|
||||
|
||||
|
||||
18.03.2014 4.5
|
||||
- IMAP: allow dynamic admin user names by replacing wildcards with LDAP attributes
|
||||
- Personal: allow to set fields read-only
|
||||
- NIS mail aliases can be managed on user page
|
||||
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
|
||||
- Windows user/group: NIS support (msSFU30NisDomain, msSFU30Name)
|
||||
- LAM Pro:
|
||||
-> Allow to set single account types read-only
|
||||
-> Support for organizationalRole entries
|
||||
-> Separate IP restriction list for self service
|
||||
-> Bind DLZ: support TXT/SRV records
|
||||
-> Self Service: added language selection
|
||||
-> Password self reset: support backup email address
|
||||
-> Custom fields: support help texts
|
||||
-> Support for Oracle databases (orclNetService) (RFE 104)
|
||||
- fixed bugs:
|
||||
-> PDF export for multiple entries does not work (163)
|
||||
-> Personal: fixed photo upload if Imagick is not installed (161)
|
||||
-> Use account filters for Unix membership management (165)
|
||||
|
||||
|
||||
18.12.2013 4.4
|
||||
- PyKota support: users, groups, printers, billing codes
|
||||
- Kolab shared folder support
|
||||
- New tool "Multi edit" allows LDAP operations on a large number of entries (e.g. adding attributes)
|
||||
- Allow to set a custom label for each account type
|
||||
- Unix: switch also additional membership if primary group is changed (RFE 108)
|
||||
- Windows: fixed user name handling, sAMAccountName now optional
|
||||
- Apache 2.4 support (requires Apache "version" module)
|
||||
- Added Turkish, Ukrainian and US English translation
|
||||
- LAM Pro:
|
||||
-> Bind DLZ support
|
||||
-> Samba/Shadow: display password change date in self service
|
||||
-> Custom fields: support custom label and icon, auto-completion
|
||||
-> User self registration: support constant attribute values
|
||||
-> Self service: allow to set custom field labels
|
||||
- Fixed bugs:
|
||||
-> Format of photo in Personal tab (158)
|
||||
|
||||
|
||||
25.09.2013 4.3
|
||||
- Custom SSL CA certificates can be setup in LAM main configuration
|
||||
- Unix user and group support for Samba 4
|
||||
- Samba 3 groups: support local members
|
||||
- Kolab: support group accounts and allowed senders/receivers for users
|
||||
- SSH public key: support file upload and self service enhancements (RFE 101)
|
||||
- DHCP: support more options (RFE 99)
|
||||
- LAM Pro:
|
||||
-> PPolicy: check password history for password reuse
|
||||
-> Custom fields: read-only fields for admin interface and file upload for binary data
|
||||
-> Custom scripts: support user self registration
|
||||
-> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support
|
||||
- Fixed bugs:
|
||||
-> Custom fields: auto-adding object classes via profile editor fixed
|
||||
-> PHP 5.5 compatibility
|
||||
-> Lamdaemon: do not show message if home directory to delete was not found (154)
|
||||
|
||||
|
||||
18.06.2013 4.2.1
|
||||
- Fixed bugs:
|
||||
-> Unix: suggested user name must be lower case
|
||||
-> Quota: profile editor does not work in some cases
|
||||
|
||||
|
||||
04.06.2013 4.2
|
||||
- Samba 4 support: users, groups, hosts
|
||||
- Unix: allow to change format for suggested user name
|
||||
- LAM Pro:
|
||||
-> Zarafa support for Samba 4
|
||||
-> allow to hide buttons to create/delete entries for each account type
|
||||
-> Password self reset: support new identification methods: user, email, user or email, employee number
|
||||
-> Custom fields: support PDF, profiles and multi-value text fields
|
||||
-> Personal: support password mail sending in file upload
|
||||
|
||||
|
||||
19.03.2013 4.1
|
||||
- Updated EDU person module (RFE 3599128)
|
||||
- Personal: allow management of user certificates (RFE 1753030)
|
||||
- Unix: Support Samba Unix Id pool for automatic UID/GID generation
|
||||
- DHCP: support separated dhcpServer and dhcpService entries
|
||||
- LAM Pro:
|
||||
-> Support Qmail groups
|
||||
- Fixed bugs:
|
||||
-> changed user and group size limits (3601649)
|
||||
|
||||
|
||||
06.01.2013 4.0.1
|
||||
- support additional LDAP filters for account types
|
||||
- allow to hide account types (that are required by other account types)
|
||||
- fixed bugs:
|
||||
-> missing directories config/pdf and config/profiles on fresh installations
|
||||
|
||||
|
||||
17.12.2012 4.0
|
||||
- account profiles and PDF structures are now bound to server profile
|
||||
- IMAP: support "/" as path separator (RFE 3575692)
|
||||
- show server profile name on config pages (RFE 3579768)
|
||||
- LAM Pro:
|
||||
-> Custom fields for admin interface
|
||||
-> MIT Kerberos support
|
||||
-> Qmail user support
|
||||
|
||||
|
||||
25.09.2012 3.9
|
||||
- Kolab 2.4 support
|
||||
- Puppet support
|
||||
- LAM Pro
|
||||
-> support RFC2307bis automount entries
|
||||
-> read-only fields in self service
|
||||
- fixed bugs
|
||||
-> Hidden tools are still shown on the "Tools" page (3546092)
|
||||
|
||||
|
||||
19.07.2012 3.8
|
||||
- quick (un)lock for users
|
||||
- allow to disable tools
|
||||
- LAM Pro:
|
||||
-> Custom fields module allows to manage custom LDAP attributes in Self Service
|
||||
-> Self service now supports user self registration
|
||||
-> Separate group of names module for users allows to manage memberships if Unix module is not used (RFE 3504429)
|
||||
-> Named object module for groups (used for rfc2307bis schema)
|
||||
-> Password change page allows account (un)locking
|
||||
-> Allow to send password mails on user edit page
|
||||
-> Custom scripts: supports manual scripts that can be run from account edit pages
|
||||
-> Zarafa 7.1 support (proxy URL for servers)
|
||||
- fixed bugs
|
||||
-> Asterisk extensions with same name (3528288)
|
||||
|
||||
|
||||
25.03.2012 3.7
|
||||
- Login: support bind user for login search
|
||||
- Personal: added labeledURI and cosmetic changes, description is now multi-valued (RFE 3446363)
|
||||
- Asterisk extensions: group extension entries by name and context
|
||||
- File upload:
|
||||
-> support custom scripts postCreate (LAM Pro)
|
||||
-> PDF export
|
||||
- New translation: Slovakian
|
||||
- removed phpGroupWare support (project no longer exists)
|
||||
- Use new password after self password change (RFE 3446350)
|
||||
- LAM Pro:
|
||||
-> Password self reset can send password confirmation and notification mails
|
||||
-> Zarafa archiver support
|
||||
-> Heimdal Kerberos support
|
||||
- Fixed bugs:
|
||||
-> DHCP: error message not displayed properly (3441975)
|
||||
-> Profile loading not possible if required fields are not filled (3444948)
|
||||
-> Tree view: unable to add object class (3446037)
|
||||
-> Edit page: unable to move accounts to different OU
|
||||
-> Self Service: support forced password changes (PPolicy) (3483907)
|
||||
-> XSS security patch (3496624)
|
||||
|
||||
|
||||
23.11.2011 3.6.1
|
||||
- LAM Pro: fixed password reset function
|
||||
|
||||
|
||||
22.11.2011 3.6
|
||||
- support HTTP authentication for admin pages and self service
|
||||
- new modules
|
||||
-> authorizedServiceObject
|
||||
-> FreeRadius
|
||||
- LAM Pro
|
||||
-> added password self reset feature
|
||||
-> Zarafa 7 support
|
||||
-> Zarafa support for dynamic groups, address lists and contacts
|
||||
-> Unix: group of names can be managed on user edit page
|
||||
- Fixed bugs:
|
||||
-> Unix: check for upper-case characters in user name (3416180)
|
||||
|
||||
|
||||
09.08.2011 3.5.0
|
||||
- New modules:
|
||||
-> "General information": shows internal data about accounts (e.g. creation time)
|
||||
-> "Quota": manage filesystem quota inside LDAP (Linux DiskQuota) (RFE 1811449)
|
||||
- Personal: New attributes o, employeeNumber, initials
|
||||
- Unix: Support to create home directories on multiple servers and also for existing users
|
||||
- Server information shows data from cn=monitor
|
||||
- Lots of small improvements
|
||||
- LAM Pro:
|
||||
-> Automount: allow to create automount maps
|
||||
-> Password policy: allow to (un)lock accounts
|
||||
- Fixed bugs:
|
||||
-> Owner attribute is multi-valued (3300727)
|
||||
|
||||
2011-04-25 3.4.0
|
||||
- IMAP mailboxes:
|
||||
-> support to read user name from uid attribute
|
||||
-> added quota management
|
||||
- Personal: added additional options for account profiles
|
||||
- Mail aliases: sort receipients (RFE 3170336)
|
||||
- Asterisk: support all attributes (can be disabled in configuration)
|
||||
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
|
||||
- LAM Pro:
|
||||
-> support automount entries
|
||||
-> Zarafa groups: allow combination with group of names
|
||||
-> enhanced wildcards for custom scripts
|
||||
-> Group of (unique) names: allow members to be optional
|
||||
- Fixed bugs:
|
||||
-> Renaming of default profile (3183920)
|
||||
-> Profile editor: fixed problems with multi select
|
||||
|
||||
|
||||
12.02.2011 3.3.0
|
||||
- additional usability enhancements
|
||||
- new IMAP module ("Mailbox (imapAccess)") allows to create/delete user mailboxes
|
||||
- LAM Pro: enhanced Zarafa to support users and groups for "Send as" (new configuration option)
|
||||
- PDF export: higher resolution for logos
|
||||
- reduced number of LDAP queries
|
||||
- lamdaemon: support journaled quotas
|
||||
- Fixed bugs:
|
||||
-> ignore comment lines in shells file (3107124)
|
||||
-> home directory creation on file upload
|
||||
|
||||
|
||||
28.10.2010 3.2.0
|
||||
- large usability enhancements
|
||||
- Shadow: allow to force password change when maximum password age is set
|
||||
- DHCP: renamed module "Fixed IPs" to "Hosts", IP is now optional (3038797)
|
||||
- PHP version 5.2.4 or higher required
|
||||
- LAM Pro:
|
||||
-> Zarafa support (user, group, server)
|
||||
-> Password policy: allow to force password change (RFE 3026940)
|
||||
-> Password reset page: mail subject, text and from address can be set in server profile
|
||||
-> Self service: Asterisk (voicemail) password synchronisation
|
||||
- Fixed bugs:
|
||||
-> Email check did not include "+" (3033605)
|
||||
-> Tab index on login page (3042622)
|
||||
|
||||
|
||||
04.07.2010 3.1.1
|
||||
- LAM Pro: fix for user self service
|
||||
|
||||
|
||||
25.06.2010 3.1.0
|
||||
- usability improvements
|
||||
- Asterisk voicemail support
|
||||
- new hosts module for user accounts to define valid login workstations (replaces inetOrgPerson schema hack) (2951116)
|
||||
- PDF editor: descriptive fields
|
||||
- lamdaemon:
|
||||
-> sudo entry needs to be changed to ".../lamdaemon.pl *"
|
||||
-> replaced PHP SSH2 with phpseclib
|
||||
- LAM Pro
|
||||
-> custom scripts: new options to hide executed commands and define if output is HTML or plain text
|
||||
-> support sudo entry management (object class sudoRole)
|
||||
- fixed bugs:
|
||||
-> Asterisk password handling (patch 2979728)
|
||||
-> Samba domain SID check (2994528)
|
||||
-> language selection at login (2996335)
|
||||
|
||||
|
||||
24.03.2010 3.0.0
|
||||
- support to remove extension from an existing account: shadowAccount, sambaSamAccount, eduPerson
|
||||
- file upload: allow to select account modules for upload
|
||||
- removed frames
|
||||
- Unix: automatic user name generation from first and last name (2492675)
|
||||
- LAM Pro:
|
||||
-> support OpenLDAP password policies (ppolicy)
|
||||
-> manage host IP addresses (ipHost)
|
||||
- fixed bugs:
|
||||
-> Multi-delete not working (2931458)
|
||||
-> Samba: can/must change password needs to be read from domain policy (2919236)
|
||||
-> DNs which include "#" are not editable/deletable (2931461)
|
||||
-> fixed configure/Makefile
|
||||
-> Asterisk input fields and authentication realm (patch 2971792)
|
||||
|
||||
|
||||
16.12.2009 2.9.0
|
||||
- Asterisk support
|
||||
- new tool: server information
|
||||
- consolidated LAM documentation in new manual (docs/manual/index.html)
|
||||
- DHCP: add host name to fixed IPs (RFE 2898948)
|
||||
- LAM Pro:
|
||||
-> enabled custom scripts for self service
|
||||
-> support for nisObject object class
|
||||
- fixed bugs:
|
||||
-> unable to edit accounts with DNs that contain spaces next to a comma (2889473)
|
||||
-> login method "LDAP search" has problems if LDAP server is down (2889414)
|
||||
-> filter in account lists did not support non-ASCII letters
|
||||
-> alias handling (2901248)
|
||||
-> DHCP range check (2903267)
|
||||
|
||||
|
||||
28.10.2009 2.8.0
|
||||
- ability to hide fields: inetOrgPerson, sambaSamAccount
|
||||
- compatibility with PHP 5.3
|
||||
- one central button to change passwords on account pages
|
||||
- removed support for Samba 2 accounts
|
||||
- removed lamdaemonOld script
|
||||
|
||||
|
||||
05.08.2009 2.7.0
|
||||
- LAM Pro: allow to execute custom scripts
|
||||
- log client IP at login attempt
|
||||
- added separate configuration option to enable/disable TLS encryption
|
||||
- Samba 3: allow to disable LM hashes (on by default) (RFE 2657140)
|
||||
- DHCP: added description field and reordered fixed IP input fields
|
||||
- fixed bugs:
|
||||
* added additional check for creating home directories (2798489)
|
||||
* support memcache for session storage (2811505)
|
||||
|
||||
|
||||
08.04.2009 2.6.0
|
||||
- support NIS netgroups
|
||||
- support EDU person accounts (RFE 1413731)
|
||||
- Personal: support departmentNumber attribute
|
||||
- DHCP: allow file upload
|
||||
- added config option to search LAM login users in LDAP (RFE 2494249)
|
||||
- help messages are displayed as tooltips
|
||||
- LAM Pro:
|
||||
-> add businessCategory to self service (RFE 2494246)
|
||||
-> allow to customize page headers and use custom CSS styles
|
||||
|
||||
|
||||
21.01.2009 2.5.0
|
||||
- LAM Pro:
|
||||
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
|
||||
-> added alias manangement (object classes alias + uidObject) (RFE 1912779)
|
||||
- Shadow: module is now optional when creating new accounts
|
||||
- Kolab:
|
||||
-> account extension is now optional
|
||||
-> can be used without Unix module
|
||||
-> self service uses no extra LDAP suffix but uses global setting
|
||||
- DHCP:
|
||||
-> several bugfixes
|
||||
-> added PDF support
|
||||
-> support multiple Netbios name servers (RFE 2180179)
|
||||
- Samba 3:
|
||||
-> self service sets attribute "sambaPwdLastSet" on password change (LAM Pro)
|
||||
-> password timestamps can be updated on password reset page (LAM Pro)
|
||||
-> option to force password change on next login
|
||||
-> profile options for time when the user can/must change the password
|
||||
|
||||
|
||||
15.10.2008 2.4.0
|
||||
- added DHCP management (donated by Siedl networks GmbH)
|
||||
- requires PHP 5.1.2
|
||||
- MHash dependendy replaced by Hash
|
||||
- save last selected server profile from login page
|
||||
- lamdaemon: allow to specify SSH port
|
||||
- lamdaemon: added Syslog logging
|
||||
- Unix: added profile options for lamdaemon
|
||||
- LAM Pro: password reset page is able to unlock Samba accounts and sets shadowLastChange
|
||||
- fixed bugs:
|
||||
* problems with DN containing ( and ) (2059740)
|
||||
* problem with gecos field in file upload (2103936)
|
||||
|
||||
|
||||
30.04.2008 2.3.0
|
||||
- added Polish translation
|
||||
- support phpGroupWare accounts
|
||||
- password policies
|
||||
- redesigned PDF editor
|
||||
- show mail addresses as link in account list
|
||||
- Unix: allow primary group members to be added as memberUid
|
||||
- Kolab: support LAM Pro self service
|
||||
- LAM Pro: new account type for groupOf(Unique)Names
|
||||
- fixed bugs:
|
||||
-> XHTML headers should be removed (1912736)
|
||||
|
||||
|
||||
23.01.2008 2.2.0
|
||||
- account lists:
|
||||
-> allow to switch sorting
|
||||
-> added separate configuration page and store settings in cookies
|
||||
-> list size can now be set individually for each account type on the list configuration page
|
||||
-> new PDF buttons
|
||||
- use suffix from account list as default for new accounts (patch 1823583)
|
||||
- Security: passwords in configuration files are now saved as hash values
|
||||
- improved design
|
||||
- style fixes for Internet Explorer users
|
||||
- Unix: allow to set host passwords (RFE 1754069)
|
||||
- Unix: allow to generate random passwords for users
|
||||
- Samba 3 groups: Samba part is now optional
|
||||
- Personal: add object classes person and organizationalPerson for new accounts (RFE 1830033)
|
||||
- new LDAP schema check on tests page
|
||||
- LAM Pro:
|
||||
-> added possibility for deskside support to reset passwords at account list page
|
||||
-> access levels (read only, change passwords, write access) for server profiles
|
||||
|
||||
|
||||
07.11.2007 2.1.0
|
||||
- tabular design for account pages
|
||||
- show DN on account pages
|
||||
- Samba 3: made Samba account optional
|
||||
- Samba 3: manages now terminal server settings
|
||||
- fixed bugs:
|
||||
-> LAM Pro: UTF-8 characters are invalid displayed on configuration page (1788752)
|
||||
-> LAM works again on PHP 5.1.x (1792447)
|
||||
-> Quota: managing group quotas does not work (1811728)
|
||||
-> Samba 3 domains: lockout users after bad logon attempts must allow 0 - 999 (1814578)
|
||||
|
||||
|
||||
08.08.2007 2.0.0
|
||||
- new translations: Chinese (Simplified), Czech and Portuguese
|
||||
- usability improvements
|
||||
- LDAP accounts including child entries can now be moved
|
||||
- group list can show primary members (RFE 1517679 and patch 1722460)
|
||||
- more translated example texts (RFE 1702140)
|
||||
- inetOrgPerson: now manages homePhone, roomNumber, businessCategory
|
||||
- posixAccount: allow to create home directories in file upload (RFE 1665034)
|
||||
- account lists: display buttons on top and bottom (RFE 1702136)
|
||||
- fixed bugs:
|
||||
-> OU editor: help images (1702132)
|
||||
-> config editor: extra space (1702269)
|
||||
-> fixed some inconsistent help entries (1694863)
|
||||
-> user list: refreshing GID translation did not work (1719168)
|
||||
-> allow uid as RDN attribute for inetOrgPerson (1740499)
|
||||
-> PHP Warning: mcrypt_decrypt(): The IV parameter must be ... (1742543)
|
||||
-> uid attribute no longer required for InetOrgPerson (1757215)
|
||||
|
||||
|
||||
28.03.2007 1.3.0
|
||||
- improved design
|
||||
- user list can now display jpegPhoto attributes
|
||||
- lamdaemon: support for multiple servers
|
||||
- LAM Pro: users may change their photos (jpegPhoto)
|
||||
- fixed bugs:
|
||||
-> ShadowAccount: PDF entry for expire date was wrong (1658868)
|
||||
-> Samba groups: fixed help entry (patch 1664542)
|
||||
-> Debian package did not include lamdaemonOld.pl (1660493)
|
||||
-> NIS mail aliases: allow more characters in alias name (1674198)
|
||||
-> fixed syntax errors in some .htaccess files
|
||||
-> security fix: HTML special characters in LDAP data were not escaped
|
||||
|
||||
Developers:
|
||||
API changes:
|
||||
- added listPrintTableCellContent() to class lamList
|
||||
- added listPrintAdditionalOptions() to class lamList
|
||||
- added preModifyActions() to class baseModule
|
||||
- added postModifyActions() to class baseModule
|
||||
- added preDeleteActions() to class baseModule
|
||||
- added postDeleteActions() to class baseModule
|
||||
|
||||
|
||||
24.01.2007 1.2.0
|
||||
- Samba 3: better handling of date values
|
||||
- Samba 3: Handling of locked accounts (RFE 1609076)
|
||||
- LAM Pro: modules can define configuration settings (Unix: password hashing)
|
||||
- LAM Pro: management of groupOfNames and groupOfUniqueNames entries (RFE 875482)
|
||||
- fixed bugs:
|
||||
-> Lamdaemon test did not work on PHP 4
|
||||
-> InetOrgPerson: Problems with error messages (1628799)
|
||||
|
||||
Developers:
|
||||
API changes:
|
||||
- removed get_configDescription() from module interface
|
||||
- added functions to handle configuration settings for LAM Pro
|
||||
|
||||
|
||||
01.11.2006 1.1.1
|
||||
- Lamdaemon: added test page (Tools -> Tests -> Lamdaemon test)
|
||||
- LAM Pro: Samba passwords can now be synchronized with Unix password
|
||||
- Shadow account: better management of expiration date
|
||||
- fixed bugs:
|
||||
-> Unix: password hashing problem (1562426)
|
||||
-> Unix: No error message for wrong UID numbers in file upload
|
||||
-> Filters in account lists get lost when sorting the table
|
||||
|
||||
|
||||
20.09.2006 1.1.0
|
||||
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
|
||||
- Samba 2/3: "Use Unix password" now on by default (1517678)
|
||||
|
||||
Developers:
|
||||
API changes:
|
||||
- removed $post parameters from module functions (delete_attributes(),
|
||||
process_...(), display_html_...()). Use $_POST instead.
|
||||
- process_...() functions: returned messages are no longer grouped
|
||||
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
|
||||
|
||||
|
||||
10.08.2006 1.0.4
|
||||
- added Russian translation
|
||||
- Samba 3: added policies for domain objects
|
||||
- inetLocalMailRecipient: print warning if local address is already in use
|
||||
|
||||
|
||||
05.07.2006 1.0.3
|
||||
- fixed bugs:
|
||||
-> Kolab: fixed problem with message about missing password
|
||||
-> Unix groups: fixed auto GID
|
||||
-> Unix users/groups: fixed silent unlocking of passwords
|
||||
-> Unix users/groups: removed invalid password option
|
||||
-> Shadow: account expiration date was incorrect in some time zones
|
||||
-> User list: fixed problems when deleting users and translated GIDs are activated (1503367)
|
||||
|
||||
|
||||
24.05.2006 1.0.2
|
||||
- security enhancements: session timeout, logging, host restrictions
|
||||
- handle LDAP attribute aliases correctly
|
||||
- fixed bugs:
|
||||
-> PDF creation bug when GID translation is activated (1477111)
|
||||
-> allow "@" in passwords (1477878)
|
||||
-> Samba 2/3: fixed NT hashes
|
||||
-> fixed handling of multi-value attributes (e.g. in inetLocalMailRecipient)
|
||||
|
||||
|
||||
12.04.2006 1.0.1
|
||||
- LAM can now be installed with "configure" and "make install"
|
||||
- added workaround for misspelled object classes (e.g. sambaSAMAccount by smbldap-tools)
|
||||
- Unix: merged password hash settings for Unix users and groups
|
||||
- Samba 3: added Windows group to profile options
|
||||
- security: LAM checks the session id and client IP
|
||||
- fixed bugs:
|
||||
-> Samba 3: hash values were wrong in some rare cases (1440021)
|
||||
-> Samba 3: readded time zone selection for logon hours (1407761)
|
||||
-> Unix: call of unknown function (1450464)
|
||||
|
||||
|
||||
01.03.2006 1.0.0
|
||||
- new architecture with support for more account types
|
||||
- new translations: Traditional Chinese, Dutch
|
||||
- fixed bugs:
|
||||
-> Samba groups: editing of special groups fixed
|
||||
-> changed check for mail addresses (patch 1403922)
|
||||
-> fixed JPG upload when MCrypt is enabled
|
||||
-> fixed login problems for AD servers
|
||||
-> improved sorting of account lists
|
||||
-> fixed language setting in default configuration profile
|
||||
-> fixed PHP5 warnings (getdate() and mktime())
|
||||
-> error messages in Samba domain module (1437425)
|
||||
-> fixed expired passwords with shadowAccount module
|
||||
-> added lamdaemon.pl compatibility and security patches by Tim Rice
|
||||
|
||||
|
||||
08.02.2006 1.0.rc2
|
||||
- new translation: Dutch
|
||||
- fixed bugs:
|
||||
-> changed check for mail addresses (patch 1403922)
|
||||
-> fixed JPG upload when MCrypt is enabled
|
||||
-> fixed login problems for AD servers
|
||||
|
||||
|
||||
09.01.2006 1.0.rc1
|
||||
- new architecture with support for more account types
|
||||
- new translation: Traditional Chinese
|
||||
- fixed bugs:
|
||||
-> Samba groups: editing of special groups fixed
|
||||
|
||||
|
||||
14.12.2005 0.5.3
|
||||
- accounts are now deleted with subentries
|
||||
- big update for Italian translation
|
||||
- inetOrgPerson: support jpegPhoto images
|
||||
- less restrictive input checks
|
||||
- fixed bugs:
|
||||
-> fixed problems with case-insensitive DNs
|
||||
-> file upload did not work when max_execution_time=0 (1367957)
|
||||
-> posixGroup: fixed help entries
|
||||
|
||||
|
||||
16.11.2005 0.5.2
|
||||
- New module for SSH public keys
|
||||
- check file permissions on login page
|
||||
- fixed bugs:
|
||||
-> creation of home directories did not work
|
||||
-> allow spaces in profile names (1333058)
|
||||
-> fixed problem with magic_quotes_gpc in profile editor (1333069)
|
||||
-> inetOrgPerson: deletion of postal address and fax number now works
|
||||
|
||||
|
||||
19.10.2005 0.5.1
|
||||
- Samba 3: added support for account expiration
|
||||
- fixed bugs:
|
||||
-> automatic UID/GID assignment did not fully work
|
||||
-> PDF: additional groups for Unix users
|
||||
-> inetOrgPerson: fixed mobile number
|
||||
-> Samba 2/3: passwords fixed for file uploads (1311561)
|
||||
-> Samba 3: fixed logon hours (patch 1311915)
|
||||
-> Samba 3: loading of domain setting from profile did not work
|
||||
-> Quota: profile settings fixed
|
||||
-> reduced memory usage
|
||||
|
||||
|
||||
28.09.2005 0.5.0
|
||||
- Samba 2/3: added display name in account pages
|
||||
- fixed bugs:
|
||||
-> fixed error message when creating new accounts with shadowAccount
|
||||
-> added missing help entries on main account page
|
||||
-> Samba 2/3: fixed settings for password expiration, no password and deactivated account
|
||||
-> changing of RDN caused problems in some cases
|
||||
|
||||
|
||||
08.09.2005 0.5.rc3
|
||||
- INFO messages no longer prevent changing to subpages of a module
|
||||
- fixed bugs:
|
||||
-> buttons on account page are better sorted
|
||||
-> account module: some problems solved when used for user accounts
|
||||
-> nisMailAlias: fixed missing RDN possibility
|
||||
-> fixed conflicts when accounts were built with other base modules
|
||||
-> Samba 2/3: setting allowed workstations failed
|
||||
-> magic_quotes_gpc = Off prevented editing of accounts
|
||||
-> fixed help links on Samba and Unix pages
|
||||
|
||||
|
||||
18.08.2005 0.5.rc2
|
||||
- allow user accounts based only on "account" module
|
||||
- inetOrgPerson: allow setting a password if posixAccount is not active
|
||||
- fixed bugs:
|
||||
-> removed Blowfish encryption (bad performance)
|
||||
-> Kolab now complains if no user password is set
|
||||
|
||||
|
||||
08.08.2005 0.5.rc1
|
||||
- Kolab 2 support
|
||||
- added manager and post office box for inetOrgPerson
|
||||
- Samba 3: added support for logon hours
|
||||
- Samba 3: added sambaSID as possible RDN attribute
|
||||
- improved error handling in profile editor
|
||||
- now quotas can be set on CSV upload
|
||||
- new logo
|
||||
- fixed bugs:
|
||||
-> several fixes for PHP5
|
||||
-> fixes for PDF editor and output
|
||||
-> password changing in tree view did not work
|
||||
-> fixed changing of group memberships for users
|
||||
|
||||
|
||||
28.07.2005 0.4.10
|
||||
- PHP5 compatibility added
|
||||
|
||||
|
||||
30.06.2005 0.5.alpha2
|
||||
- added documentation about schemas
|
||||
- PDF now uses UTF-8 fonts
|
||||
- added possibility to create plain inetOrgPerson accounts
|
||||
- fixed bugs:
|
||||
-> set DN suffix and RDN on profile loading
|
||||
-> several fixes for PDF editor
|
||||
-> creating Samba hosts now works
|
||||
|
||||
|
||||
11.05.2005 0.5.alpha1
|
||||
- new modular architecture
|
||||
-> possibility to create Unix-only accounts
|
||||
-> plugins for more objectClasses planned
|
||||
-> enhanced PDF output
|
||||
-> enhanced file upload
|
||||
-> enhanced editor for account profiles
|
||||
-> dynamic configuration options (based on modules)
|
||||
- all pages in UTF-8
|
||||
- added developer documentation
|
||||
- PHPDoc formated comments
|
||||
- new plugin for managing MAC addresses (RFE 926017)
|
||||
- new plugin for managing NIS mail aliases (RFE 1050036)
|
||||
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
|
||||
- schema browser
|
||||
- tree view
|
||||
|
||||
|
||||
09.03.2005 0.4.9
|
||||
- fixed bugs:
|
||||
fixed error messages when moving an user account
|
||||
fixed problem with special group SIDs
|
||||
lamdaemon.pl security fix
|
||||
|
||||
|
||||
26.01.2005 0.4.8
|
||||
- allow "%" at the beginning of Samba home/profile path (1107998)
|
||||
- fixed bugs:
|
||||
fixed IE fix ;-)
|
||||
no more warnings for profiles with no additional groups set
|
||||
|
||||
|
||||
19.12.2004 0.4.7
|
||||
- added "*.exe" to Samba logon script regex (1081715)
|
||||
- fixed bugs:
|
||||
fixed doctype of main frame
|
||||
removed syntax check for LDAP suffixes
|
||||
fixed IE bug at login
|
||||
fixed encoding in HTTP header
|
||||
passwords with "'" are now handled correctly at login (1081460)
|
||||
fixed Samba flags if multiple hosts were created
|
||||
updated .htaccess files to be compatible with newer Apache versions
|
||||
|
||||
|
||||
26.05.2004 0.4.6
|
||||
- fixed bugs:
|
||||
password hashes were not disabled correctly
|
||||
street was copied to postal code on modify (938502)
|
||||
underscore was not allowed for host names (934445)
|
||||
deleting postal address or facsimile number failed (948616)
|
||||
TLS error handling (958497)
|
||||
smaller fixes on personal settings page
|
||||
|
||||
|
||||
21.03.2004 0.4.5
|
||||
- added French translation
|
||||
- fixed bugs:
|
||||
StatusMessages with additional variables did not work
|
||||
Samba hosts had unnecessary objectClass shadowAccount (910084)
|
||||
Samba host passwords were still wrong
|
||||
LAM had problems with non-standard spelled object classes (907636)
|
||||
Perl scripts did not work if Perl is not installed in /usr/bin/perl (913554)
|
||||
problems when cn!=uid (915041)
|
||||
home directories were not deleted by lamdaemon.pl (913552)
|
||||
|
||||
|
||||
29.02.2004 0.4.4 (stable)
|
||||
- fixed bugs:
|
||||
plain posix groups could not be used as Samba 3 primary group
|
||||
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
|
||||
some smaller bugs in mass upload
|
||||
Samba hash values for hosts were not correct
|
||||
Unix passwords could be disabled but not reenabled
|
||||
fixed problem with eval() in status.inc (894433)
|
||||
|
||||
|
||||
08.02.2004 0.4.3
|
||||
- new login layout
|
||||
- added Hungarian and Japanese translations
|
||||
- fixed bugs:
|
||||
Samba paswords were sometimes empty for new users (892272)
|
||||
links in list views may not work with web servers other than Apache
|
||||
|
||||
|
||||
21.01.2004 0.4.2
|
||||
- added config wizard
|
||||
- MHash is only needed for PHP < 4.3
|
||||
- use Blowfish for encryption instead of MCrypt
|
||||
|
||||
|
||||
29.12.2003 0.4.1
|
||||
|
||||
- better error handling at login
|
||||
- support spaces in DNs
|
||||
- PDF text for users
|
||||
- create missing OUs recursivly
|
||||
- fixed bugs:
|
||||
SMD5 passwords were wrong
|
||||
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
|
||||
Samba 2 accounts could not be created
|
||||
|
||||
|
||||
29.10.2003 0.4 (Beta1)
|
||||
|
||||
- improved design
|
||||
- improved documentation
|
||||
- Fixed possible error which could delete entries if objectclass didn't fit
|
||||
- Fixed many samba 3.0 related bugs, most related to SIDs
|
||||
- edit group members directly
|
||||
- support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN)
|
||||
- PDF output for groups and hosts
|
||||
|
||||
|
||||
31.08.2003 0.3 (Alpha 3)
|
||||
|
||||
- Samba 3 support
|
||||
- manage Samba 3 domains
|
||||
- multiple configuration files
|
||||
- PDF output
|
||||
- better mass creation
|
||||
|
||||
|
||||
04.07.2003 0.2 (Alpha 2)
|
||||
|
||||
- support for multiple OUs + OU-Editor
|
||||
- account creation via file upload
|
||||
- profile editor
|
||||
- experimental Samba 3 support
|
||||
- fixed a lot of bugs
|
||||
|
||||
|
||||
23.05.2003 0.1 (Alpha 1)
|
||||
|
||||
Initial release
|
|
@ -0,0 +1,35 @@
|
|||
|
||||
LAM - Readme
|
||||
============
|
||||
|
||||
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
|
||||
directory. LAM runs on any webserver with PHP5 support and connects to your
|
||||
LDAP server unencrypted or via SSL/TLS.
|
||||
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
|
||||
address book entries, NIS mail aliases and MAC addresses. There is a tree
|
||||
viewer included to allow access to the raw LDAP attributes. You can use
|
||||
templates for account creation and use multiple configuration profiles.
|
||||
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
|
||||
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
|
||||
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
|
||||
|
||||
https://www.ldap-account-manager.org/
|
||||
|
||||
Copyright (C) 2003 - 2015 Roland Gruber <post@rolandgruber.de>
|
||||
|
||||
Installation and documentation:
|
||||
Please see the LAM manual in docs/manual/index.html.
|
||||
|
||||
Default password:
|
||||
The default password to edit the configuration options is "lam".
|
||||
|
||||
Download:
|
||||
You can get the newest version at https://www.ldap-account-manager.org/.
|
||||
|
||||
License:
|
||||
LAM is published under the GNU General Public License.
|
||||
The complete list of licenses can be found in the copyright file.
|
||||
|
||||
|
||||
Have fun!
|
||||
The LAM development team
|
|
@ -0,0 +1 @@
|
|||
5.1.RC1
|
|
@ -0,0 +1,9 @@
|
|||
<Files *>
|
||||
<IfModule !mod_authz_core.c>
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
</IfModule>
|
||||
<IfModule mod_authz_core.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
</Files>
|
|
@ -0,0 +1,206 @@
|
|||
# LDAP Account Manager configuration
|
||||
#
|
||||
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
|
||||
#
|
||||
###################################################################################################
|
||||
|
||||
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
|
||||
ServerURL: ldap://localhost:389
|
||||
|
||||
# list of users who are allowed to use LDAP Account Manager
|
||||
# names have to be seperated by semicolons
|
||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
Admins: cn=Manager,dc=my-domain,dc=com
|
||||
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
Passwd: {SSHA}T2yboe0j+a41sZZm4UZl6kEzbcI= q9uv7w==
|
||||
|
||||
# suffix of tree view
|
||||
# e.g. dc=yourdomain,dc=org
|
||||
treesuffix: dc=yourdomain,dc=org
|
||||
|
||||
# default language (a line from config/language)
|
||||
defaultLanguage: en_GB.utf8
|
||||
|
||||
# Path to external Script
|
||||
scriptPath:
|
||||
|
||||
# Server of external Script
|
||||
scriptServer:
|
||||
|
||||
# Access rights for home directories
|
||||
scriptRights: 750
|
||||
|
||||
# Number of minutes LAM caches LDAP searches.
|
||||
cachetimeout: 5
|
||||
|
||||
# LDAP search limit.
|
||||
searchLimit: 0
|
||||
|
||||
# Module settings
|
||||
|
||||
modules: posixAccount_minUID: 10000
|
||||
modules: posixAccount_maxUID: 30000
|
||||
modules: posixAccount_minMachine: 50000
|
||||
modules: posixAccount_maxMachine: 60000
|
||||
modules: posixGroup_minGID: 10000
|
||||
modules: posixGroup_maxGID: 20000
|
||||
modules: posixGroup_pwdHash: SSHA
|
||||
modules: posixAccount_pwdHash: SSHA
|
||||
|
||||
# List of active account types.
|
||||
activeTypes: user
|
||||
|
||||
|
||||
types: suffix_user: ou=People,dc=my-domain,dc=com
|
||||
types: attr_user: #uid;#givenName;#sn;#mail
|
||||
types: modules_user: inetOrgPerson
|
||||
|
||||
types: suffix_group: ou=group,dc=my-domain,dc=com
|
||||
types: attr_group: #cn;#gidNumber;#memberUID;#description
|
||||
types: modules_group: posixGroup
|
||||
|
||||
# Password mail subject
|
||||
lamProMailSubject: Your password was reset
|
||||
|
||||
# Password mail text
|
||||
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
|
||||
|
||||
|
||||
|
||||
# enable TLS encryption
|
||||
useTLS: yes
|
||||
|
||||
|
||||
# follow referrals
|
||||
followReferrals: false
|
||||
|
||||
|
||||
# paged results
|
||||
pagedResults: false
|
||||
|
||||
|
||||
# Access level for this profile.
|
||||
accessLevel: 100
|
||||
|
||||
|
||||
# Login method.
|
||||
loginMethod: list
|
||||
|
||||
|
||||
# Search suffix for LAM login.
|
||||
loginSearchSuffix: dc=yourdomain,dc=org
|
||||
|
||||
|
||||
# Search filter for LAM login.
|
||||
loginSearchFilter: uid=%USER%
|
||||
|
||||
|
||||
# Bind DN for login search.
|
||||
loginSearchDN:
|
||||
|
||||
|
||||
# Bind password for login search.
|
||||
loginSearchPassword:
|
||||
|
||||
|
||||
# HTTP authentication for LAM login.
|
||||
httpAuthentication: false
|
||||
|
||||
|
||||
# Password mail from
|
||||
lamProMailFrom:
|
||||
|
||||
|
||||
# Password mail reply-to
|
||||
lamProMailReplyTo:
|
||||
|
||||
|
||||
# Password mail is HTML
|
||||
lamProMailIsHTML: false
|
||||
|
||||
|
||||
# Allow alternate address
|
||||
lamProMailAllowAlternateAddress: true
|
||||
modules: inetOrgPerson_hideDescription: false
|
||||
modules: inetOrgPerson_hideStreet: false
|
||||
modules: inetOrgPerson_hidePostOfficeBox: false
|
||||
modules: inetOrgPerson_hidePostalCode: false
|
||||
modules: inetOrgPerson_hideLocation: false
|
||||
modules: inetOrgPerson_hideState: false
|
||||
modules: inetOrgPerson_hidePostalAddress: false
|
||||
modules: inetOrgPerson_hideRegisteredAddress: false
|
||||
modules: inetOrgPerson_hideOfficeName: false
|
||||
modules: inetOrgPerson_hideRoomNumber: false
|
||||
modules: inetOrgPerson_hideTelephoneNumber: false
|
||||
modules: inetOrgPerson_hideHomeTelephoneNumber: false
|
||||
modules: inetOrgPerson_hideMobileNumber: false
|
||||
modules: inetOrgPerson_hideFaxNumber: false
|
||||
modules: inetOrgPerson_hidePager: true
|
||||
modules: inetOrgPerson_hideEMailAddress: false
|
||||
modules: inetOrgPerson_hideJobTitle: false
|
||||
modules: inetOrgPerson_hideCarLicense: false
|
||||
modules: inetOrgPerson_hideEmployeeType: false
|
||||
modules: inetOrgPerson_hideBusinessCategory: false
|
||||
modules: inetOrgPerson_hideDepartments: false
|
||||
modules: inetOrgPerson_hideManager: false
|
||||
modules: inetOrgPerson_hideOu: false
|
||||
modules: inetOrgPerson_hideO: false
|
||||
modules: inetOrgPerson_hideEmployeeNumber: false
|
||||
modules: inetOrgPerson_hideInitials: false
|
||||
modules: inetOrgPerson_hideLabeledURI: false
|
||||
modules: inetOrgPerson_hideuserCertificate: false
|
||||
modules: inetOrgPerson_hidejpegPhoto: false
|
||||
modules: inetOrgPerson_hideUID: false
|
||||
modules: inetOrgPerson_readOnly_businessCategory: false
|
||||
modules: inetOrgPerson_readOnly_cn: false
|
||||
modules: inetOrgPerson_readOnly_employeeType: false
|
||||
modules: inetOrgPerson_readOnly_postalAddress: false
|
||||
modules: inetOrgPerson_readOnly_uid: false
|
||||
modules: inetOrgPerson_readOnly_title: false
|
||||
modules: inetOrgPerson_readOnly_description: false
|
||||
modules: inetOrgPerson_readOnly_st: false
|
||||
modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
|
||||
modules: inetOrgPerson_readOnly_mail: false
|
||||
modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
|
||||
modules: inetOrgPerson_readOnly_jpegPhoto: false
|
||||
modules: inetOrgPerson_readOnly_carLicense: false
|
||||
modules: inetOrgPerson_readOnly_labeledURI: false
|
||||
modules: inetOrgPerson_readOnly_initials: false
|
||||
modules: inetOrgPerson_readOnly_registeredAddress: false
|
||||
modules: inetOrgPerson_readOnly_mobile: false
|
||||
modules: inetOrgPerson_readOnly_sn: false
|
||||
modules: inetOrgPerson_readOnly_o: false
|
||||
modules: inetOrgPerson_readOnly_ou: false
|
||||
modules: inetOrgPerson_readOnly_l: false
|
||||
modules: inetOrgPerson_readOnly_pager: false
|
||||
modules: inetOrgPerson_readOnly_userPassword: false
|
||||
modules: inetOrgPerson_readOnly_employeeNumber: false
|
||||
modules: inetOrgPerson_readOnly_postOfficeBox: false
|
||||
modules: inetOrgPerson_readOnly_postalCode: false
|
||||
modules: inetOrgPerson_readOnly_roomNumber: false
|
||||
modules: inetOrgPerson_readOnly_street: false
|
||||
modules: inetOrgPerson_readOnly_homePhone: false
|
||||
modules: inetOrgPerson_readOnly_telephoneNumber: false
|
||||
modules: inetOrgPerson_readOnly_departmentNumber: false
|
||||
modules: inetOrgPerson_readOnly_manager: false
|
||||
modules: inetOrgPerson_readOnly_givenName: false
|
||||
modules: inetOrgPerson_jpegPhoto_maxWidth:
|
||||
modules: inetOrgPerson_jpegPhoto_maxHeight:
|
||||
modules: inetOrgPerson_jpegPhoto_maxSize:
|
||||
types: filter_user:
|
||||
types: customLabel_user:
|
||||
types: filter_group:
|
||||
types: customLabel_group:
|
||||
types: hidden_user:
|
||||
types: hideNewButton_user:
|
||||
types: hideDeleteButton_user:
|
||||
types: readOnly_user:
|
||||
tools: tool_hide_toolServerInformation: false
|
||||
tools: tool_hide_toolFileUpload: false
|
||||
tools: tool_hide_toolMultiEdit: false
|
||||
tools: tool_hide_toolPDFEditor: false
|
||||
tools: tool_hide_toolOUEditor: false
|
||||
tools: tool_hide_toolProfileEditor: false
|
||||
tools: tool_hide_toolTests: false
|
||||
tools: tool_hide_toolSchemaBrowser: false
|
|
@ -0,0 +1,12 @@
|
|||
|
||||
# password to add/delete/rename configuration profiles (default: lam)
|
||||
password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==
|
||||
|
||||
# default profile, without ".conf"
|
||||
default: lam
|
||||
|
||||
# log level
|
||||
logLevel: 4
|
||||
|
||||
# log destination
|
||||
logDestination: SYSLOG
|
|
@ -0,0 +1,63 @@
|
|||
# LDAP Account Manager language configuration file
|
||||
#
|
||||
# Do not modify!
|
||||
|
||||
# Each line consists of a ":"-seperated entry. The first part is the locale name,
|
||||
# the second is the character encoding and the third the language name.
|
||||
|
||||
# Catalan
|
||||
ca_ES.utf8:UTF-8:Català (Catalunya)
|
||||
|
||||
# Czech
|
||||
cs_CZ.utf8:UTF-8:Čeština (Česko)
|
||||
|
||||
# German
|
||||
de_DE.utf8:UTF-8:Deutsch (Deutschland)
|
||||
|
||||
# GB English
|
||||
en_GB.utf8:UTF-8:English (Great Britain)
|
||||
|
||||
# US English
|
||||
en_US.utf8:UTF-8:English (USA)
|
||||
|
||||
# Spanish
|
||||
es_ES.utf8:UTF-8:Español (España)
|
||||
|
||||
# French
|
||||
fr_FR.utf8:UTF-8:Français (France)
|
||||
|
||||
# Italian
|
||||
it_IT.utf8:UTF-8:Italiano (Italia)
|
||||
|
||||
# Hungarian
|
||||
hu_HU.utf8:UTF-8:Magyar (Magyarország)
|
||||
|
||||
# Dutch
|
||||
nl_NL.utf8:UTF-8:Nederlands (Nederland)
|
||||
|
||||
# Polish
|
||||
pl_PL.utf8:UTF-8:Polski (Polska)
|
||||
|
||||
# Portuguese
|
||||
pt_BR.utf8:UTF-8:Português (Brasil)
|
||||
|
||||
# Russian
|
||||
ru_RU.utf8:UTF-8:Русский (Россия)
|
||||
|
||||
# Slovakian
|
||||
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
|
||||
|
||||
# Turkish
|
||||
tr_TR.utf8:UTF-8:Türkçe (Türkiye)
|
||||
|
||||
# Ukrainian
|
||||
uk_UA.utf8:UTF-8:Українська (Україна)
|
||||
|
||||
# Japanese
|
||||
ja_JP.utf8:UTF-8:日本語 (日本)
|
||||
|
||||
# Chinese (Traditional)
|
||||
zh_TW.utf8:UTF-8:繁體中文 (台灣)
|
||||
|
||||
# Chinese (Simplified)
|
||||
zh_CN.utf8:UTF-8:简体中文 (中国)
|
|
@ -0,0 +1,251 @@
|
|||
# LDAP Account Manager configuration
|
||||
#
|
||||
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
|
||||
#
|
||||
###################################################################################################
|
||||
|
||||
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
|
||||
ServerURL: ldap://localhost:389
|
||||
|
||||
# list of users who are allowed to use LDAP Account Manager
|
||||
# names have to be seperated by semicolons
|
||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
Admins: cn=Manager,dc=my-domain,dc=com
|
||||
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
Passwd: {SSHA}ahGvrvP2tLZCEChawYlRD0v5dFk= sSirVg==
|
||||
|
||||
# suffix of tree view
|
||||
# e.g. dc=yourdomain,dc=org
|
||||
treesuffix: dc=yourdomain,dc=org
|
||||
|
||||
# default language (a line from config/language)
|
||||
defaultLanguage: en_GB.utf8
|
||||
|
||||
# Path to external Script
|
||||
scriptPath:
|
||||
|
||||
# Server of external Script
|
||||
scriptServer:
|
||||
|
||||
# Access rights for home directories
|
||||
scriptRights: 750
|
||||
|
||||
# Number of minutes LAM caches LDAP searches.
|
||||
cachetimeout: 5
|
||||
|
||||
# LDAP search limit.
|
||||
searchLimit: 0
|
||||
|
||||
# Module settings
|
||||
|
||||
modules: posixAccount_minUID: 10000
|
||||
modules: posixAccount_maxUID: 30000
|
||||
modules: posixAccount_minMachine: 50000
|
||||
modules: posixAccount_maxMachine: 60000
|
||||
modules: posixGroup_minGID: 10000
|
||||
modules: posixGroup_maxGID: 20000
|
||||
modules: posixGroup_pwdHash: SSHA
|
||||
modules: posixAccount_pwdHash: SSHA
|
||||
|
||||
# List of active account types.
|
||||
activeTypes: user,group,host,smbDomain
|
||||
|
||||
|
||||
types: suffix_user: ou=People,dc=my-domain,dc=com
|
||||
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
|
||||
types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
|
||||
|
||||
types: suffix_group: ou=group,dc=my-domain,dc=com
|
||||
types: attr_group: #cn;#gidNumber;#memberUID;#description
|
||||
types: modules_group: posixGroup,sambaGroupMapping
|
||||
|
||||
# Password mail subject
|
||||
lamProMailSubject: Your password was reset
|
||||
|
||||
# Password mail text
|
||||
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
|
||||
|
||||
|
||||
|
||||
# enable TLS encryption
|
||||
useTLS: yes
|
||||
|
||||
|
||||
# follow referrals
|
||||
followReferrals: false
|
||||
|
||||
|
||||
# paged results
|
||||
pagedResults: false
|
||||
|
||||
|
||||
# Access level for this profile.
|
||||
accessLevel: 100
|
||||
|
||||
|
||||
# Login method.
|
||||
loginMethod: list
|
||||
|
||||
|
||||
# Search suffix for LAM login.
|
||||
loginSearchSuffix: dc=yourdomain,dc=org
|
||||
|
||||
|
||||
# Search filter for LAM login.
|
||||
loginSearchFilter: uid=%USER%
|
||||
|
||||
|
||||
# Bind DN for login search.
|
||||
loginSearchDN:
|
||||
|
||||
|
||||
# Bind password for login search.
|
||||
loginSearchPassword:
|
||||
|
||||
|
||||
# HTTP authentication for LAM login.
|
||||
httpAuthentication: false
|
||||
|
||||
|
||||
# Password mail from
|
||||
lamProMailFrom:
|
||||
|
||||
|
||||
# Password mail reply-to
|
||||
lamProMailReplyTo:
|
||||
|
||||
|
||||
# Password mail is HTML
|
||||
lamProMailIsHTML: false
|
||||
|
||||
|
||||
# Allow alternate address
|
||||
lamProMailAllowAlternateAddress: true
|
||||
modules: posixGroup_gidGenerator: range
|
||||
modules: posixGroup_sambaIDPoolDN:
|
||||
modules: posixGroup_gidCheckSuffix:
|
||||
modules: posixGroup_hidememberUid: false
|
||||
modules: sambaSamAccount_timeZone: 0
|
||||
modules: sambaSamAccount_lmHash: yes
|
||||
modules: sambaSamAccount_hideHomeDrive: false
|
||||
modules: sambaSamAccount_hideHomePath: false
|
||||
modules: sambaSamAccount_hideProfilePath: false
|
||||
modules: sambaSamAccount_hideLogonScript: false
|
||||
modules: sambaSamAccount_hideSambaPwdLastSet: false
|
||||
modules: sambaSamAccount_hideWorkstations: false
|
||||
modules: sambaSamAccount_hideLogonHours: false
|
||||
modules: sambaSamAccount_hideTerminalServer: false
|
||||
modules: posixAccount_uidGeneratorUsers: range
|
||||
modules: posixAccount_sambaIDPoolDNUsers:
|
||||
modules: posixAccount_uidCheckSuffixUser:
|
||||
modules: posixAccount_uidGeneratorHosts: range
|
||||
modules: posixAccount_sambaIDPoolDNHosts:
|
||||
modules: posixAccount_uidCheckSuffixHost:
|
||||
modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
|
||||
modules: posixAccount_hidegecos: false
|
||||
modules: posixAccount_primaryGroupAsSecondary: false
|
||||
modules: posixAccount_userNameSuggestion: @givenname@%sn%
|
||||
modules: inetOrgPerson_hideDescription: false
|
||||
modules: inetOrgPerson_hideStreet: false
|
||||
modules: inetOrgPerson_hidePostOfficeBox: false
|
||||
modules: inetOrgPerson_hidePostalCode: false
|
||||
modules: inetOrgPerson_hideLocation: false
|
||||
modules: inetOrgPerson_hideState: false
|
||||
modules: inetOrgPerson_hidePostalAddress: false
|
||||
modules: inetOrgPerson_hideRegisteredAddress: false
|
||||
modules: inetOrgPerson_hideOfficeName: false
|
||||
modules: inetOrgPerson_hideRoomNumber: false
|
||||
modules: inetOrgPerson_hideTelephoneNumber: false
|
||||
modules: inetOrgPerson_hideHomeTelephoneNumber: false
|
||||
modules: inetOrgPerson_hideMobileNumber: false
|
||||
modules: inetOrgPerson_hideFaxNumber: false
|
||||
modules: inetOrgPerson_hidePager: true
|
||||
modules: inetOrgPerson_hideEMailAddress: false
|
||||
modules: inetOrgPerson_hideJobTitle: false
|
||||
modules: inetOrgPerson_hideCarLicense: false
|
||||
modules: inetOrgPerson_hideEmployeeType: false
|
||||
modules: inetOrgPerson_hideBusinessCategory: false
|
||||
modules: inetOrgPerson_hideDepartments: false
|
||||
modules: inetOrgPerson_hideManager: false
|
||||
modules: inetOrgPerson_hideOu: false
|
||||
modules: inetOrgPerson_hideO: false
|
||||
modules: inetOrgPerson_hideEmployeeNumber: false
|
||||
modules: inetOrgPerson_hideInitials: false
|
||||
modules: inetOrgPerson_hideLabeledURI: false
|
||||
modules: inetOrgPerson_hideuserCertificate: false
|
||||
modules: inetOrgPerson_hidejpegPhoto: false
|
||||
modules: inetOrgPerson_readOnly_businessCategory: false
|
||||
modules: inetOrgPerson_readOnly_cn: false
|
||||
modules: inetOrgPerson_readOnly_employeeType: false
|
||||
modules: inetOrgPerson_readOnly_postalAddress: false
|
||||
modules: inetOrgPerson_readOnly_uid: false
|
||||
modules: inetOrgPerson_readOnly_title: false
|
||||
modules: inetOrgPerson_readOnly_description: false
|
||||
modules: inetOrgPerson_readOnly_st: false
|
||||
modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
|
||||
modules: inetOrgPerson_readOnly_mail: false
|
||||
modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
|
||||
modules: inetOrgPerson_readOnly_jpegPhoto: false
|
||||
modules: inetOrgPerson_readOnly_carLicense: false
|
||||
modules: inetOrgPerson_readOnly_labeledURI: false
|
||||
modules: inetOrgPerson_readOnly_initials: false
|
||||
modules: inetOrgPerson_readOnly_registeredAddress: false
|
||||
modules: inetOrgPerson_readOnly_mobile: false
|
||||
modules: inetOrgPerson_readOnly_sn: false
|
||||
modules: inetOrgPerson_readOnly_o: false
|
||||
modules: inetOrgPerson_readOnly_ou: false
|
||||
modules: inetOrgPerson_readOnly_l: false
|
||||
modules: inetOrgPerson_readOnly_pager: false
|
||||
modules: inetOrgPerson_readOnly_userPassword: false
|
||||
modules: inetOrgPerson_readOnly_employeeNumber: false
|
||||
modules: inetOrgPerson_readOnly_postOfficeBox: false
|
||||
modules: inetOrgPerson_readOnly_postalCode: false
|
||||
modules: inetOrgPerson_readOnly_roomNumber: false
|
||||
modules: inetOrgPerson_readOnly_street: false
|
||||
modules: inetOrgPerson_readOnly_homePhone: false
|
||||
modules: inetOrgPerson_readOnly_telephoneNumber: false
|
||||
modules: inetOrgPerson_readOnly_departmentNumber: false
|
||||
modules: inetOrgPerson_readOnly_manager: false
|
||||
modules: inetOrgPerson_readOnly_givenName: false
|
||||
modules: inetOrgPerson_jpegPhoto_maxWidth:
|
||||
modules: inetOrgPerson_jpegPhoto_maxHeight:
|
||||
modules: inetOrgPerson_jpegPhoto_maxSize:
|
||||
types: filter_user:
|
||||
types: customLabel_user:
|
||||
types: filter_group:
|
||||
types: customLabel_group:
|
||||
types: hidden_user:
|
||||
types: hideNewButton_user:
|
||||
types: hideDeleteButton_user:
|
||||
types: readOnly_user:
|
||||
types: hidden_group:
|
||||
types: hideNewButton_group:
|
||||
types: hideDeleteButton_group:
|
||||
types: readOnly_group:
|
||||
types: hidden_host:
|
||||
types: hideNewButton_host:
|
||||
types: hideDeleteButton_host:
|
||||
types: readOnly_host:
|
||||
types: suffix_host: ou=machines,dc=my-domain,dc=com
|
||||
types: attr_host: #cn;#description;#uidNumber;#gidNumber
|
||||
types: filter_host:
|
||||
types: customLabel_host:
|
||||
types: hidden_smbDomain:
|
||||
types: hideNewButton_smbDomain:
|
||||
types: hideDeleteButton_smbDomain:
|
||||
types: readOnly_smbDomain:
|
||||
types: suffix_smbDomain: dc=my-domain,dc=com
|
||||
types: attr_smbDomain: #sambaDomainName;#sambaSID
|
||||
types: filter_smbDomain:
|
||||
types: customLabel_smbDomain:
|
||||
types: modules_host: account,posixAccount,sambaSamAccount
|
||||
types: modules_smbDomain: sambaDomain
|
||||
tools: tool_hide_toolServerInformation: false
|
||||
tools: tool_hide_toolFileUpload: false
|
||||
tools: tool_hide_toolMultiEdit: false
|
||||
tools: tool_hide_toolPDFEditor: false
|
||||
tools: tool_hide_toolOUEditor: false
|
||||
tools: tool_hide_toolProfileEditor: false
|
||||
tools: tool_hide_toolTests: false
|
||||
tools: tool_hide_toolSchemaBrowser: false
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
<pdf type="alias" filename="printLogo.jpg" headline="Alias information">
|
||||
<section name="_uidObject_uid">
|
||||
<entry name="aliasEntry_entry" />
|
||||
<entry name="main_dn" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,7 @@
|
|||
<pdf type="asteriskExt" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_asteriskExtension_AstExtension">
|
||||
<entry name="asteriskExtension_AstContext" />
|
||||
<entry name="asteriskExtension_owners" />
|
||||
<entry name="asteriskExtension_rules" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,6 @@
|
|||
<pdf type="automountType" filename="printLogo.jpg" headline="Automount information">
|
||||
<section name="_automount_cn">
|
||||
<entry name="automount_description" />
|
||||
<entry name="automount_automountInformation" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,7 @@
|
|||
<pdf type="bind" filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
|
||||
<section name="_bindDLZ_dlzHostName">
|
||||
<entry name="bindDLZ_aRecord" />
|
||||
<entry name="bindDLZ_ptrRecord" />
|
||||
<entry name="bindDLZ_mxRecord" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,20 @@
|
|||
<pdf type="dhcp" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_dhcp_settings_subnet">
|
||||
<entry name="dhcp_settings_domainName" />
|
||||
<entry name="dhcp_settings_leaseTime" />
|
||||
<entry name="dhcp_settings_maxLeaseTime" />
|
||||
<entry name="dhcp_settings_DNSserver" />
|
||||
<entry name="dhcp_settings_gateway" />
|
||||
<entry name="dhcp_settings_netbiosServer" />
|
||||
<entry name="dhcp_settings_netbiosType" />
|
||||
<entry name="dhcp_settings_subnetMask" />
|
||||
<entry name="dhcp_settings_netMask" />
|
||||
<entry name="ddns_DNSserver" />
|
||||
<entry name="ddns_zone" />
|
||||
<entry name="ddns_reverseZone" />
|
||||
<entry name="range_ranges" />
|
||||
</section>
|
||||
<section name="Fixed IPs">
|
||||
<entry name="fixed_ip_IPlist" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,8 @@
|
|||
<pdf type="gon" headline="Group information">
|
||||
<section name="_groupOfNames_name">
|
||||
<entry name="main_dn" />
|
||||
<entry name="groupOfNames_description" />
|
||||
<entry name="groupOfNames_owner" />
|
||||
<entry name="groupOfNames_members" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,8 @@
|
|||
<pdf type="group" headline="Group information">
|
||||
<section name="_posixGroup_cn">
|
||||
<entry name="main_dn" />
|
||||
<entry name="posixGroup_description" />
|
||||
<entry name="posixGroup_gidNumber" />
|
||||
<entry name="posixGroup_memberUid" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,9 @@
|
|||
<pdf type="host" filename="printLogo.jpg" headline="Host information">
|
||||
<section name="_posixAccount_uid">
|
||||
<entry name="main_dn" />
|
||||
<entry name="posixAccount_description" />
|
||||
<entry name="posixAccount_uidNumber" />
|
||||
<entry name="posixAccount_primaryGroup" />
|
||||
<entry name="sambaSamAccount_sambaDomainName" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,11 @@
|
|||
<pdf type="kolabSharedFolderType" filename="printLogo.jpg" headline="Shared folder information" foldingmarks="no">
|
||||
<section name="_kolabSharedFolder_cn">
|
||||
<entry name="kolabSharedFolder_mailHost" />
|
||||
<entry name="kolabSharedFolder_kolabTargetFolder" />
|
||||
<entry name="kolabSharedFolder_kolabFolderType" />
|
||||
<entry name="kolabSharedFolder_delegate" />
|
||||
<entry name="kolabSharedFolder_aliases" />
|
||||
<entry name="kolabSharedFolder_kolabAllowSMTPSender" />
|
||||
<entry name="kolabSharedFolder_kolabAllowSMTPRecipient" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,5 @@
|
|||
<pdf type="mailAlias" filename="printLogo.jpg" headline="Mail alias information">
|
||||
<section name="_nisMailAlias_alias">
|
||||
<entry name="nisMailAlias_recipients" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,7 @@
|
|||
<pdf type="netgroup" filename="printLogo.jpg" headline="NIS netgroup information">
|
||||
<section name="_nisnetgroup_cn">
|
||||
<entry name="nisnetgroup_description" />
|
||||
<entry name="nisnetgroup_subgroups" />
|
||||
<entry name="nisnetgroup_members" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,7 @@
|
|||
<pdf type="nisObjectType" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_nisObject_cn">
|
||||
<entry name="nisObject_nisMapName" />
|
||||
<entry name="nisObject_nisMapEntry" />
|
||||
<entry name="nisObject_description" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,6 @@
|
|||
<pdf type="oracleContextType" filename="printLogo.jpg" headline="Database information">
|
||||
<section name="_oracleService_cn">
|
||||
<entry name="oracleService_orclNetDescString" />
|
||||
<entry name="oracleService_description" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,18 @@
|
|||
<pdf type="ppolicyType" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_ppolicy_cn">
|
||||
<entry name="ppolicy_pwdMinAge" />
|
||||
<entry name="ppolicy_pwdMaxAge" />
|
||||
<entry name="ppolicy_pwdExpireWarning" />
|
||||
<entry name="ppolicy_pwdGraceAuthnLimit" />
|
||||
<entry name="ppolicy_pwdInHistory" />
|
||||
<entry name="ppolicy_pwdCheckQuality" />
|
||||
<entry name="ppolicy_pwdMinLength" />
|
||||
<entry name="ppolicy_pwdLockout" />
|
||||
<entry name="ppolicy_pwdLockoutDuration" />
|
||||
<entry name="ppolicy_pwdMaxFailure" />
|
||||
<entry name="ppolicy_pwdFailureCountInterval" />
|
||||
<entry name="ppolicy_pwdMustChange" />
|
||||
<entry name="ppolicy_pwdAllowUserChange" />
|
||||
<entry name="ppolicy_pwdSafeModify" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,7 @@
|
|||
<pdf type="pykotaBillingCodeType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
|
||||
<section name="_pykotaBillingCode_pykotaBillingCode">
|
||||
<entry name="pykotaBillingCode_pykotaBalance" />
|
||||
<entry name="pykotaBillingCode_pykotaPageCounter" />
|
||||
<entry name="pykotaBillingCode_description" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,11 @@
|
|||
<pdf type="pykotaPrinterType" filename="printLogo.jpg" headline="Printer information" foldingmarks="no">
|
||||
<section name="_pykotaPrinter_cn">
|
||||
<entry name="pykotaPrinter_description" />
|
||||
<entry name="pykotaPrinter_pykotaMaxJobSize" />
|
||||
<entry name="pykotaPrinter_pykotaPricePerJob" />
|
||||
<entry name="pykotaPrinter_pykotaPricePerPage" />
|
||||
<entry name="pykotaPrinter_pykotaPassThrough" />
|
||||
<entry name="pykotaPrinter_uniqueMember" />
|
||||
<entry name="pykotaPrinter_parentUniqueMember" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,6 @@
|
|||
<pdf type="smbDomain" filename="printLogo.jpg" headline="Samba domain information">
|
||||
<section name="_sambaDomain_domainName">
|
||||
<entry name="sambaDomain_domainSID" />
|
||||
<entry name="sambaDomain_RIDbase" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,11 @@
|
|||
<pdf type="sudo" filename="printLogo.jpg" headline="Sudo role">
|
||||
<section name="_sudoRole_cn">
|
||||
<entry name="sudoRole_sudoUser" />
|
||||
<entry name="sudoRole_sudoHost" />
|
||||
<entry name="sudoRole_sudoCommand" />
|
||||
<entry name="sudoRole_sudoRunAsUser" />
|
||||
<entry name="sudoRole_sudoRunAsGroup" />
|
||||
<entry name="sudoRole_sudoOption" />
|
||||
<entry name="sudoRole_description" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,35 @@
|
|||
<pdf type="user" filename="printLogo.jpg" headline="User information">
|
||||
<section name="Personal user information">
|
||||
<entry name="inetOrgPerson_title" />
|
||||
<entry name="inetOrgPerson_givenName" />
|
||||
<entry name="inetOrgPerson_sn" />
|
||||
<entry name="inetOrgPerson_street" />
|
||||
<entry name="inetOrgPerson_postalCode" />
|
||||
<entry name="inetOrgPerson_postalAddress" />
|
||||
<entry name="inetOrgPerson_mail" />
|
||||
<entry name="inetOrgPerson_telephoneNumber" />
|
||||
<entry name="inetOrgPerson_mobileTelephoneNumber" />
|
||||
<entry name="inetOrgPerson_facsimileTelephoneNumber" />
|
||||
</section>
|
||||
<section name="Unix settings">
|
||||
<entry name="posixAccount_uid" />
|
||||
<entry name="posixAccount_userPassword" />
|
||||
<entry name="posixAccount_primaryGroup" />
|
||||
<entry name="posixAccount_additionalGroups" />
|
||||
<entry name="posixAccount_homeDirectory" />
|
||||
<entry name="posixAccount_loginShell" />
|
||||
<entry name="shadowAccount_shadowExpire" />
|
||||
</section>
|
||||
<section name="Windows settings">
|
||||
<entry name="sambaSamAccount_displayName" />
|
||||
<entry name="sambaSamAccount_sambaDomainName" />
|
||||
<entry name="sambaSamAccount_sambaHomeDrive" />
|
||||
<entry name="sambaSamAccount_sambaHomePath" />
|
||||
<entry name="sambaSamAccount_sambaLogonScript" />
|
||||
<entry name="sambaSamAccount_sambaProfilePath" />
|
||||
<entry name="sambaSamAccount_sambaUserWorkstations" />
|
||||
</section>
|
||||
<section name="Quota Settings">
|
||||
<entry name="quota_quotas" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,8 @@
|
|||
<pdf type="zarafaAddressListType" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_zarafaAddressList_cn">
|
||||
<entry name="zarafaAddressList_zarafaBase" />
|
||||
<entry name="zarafaAddressList_zarafaFilter" />
|
||||
<entry name="zarafaAddressList_zarafaAccount" />
|
||||
<entry name="zarafaAddressList_zarafaHidden" />
|
||||
</section>
|
||||
</pdf>
|
|
@ -0,0 +1,10 @@
|
|||
<pdf type="zarafaDynamicGroupType" filename="printLogo.jpg" headline="LDAP Account Manager">
|
||||
<section name="_zarafaDynamicGroup_cn">
|
||||
<entry name="zarafaDynamicGroup_mail" />
|
||||
<entry name="zarafaDynamicGroup_zarafaAliases" />
|
||||
<entry name="zarafaDynamicGroup_zarafaBase" />
|
||||
<entry name="zarafaDynamicGroup_zarafaFilter" />
|
||||
<entry name="zarafaDynamicGroup_zarafaAccount" />
|
||||
<entry name="zarafaDynamicGroup_zarafaHidden" />
|
||||
</section>
|
||||
</pdf>
|
After Width: | Height: | Size: 18 KiB |
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
profname: default
|
||||
ldap_suffix: -
|
||||
ldap_rdn: cn
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
profname: default
|
||||
ldap_suffix: -
|
||||
ldap_rdn: cn
|
|
@ -0,0 +1,3 @@
|
|||
profname: default
|
||||
ldap_suffix: -
|
||||
ldap_rdn: cn
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
shadowAccount_shadowWarning: 10
|
||||
shadowAccount_shadowInactive: 10
|
||||
shadowAccount_shadowMin: 1
|
||||
shadowAccount_shadowMax: 365
|
||||
sambaAccount_useunixpwd: true
|
||||
sambaAccount_acctFlagsN: false
|
||||
sambaAccount_acctFlagsX: true
|
||||
sambaAccount_acctFlagsD: false
|
||||
sambaAccount_homeDrive: U:
|
||||
sambaSamAccount_useunixpwd: true
|
||||
sambaSamAccount_sambaAcctFlagsN: false
|
||||
sambaSamAccount_sambaAcctFlagsX: true
|
||||
sambaSamAccount_sambaAcctFlagsD: false
|
||||
sambaSamAccount_sambaHomeDrive: U:
|
||||
sambaSamAccount_group: 513
|
||||
posixAccount_homeDirectory: /home/$user
|
||||
posixAccount_loginShell: /bin/bash
|
||||
asteriskAccount_AstAccountHost: dynamic
|
||||
asteriskAccount_AstAccountContext: default
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,68 @@
|
|||
# LDAP Account Manager configuration
|
||||
#
|
||||
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
|
||||
#
|
||||
###################################################################################################
|
||||
|
||||
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
|
||||
serverURL: ldap://localhost:389
|
||||
|
||||
# list of users who are allowed to use LDAP Account Manager
|
||||
# names have to be seperated by semicolons
|
||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
admins: cn=Manager,dc=my-domain,dc=com
|
||||
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==
|
||||
|
||||
# suffix of tree view
|
||||
# e.g. dc=yourdomain,dc=org
|
||||
treesuffix: dc=yourdomain,dc=org
|
||||
|
||||
# default language (a line from config/language)
|
||||
defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain)
|
||||
|
||||
# Path to external Script
|
||||
scriptPath:
|
||||
|
||||
# Server of external Script
|
||||
scriptServer:
|
||||
|
||||
# Access rights for home directories
|
||||
scriptRights: 750
|
||||
|
||||
# Number of minutes LAM caches LDAP searches.
|
||||
cachetimeout: 5
|
||||
|
||||
# LDAP search limit.
|
||||
searchLimit: 0
|
||||
|
||||
# Module settings
|
||||
|
||||
modules: posixAccount_minUID: 10000
|
||||
modules: posixAccount_maxUID: 30000
|
||||
modules: posixAccount_minMachine: 50000
|
||||
modules: posixAccount_maxMachine: 60000
|
||||
modules: posixGroup_minGID: 10000
|
||||
modules: posixGroup_maxGID: 20000
|
||||
modules: posixGroup_pwdHash: SSHA
|
||||
modules: posixAccount_pwdHash: SSHA
|
||||
|
||||
# List of active account types.
|
||||
activeTypes: user,group
|
||||
|
||||
|
||||
types: suffix_user: ou=People,dc=my-domain,dc=com
|
||||
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
|
||||
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
|
||||
|
||||
types: suffix_group: ou=group,dc=my-domain,dc=com
|
||||
types: attr_group: #cn;#gidNumber;#memberUID;#description
|
||||
types: modules_group: posixGroup
|
||||
|
||||
# Password mail subject
|
||||
lamProMailSubject: Your password was reset
|
||||
|
||||
# Password mail text
|
||||
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
|
||||
|
|
@ -0,0 +1,217 @@
|
|||
# LDAP Account Manager configuration
|
||||
#
|
||||
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
|
||||
#
|
||||
###################################################################################################
|
||||
|
||||
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
|
||||
ServerURL: ldap://pdc.my-domain.com
|
||||
|
||||
# list of users who are allowed to use LDAP Account Manager
|
||||
# names have to be seperated by semicolons
|
||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
Admins: cn=Administrator,cn=users,dc=my-domain,dc=com
|
||||
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
Passwd: {SSHA}D05GxzVwo3vmuNLSNmkPiJ8x5u8= JgqZFQ==
|
||||
|
||||
# suffix of tree view
|
||||
# e.g. dc=yourdomain,dc=org
|
||||
treesuffix: dc=my-domain,dc=com
|
||||
|
||||
# default language (a line from config/language)
|
||||
defaultLanguage: en_GB.utf8
|
||||
|
||||
# Path to external Script
|
||||
scriptPath:
|
||||
|
||||
# Server of external Script
|
||||
scriptServer:
|
||||
|
||||
# Access rights for home directories
|
||||
scriptRights: 750
|
||||
|
||||
# Number of minutes LAM caches LDAP searches.
|
||||
cachetimeout: 5
|
||||
|
||||
# LDAP search limit.
|
||||
searchLimit: 0
|
||||
|
||||
# Module settings
|
||||
|
||||
modules: posixAccount_minUID: 10000
|
||||
modules: posixAccount_maxUID: 30000
|
||||
modules: posixAccount_minMachine: 50000
|
||||
modules: posixAccount_maxMachine: 60000
|
||||
modules: posixGroup_minGID: 10000
|
||||
modules: posixGroup_maxGID: 20000
|
||||
modules: posixGroup_pwdHash: SSHA
|
||||
modules: posixAccount_pwdHash: SSHA
|
||||
|
||||
# List of active account types.
|
||||
activeTypes: user,group,host
|
||||
|
||||
|
||||
types: suffix_user: dc=my-domain,dc=com
|
||||
types: attr_user: #cn;#givenName;#sn;#mail
|
||||
types: modules_user: windowsUser
|
||||
|
||||
types: suffix_group: dc=my-domain,dc=com
|
||||
types: attr_group: #cn;#member;#description
|
||||
types: modules_group: windowsGroup
|
||||
|
||||
types: suffix_host: CN=Computers,dc=my-domain,dc=com
|
||||
types: attr_host: #cn;#description;#location
|
||||
types: modules_host: windowsHost
|
||||
|
||||
types: suffix_smbDomain: dc=my-domain,dc=com
|
||||
types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
|
||||
types: modules_smbDomain: sambaDomain
|
||||
|
||||
# Password mail subject
|
||||
lamProMailSubject: Your password was reset
|
||||
|
||||
# Password mail text
|
||||
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
|
||||
|
||||
|
||||
|
||||
# enable TLS encryption
|
||||
useTLS: no
|
||||
|
||||
|
||||
# Access level for this profile.
|
||||
accessLevel: 100
|
||||
|
||||
|
||||
# Login method.
|
||||
loginMethod: list
|
||||
|
||||
|
||||
# Search suffix for LAM login.
|
||||
loginSearchSuffix: dc=yourdomain,dc=org
|
||||
|
||||
|
||||
# Search filter for LAM login.
|
||||
loginSearchFilter: uid=%USER%
|
||||
|
||||
|
||||
# Bind DN for login search.
|
||||
loginSearchDN:
|
||||
|
||||
|
||||
# Bind password for login search.
|
||||
loginSearchPassword:
|
||||
|
||||
|
||||
# HTTP authentication for LAM login.
|
||||
httpAuthentication: false
|
||||
|
||||
|
||||
# Password mail from
|
||||
lamProMailFrom:
|
||||
|
||||
|
||||
# Password mail reply-to
|
||||
lamProMailReplyTo:
|
||||
|
||||
|
||||
# Password mail is HTML
|
||||
lamProMailIsHTML: false
|
||||
types: filter_user:
|
||||
types: filter_group:
|
||||
types: filter_host:
|
||||
types: filter_smbDomain:
|
||||
types: hidden_group:
|
||||
types: hidden_host:
|
||||
types: hidden_smbDomain:
|
||||
tools: tool_hide_toolServerInformation: false
|
||||
tools: tool_hide_toolFileUpload: false
|
||||
tools: tool_hide_toolPDFEditor: false
|
||||
tools: tool_hide_toolOUEditor: false
|
||||
tools: tool_hide_toolProfileEditor: false
|
||||
tools: tool_hide_toolTests: false
|
||||
tools: tool_hide_toolSchemaBrowser: false
|
||||
modules: windowsGroup_hidemail: false
|
||||
types: hidden_user:
|
||||
modules: customScripts_scripts: user postModify echo $INFO.userPasswordClearText$
|
||||
modules: customScripts_containsHTML: false
|
||||
modules: customScripts_hideCommand: false
|
||||
modules: zarafa_schema: ad
|
||||
modules: zarafaUser_hideQuotaOverride: false
|
||||
modules: zarafaUser_hideQuotaWarn: false
|
||||
modules: zarafaUser_hideQuotaSoft: false
|
||||
modules: zarafaUser_hideQuotaHard: false
|
||||
modules: zarafaUser_hideSendAsPrivilege: false
|
||||
modules: zarafaUser_hideSharedStoreOnly: false
|
||||
modules: zarafaUser_hideResourceType: false
|
||||
modules: zarafaUser_hideResourceCapacity: false
|
||||
modules: zarafaUser_hideAccount: false
|
||||
modules: zarafaUser_hideZarafaUserArchiveServers: false
|
||||
modules: zarafaUser_hideUserServer: false
|
||||
modules: zarafaUser_hideFeatures: false
|
||||
modules: zarafaUser_hideAliases: false
|
||||
modules: zarafaUser_sendAsAttribute: dn
|
||||
modules: zarafaGroup_hideSendAsPrivilege: false
|
||||
modules: zarafaServer_hideProxyURL: false
|
||||
types: hidden_zarafaAddressListType:
|
||||
types: suffix_zarafaAddressListType: OU=zarafa,DC=samba4,DC=test
|
||||
types: filter_zarafaAddressListType:
|
||||
types: attr_zarafaAddressListType: #cn;#zarafaBase;#zarafaFilter
|
||||
types: modules_zarafaAddressListType: zarafaAddressList
|
||||
types: hidden_zarafaDynamicGroupType:
|
||||
types: suffix_zarafaDynamicGroupType: OU=zarafa,DC=samba4,DC=test
|
||||
types: filter_zarafaDynamicGroupType:
|
||||
types: attr_zarafaDynamicGroupType: #cn;#mail;#zarafaaliases;#zarafaBase;#zarafaFilter
|
||||
types: modules_zarafaDynamicGroupType: zarafaDynamicGroup
|
||||
modules: windowsGroup_hideotherMailbox: false
|
||||
types: hideNewButton_user:
|
||||
types: hideDeleteButton_user:
|
||||
types: hideNewButton_group:
|
||||
types: hideDeleteButton_group:
|
||||
types: hideNewButton_host:
|
||||
types: hideDeleteButton_host:
|
||||
types: hideNewButton_zarafaDynamicGroupType:
|
||||
types: hideDeleteButton_zarafaDynamicGroupType:
|
||||
types: hideNewButton_zarafaAddressListType:
|
||||
types: hideDeleteButton_zarafaAddressListType:
|
||||
modules: windowsGroup_hidemanagedBy: true
|
||||
modules: passwordSelfReset_questions: Bla1?+::+Bla2?
|
||||
modules: posixGroup_gidGenerator: range
|
||||
modules: posixGroup_sambaIDPoolDN:
|
||||
modules: posixGroup_gidCheckSuffix:
|
||||
modules: posixAccount_uidGeneratorUsers: range
|
||||
modules: posixAccount_sambaIDPoolDNUsers:
|
||||
modules: posixAccount_uidCheckSuffixUser:
|
||||
modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
|
||||
modules: posixAccount_hidegecos: false
|
||||
modules: posixAccount_primaryGroupAsSecondary: false
|
||||
modules: posixAccount_userNameSuggestion: @givenname@%sn%
|
||||
modules: windowsUser_domains: my-domain.com
|
||||
modules: windowsUser_hidesAMAccountName: false
|
||||
tools: tool_hide_toolMultiEdit: false
|
||||
|
||||
|
||||
# follow referrals
|
||||
followReferrals: false
|
||||
|
||||
|
||||
# paged results
|
||||
pagedResults: false
|
||||
|
||||
|
||||
# Allow alternate address
|
||||
lamProMailAllowAlternateAddress: true
|
||||
modules: windowsGroup_hidemsSFU30Name: true
|
||||
modules: windowsGroup_hidemsSFU30NisDomain: true
|
||||
modules: windowsUser_hidemsSFU30Name: true
|
||||
modules: windowsUser_hidemsSFU30NisDomain: true
|
||||
types: customLabel_user:
|
||||
types: customLabel_group:
|
||||
types: customLabel_host:
|
||||
types: customLabel_zarafaDynamicGroupType:
|
||||
types: customLabel_zarafaAddressListType:
|
||||
types: readOnly_user:
|
||||
types: readOnly_group:
|
||||
types: readOnly_host:
|
||||
types: readOnly_zarafaAddressListType:
|
|
@ -0,0 +1,186 @@
|
|||
This software is copyright (c) 2003 - 2015 by Roland Gruber
|
||||
|
||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||
files are licensed under the conditions which you accepted at purchase
|
||||
time.
|
||||
|
||||
* templates/lists/changePassword.php
|
||||
* templates/selfService/*
|
||||
* templates/config/jobs.php
|
||||
* lib/cron.*
|
||||
* lib/database.inc*
|
||||
* lib/jobs.inc*
|
||||
* lib/modules/aliasEntry.inc
|
||||
* lib/modules/automount.inc
|
||||
* lib/modules/bindDLZ.inc
|
||||
* lib/modules/customFields.inc
|
||||
* lib/modules/customScripts.inc
|
||||
* lib/modules/device.inc
|
||||
* lib/modules/groupOfNames.inc
|
||||
* lib/modules/groupOfNamesUser.inc
|
||||
* lib/modules/groupOfUniqueNames.inc
|
||||
* lib/modules/heimdalKerberos.inc
|
||||
* lib/modules/ipHost.inc
|
||||
* lib/modules/mitKerberos.inc
|
||||
* lib/modules/mitKerberosStructural.inc
|
||||
* lib/modules/namedObject.inc
|
||||
* lib/modules/nisObject.inc
|
||||
* lib/modules/passwordSelfReset.inc
|
||||
* lib/modules/oracleService.inc
|
||||
* lib/modules/organizationalRole*.inc
|
||||
* lib/modules/ppolicy.inc
|
||||
* lib/modules/ppolicyUser.inc
|
||||
* lib/modules/qmailUser.inc
|
||||
* lib/modules/rfc2307bisAutomount.inc
|
||||
* lib/modules/rfc2307bisPosixGroup.inc
|
||||
* lib/modules/selfRegistration.inc
|
||||
* lib/modules/sudoRole.inc
|
||||
* lib/modules/uidObject.inc
|
||||
* lib/modules/zarafaAddressList.inc
|
||||
* lib/modules/zarafaContact.inc
|
||||
* lib/modules/zarafaDynamicGroup.inc
|
||||
* lib/modules/zarafaGroup.inc
|
||||
* lib/modules/zarafaServer.inc
|
||||
* lib/modules/zarafaUser.inc
|
||||
* lib/types/alias.inc
|
||||
* lib/types/bind.inc
|
||||
* lib/types/automountType.inc
|
||||
* lib/types/gon.inc
|
||||
* lib/types/nisObjectType.inc
|
||||
* lib/types/oracleContextType.inc
|
||||
* lib/types/ppolicyType.inc
|
||||
* lib/types/sudo.inc
|
||||
* lib/types/zarafaAddressListType.inc
|
||||
* lib/types/zarafaDynamicGroupType.inc
|
||||
|
||||
|
||||
All other files are licensed under the conditions below.
|
||||
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
|
||||
The complete license can be found in the file COPYING.
|
||||
|
||||
|
||||
Some parts of this package have other, compatible licences. These are:
|
||||
|
||||
A:
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software to use, copy, modify, distribute, sublicense, and/or sell
|
||||
copies of the software, and to permit persons to whom the software is furnished
|
||||
to do so.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
|
||||
|
||||
|
||||
B:
|
||||
|
||||
Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream
|
||||
Vera is a trademark of Bitstream, Inc.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of the fonts accompanying this license ("Fonts") and associated
|
||||
documentation files (the "Font Software"), to reproduce and distribute
|
||||
the Font Software, including without limitation the rights to use,
|
||||
copy, merge, publish, distribute, and/or sell copies of the Font
|
||||
Software, and to permit persons to whom the Font Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright and trademark notices and this permission notice
|
||||
shall be included in all copies of one or more of the Font Software
|
||||
typefaces.
|
||||
|
||||
The Font Software may be modified, altered, or added to, and in
|
||||
particular the designs of glyphs or characters in the Fonts may be
|
||||
modified and additional glyphs or characters may be added to the
|
||||
Fonts, only if the fonts are renamed to names not containing either
|
||||
the words "Bitstream" or the word "Vera".
|
||||
|
||||
This License becomes null and void to the extent applicable to Fonts
|
||||
or Font Software that has been modified and is distributed under the
|
||||
"Bitstream Vera" names.
|
||||
|
||||
The Font Software may be sold as part of a larger software package but
|
||||
no copy of one or more of the Font Software typefaces may be sold by
|
||||
itself.
|
||||
|
||||
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
|
||||
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL
|
||||
BITSTREAM OR THE GNOME FOUNDATION BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
||||
OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL,
|
||||
OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
||||
OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONT
|
||||
SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
|
||||
|
||||
Except as contained in this notice, the names of Gnome, the Gnome
|
||||
Foundation, and Bitstream Inc., shall not be used in advertising or
|
||||
otherwise to promote the sale, use or other dealings in this Font
|
||||
Software without prior written authorization from the Gnome Foundation
|
||||
or Bitstream Inc., respectively. For further information, contact:
|
||||
fonts at gnome dot org.
|
||||
|
||||
|
||||
C:
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License (LGPL) as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
For more details on the GNU Lesser General Public License,
|
||||
see http://www.gnu.org/copyleft/lesser.html
|
||||
|
||||
|
||||
D:
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
|
||||
Programs and licenses with other licenses and/or authors than the
|
||||
main license and authors:
|
||||
|
||||
lib/fpdf.php A 2008 Olivier Plathey
|
||||
lib/font/Vera* B 2003 Bitstream, Inc.
|
||||
templates/lib/*wz_tooltip.js C Walter Zorn
|
||||
lib/3rdParty/phpseclib D Jim Wigginton
|
||||
templates/lib/*jquery*.js D 2010 John Resig, Paul Bakaus, Fred Heusschen
|
||||
templates/lib/*jquery-validationEngine-*.js D 2010 Cedric Dugas and Olivier Refalo
|
||||
templates/lib/*jquery-fineuploader-*.js D 2010 Andrew Valums
|
||||
|
||||
|
|
@ -0,0 +1,105 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Developer FAQ</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Developer FAQ<br>
|
||||
</h1>
|
||||
<br>
|
||||
<div style="text-align: left;"><big><span style="font-weight: bold;">Q:
|
||||
Where is the ldap/config object?</span></big><br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">A:</span></big> The ldap object
|
||||
is in <span style="color: rgb(204, 0, 0); font-weight: bold;">$_SESSION['ldap']</span>
|
||||
and the config object in <span
|
||||
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']</span>.<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;"><br>
|
||||
</div>
|
||||
<div style="text-align: left;"><big><span style="font-weight: bold;">Q:
|
||||
How can I make LDAP operations, where is the user name and password?</span></big><br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"><big>A:</big> </span>LAM
|
||||
automatically reconnects to the LDAP server on every page load. You can
|
||||
use <span style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['ldap']->server()</span>
|
||||
which is the LDAP server handle.<br>
|
||||
Be sure to include ldap.inc before (automatically included for account
|
||||
modules).<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Example:</span> ldap_search(<span
|
||||
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['ldap']->server()</span><span
|
||||
style="color: rgb(204, 0, 0);"></span>, $suffix, $filter, $attributes)<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">Q: What is the LDAP suffix for
|
||||
the different account types?</span></big><br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">A:</span></big> Just call <span
|
||||
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']->get_Suffix($scope)</span>
|
||||
where $scope is the account type (user,group, ...).<br>
|
||||
Be sure to include ldap.inc before (automatically included for account
|
||||
modules).<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Example:</span> $suffix = <span
|
||||
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']->get_Suffix('user')</span><br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">Q: How can I check if the user is
|
||||
really logged in and not calling the scripts by hand?</span></big><br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">A:</span></big> After the user
|
||||
successfully logged in to LAM the variable <span
|
||||
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['loggedIn']</span>
|
||||
is set to true.<br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;"><br>
|
||||
<br>
|
||||
Q: What is the command for these error/warning/info messages?</span></big><br>
|
||||
<br>
|
||||
<big><span style="font-weight: bold;">A:</span></big> Your script must
|
||||
include status.inc (automatically included for account
|
||||
modules) to display these messages.<br>
|
||||
The command is <span style="font-weight: bold;">StatusMessage(<type>,
|
||||
<headline>, <text>[, <variables>])</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Parameters:</span><br>
|
||||
<ul>
|
||||
<li><span style="font-weight: bold;"><type>:</span> message
|
||||
type ("ERROR", "WARN", "INFO")</li>
|
||||
<li><span style="font-weight: bold;"><headline>:</span>
|
||||
headline for the message (may include format tags)<br>
|
||||
</li>
|
||||
<li><span style="font-weight: bold;"><type>:</span> text for
|
||||
the message (may include format tags)</li>
|
||||
<li><span style="font-weight: bold;"><variables>:</span>
|
||||
optional, array of variables to include in headline/text<br>
|
||||
The positions in headline/text must be marked with %s before.</li>
|
||||
</ul>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Format of special tags:</span><br>
|
||||
<ul>
|
||||
<li><span style="font-weight: bold;">{bold}</span>text<span
|
||||
style="font-weight: bold;">{endbold}:</span> "text" is printed bold</li>
|
||||
<li><span style="font-weight: bold;">{color=#123456}</span>text<span
|
||||
style="font-weight: bold;">{endcolor}:</span> "text" is printed in
|
||||
given color</li>
|
||||
<li><span style="font-weight: bold;">{link=http://nodomain.org}</span>text<span
|
||||
style="font-weight: bold;">{endlink}:</span> This will add a link to
|
||||
http://nodomain.org which will be labeled "text"<br>
|
||||
</li>
|
||||
</ul>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,44 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head>
|
||||
|
||||
|
||||
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Account modules</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<h1 style="text-align: center;">Account modules<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><img alt="base module" src="images/lam_baseModule.png" style="width: 531px; height: 207px;"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<div style="text-align: left;">The account modules control all the
|
||||
functionality which is specific for LDAP accounts or parts of them.
|
||||
E.g. they define the account detail pages where the user can edit
|
||||
accounts, the profile editor sections and much more. They are the core
|
||||
of LAM.<br>
|
||||
<br>
|
||||
All account modules are saved in <span style="font-weight: bold;">lib/modules/</span>.<br>
|
||||
If your module needs any include files etc. please save it in <span style="font-weight: bold;">lib/modules/<name of your module>.</span><br>
|
||||
<br>
|
||||
Please take a look at the <a href="mod_index.htm">module HowTo</a> for
|
||||
an example to write your own modules.<br>
|
||||
The complete specification for the module interface can be found <a href="phpdoc/modules/baseModule.html">here</a>.<br>
|
||||
<br>
|
||||
<h2>Superclass</h2>
|
||||
All <span style="font-weight: bold;">account modules</span> should be
|
||||
subclasses of the <a href="base_module.htm">baseModule</a>.<br>
|
||||
This allows them to benefit from the meta data in the baseModule and
|
||||
reduces very much the code since not the complete module interface has
|
||||
to be implemented.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Module detection</h2>
|
||||
New modules can simply be copied to <span style="font-weight: bold;">lib/modules</span>.
|
||||
LAM will check what files are inside the directory and provide the user
|
||||
new modules automatically.<br>
|
||||
There is no extra configuration file.<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,141 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Account modules (modules.inc)</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Account modules (modules.inc)<br>
|
||||
</h1>
|
||||
<br>
|
||||
<span style="font-style: italic;">Modules.inc</span> provides the
|
||||
interface to all module specific functions. It includes a list of
|
||||
account independent function and the <span style="font-weight: bold;">accountContainer</span>
|
||||
class. This class represents an LDAP account.<br>
|
||||
You should never call module functions directly, always use a function
|
||||
in <span style="font-style: italic;">modules.inc</span>.<br>
|
||||
<br>
|
||||
<h2>Account independent functions:</h2>
|
||||
<br>
|
||||
<h3>General functions:</h3>
|
||||
<span style="font-weight: bold;">getModuleAlias:</span> This returns
|
||||
the alias name of a module. It is used to label buttons or fieldsets.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">parseHtml:</span> Converts the LAM
|
||||
meta HTML code to real HTML code.<br>
|
||||
<span style="font-weight: bold;"></span><br>
|
||||
<br>
|
||||
<h3>Functions for LAM configuration:</h3>
|
||||
<span style="font-weight: bold;">is_base_module:</span> When the given
|
||||
module is a <span style="font-style: italic;">base module</span> then
|
||||
this returns <span style="font-style: italic;">true</span>. Every
|
||||
account type needs exactly one <span style="font-style: italic;">base
|
||||
module</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getModulesDependencies:</span> Account
|
||||
modules can specify dependencies to other modules. E.g. Samba accounts
|
||||
always need a Unix part.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">check_module_depends/check_module_conflicts:</span>
|
||||
This function checks if all module dependencies are satisfied.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getAvailableModules:</span> Returns a
|
||||
list of available modules. If you need a list of all active modules use
|
||||
<span style="font-weight: bold;">$_SESSION['config']-></span><span
|
||||
class="method-title"><span style="font-weight: bold;">get_AccountModules()</span>.</span><br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getConfigOptions:</span> Returns a
|
||||
list of all configuration options which were defined by the modules.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getConfigDescriptions:</span> Returns
|
||||
a list of all configuration descriptions and titles for the fieldsets.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">checkConfigOptions:</span> Checks if
|
||||
the user filled in valid values for each option.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Account list functions:</h3>
|
||||
<span style="font-weight: bold;">get_ldap_filter:</span> Each account
|
||||
list shows only entries which match a given LDAP search filter.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Profile/account pages:</h3>
|
||||
<span style="font-weight: bold;">getRDNAttributes:</span> This returns
|
||||
a list of possible LDAP <span style="font-style: italic;">RDN</span>
|
||||
attributes. LAM needs this to build the <span
|
||||
style="font-style: italic;">DN</span> for new accounts.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getProfileOptions:</span> Returns a
|
||||
list of all profile options which were defined by the account modules.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">checkProfileOptions:</span> Checks if
|
||||
all module options are correct.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Help functions:</h3>
|
||||
<span style="font-weight: bold;">getHelp:</span> Returns a module help
|
||||
entry.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>PDF functions:</h3>
|
||||
<span style="font-weight: bold;">getAvailablePDFFields:</span> Returns
|
||||
a list of possible PDF fields.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Upload functions:</h3>
|
||||
<span style="font-weight: bold;">getUploadColumns:</span> Returns a
|
||||
list of possible upload columns and additional information like a
|
||||
description, help entry and example value.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">buildUploadAccounts:</span> Takes the
|
||||
input of the CSV file and builds the LDAP accounts.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">doUploadPostActions:</span> Manages
|
||||
the execution of actions which need to be done after the accounts are
|
||||
created.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Class accountContainer:</h2>
|
||||
This class represents a complete LDAP account. It manages all functions
|
||||
which concern a specific LDAP entry.<br>
|
||||
<br>
|
||||
<h4>Important variables:</h4>
|
||||
There are some class variables which can be of important use in the
|
||||
account modules.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">module:</span> List of account modules
|
||||
(array('name' => 'object')).<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">isNewAccount:</span> This variable is <span
|
||||
style="font-style: italic;">true</span> when the account is newly
|
||||
created, <span style="font-style: italic;">false</span> if loaded from
|
||||
LDAP.<br>
|
||||
<br>
|
||||
<h4>Function list:</h4>
|
||||
<span style="font-weight: bold;">continue_main:</span> This function is
|
||||
called when an account page is displayed. It generates the HTML code
|
||||
for the account pages.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span><span style="font-weight: bold;">save_module_attributes:</span>
|
||||
Finds
|
||||
differences between current and original account.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">load_account:</span> Loads an LDAP
|
||||
account.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">new_account:</span> Creates a new
|
||||
account.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">save_account:</span> Saves an account
|
||||
to LDAP.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">get_pdfEntries:</span> Returns the PDF
|
||||
values of an account.<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Account pages</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Account pages<br>
|
||||
</h1>
|
||||
<br>
|
||||
The account pages are the user interface to create/modify LDAP
|
||||
accounts. It allows setting basic attributes like the LDAP suffix and
|
||||
is responsible to show module specific pages. <br>
|
||||
<br>
|
||||
<br>
|
||||
The main script for the account pages is located in <span
|
||||
style="font-style: italic;">templates/account/edit.php</span>. It has
|
||||
a very simple content. If the page is loaded for the first time it
|
||||
creates a new <span style="font-weight: bold;">accountContainer</span>
|
||||
inside the session and tells it to load/create an LDAP account. Then it
|
||||
calles the <span style="font-weight: bold;">continue_main()</span>
|
||||
function of the <span style="font-weight: bold;">accountContainer</span>
|
||||
object which prints all HTML output.<br>
|
||||
<br>
|
||||
Managing of user input etc. is completly made by the <span
|
||||
style="font-weight: bold;">accountContainer</span>.<br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,47 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Account types</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Account types<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><img alt="base module"
|
||||
src="images/lam_baseType.png"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<div style="text-align: left;">The account types define what kind of
|
||||
accounts can be managed with LAM. If you want to create a new account
|
||||
module which does not fit in the existing classes of users, groups and
|
||||
hosts then you need your own account type.<br>
|
||||
<br>
|
||||
All account types are saved in <span style="font-weight: bold;">lib/types/</span>.<br>
|
||||
<br>
|
||||
Please take a look at the <a href="type_index.htm">type HowTo</a> for
|
||||
an example to write your own types.<br>
|
||||
The complete specification for the type interface can be found <a
|
||||
href="types-specification.htm">here</a>.<br>
|
||||
<br>
|
||||
<h2>Superclass</h2>
|
||||
All <span style="font-weight: bold;">account types</span> should be
|
||||
subclasses of the <a href="base_type.htm">baseType</a>.<br>
|
||||
This reduces very much the code since not the complete type interface
|
||||
has
|
||||
to be implemented.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Type detection</h2>
|
||||
New types can simply be copied to <span style="font-weight: bold;">lib/types</span>.
|
||||
LAM will check what files are inside the directory and provide the user
|
||||
new types automatically.<br>
|
||||
There is no extra configuration file.<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,43 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Account types (types.inc)</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Account types (types.inc)<br>
|
||||
</h1>
|
||||
<br>
|
||||
<span style="font-style: italic;">Types.inc</span> is the interface to
|
||||
the account types. It provides information about the type alias names,
|
||||
descriptions and other things.<br>
|
||||
<br>
|
||||
<h2>Functions:</h2>
|
||||
<br>
|
||||
<h3>General functions:</h3>
|
||||
<span style="font-weight: bold;">getAlias:</span> This returns
|
||||
the alias name of a type. It is used to label buttons or fieldsets.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getDescription:</span> Returns a
|
||||
description for the account type.<br>
|
||||
<span style="font-weight: bold;"></span><br>
|
||||
<br>
|
||||
<h3>Functions for list views:</h3>
|
||||
<span style="font-weight: bold;">getListClassName:</span> Here you can
|
||||
specify your own class to handle the list view. This is needed to
|
||||
label the buttons in the list view.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getDefaultListAttributes:</span>
|
||||
Returns the default setting for the displayed list attributes. It is
|
||||
used as default for the LAM configuration.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">getListAttributeDescriptions:</span>
|
||||
Returns a hash array which contains predefined, translated descriptions
|
||||
of LDAP attributes.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span><br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,65 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head>
|
||||
|
||||
|
||||
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Base module</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<h1 style="text-align: center;">Base module<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><img alt="base module" src="images/lam_baseModule.png" style="width: 531px; height: 207px;"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<div style="text-align: left;">The <span style="font-weight: bold;">baseModule</span>
|
||||
is the parent class of all account modules. <br>
|
||||
It implements most functions of the <a href="phpdoc/modules/baseModule.html">module interface</a> and provides
|
||||
the possibility to use <span style="font-style: italic;">meta data</span>
|
||||
for the module functions.<br>
|
||||
There are also some class variables which are useful for the child
|
||||
classes.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Meta data</h2>
|
||||
The <span style="font-weight: bold;">baseModule</span> allows you to
|
||||
not implement the <a href="phpdoc/modules/baseModule.html">module
|
||||
interface</a> directly but to provide <span style="font-style: italic;">meta
|
||||
data</span> which is interpreted by the <span style="font-weight: bold;">baseModule</span>.<br>
|
||||
If you do not use certain functions of the interface the <span style="font-weight: bold;">baseModule</span> also provides dummy
|
||||
functions. E.g. if your module needs no configuration option you can
|
||||
just skip this function in your code and the <span style="font-weight: bold;">baseModule</span> will tell the
|
||||
configuration part that there is no option.<br>
|
||||
<br>
|
||||
To <span style="font-style: italic;">define meta</span> data you have
|
||||
to implement the function <span style="font-weight: bold; font-style: italic;">get_metaData()</span>.
|
||||
This function must return a hash array with the meta options as array
|
||||
keys.<br>
|
||||
Please refer to the <a href="phpdoc/modules/baseModule.html">module
|
||||
interface</a> for details about the format of <span style="font-style: italic;">meta data</span>.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Functions<br>
|
||||
</h2>
|
||||
<span style="font-weight: bold;">get_scope():</span> This function
|
||||
returns the account type ("user", "group", ...) of the module.<br>
|
||||
<br>
|
||||
For a list of <span style="font-style: italic;">meta data</span>
|
||||
functions please refer to the <a href="phpdoc/modules/baseModule.html">module
|
||||
interface</a>.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Class variables</h2>
|
||||
<span style="font-weight: bold;">$moduleSettings:</span> This variable
|
||||
contains the configuration settings of all modules.<br>
|
||||
<span style="font-weight: bold;">$base:</span> This is the name of the
|
||||
parent <span style="font-style: italic;">accountContainer</span>
|
||||
($_SESSION[$base]).<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,27 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Base type</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Base type<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><img alt="base type"
|
||||
src="images/lam_baseType.png"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<div style="text-align: left;">The <span style="font-weight: bold;">baseType</span>
|
||||
is the parent class of all account types. <br>
|
||||
It implements all functions of the <a href="types-specification.htm">type
|
||||
interface</a>.<br>
|
||||
<br>
|
||||
However, you surely want to override most of the functions in your
|
||||
account type class.<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,62 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>config.inc</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">config.inc</h1>
|
||||
<br>
|
||||
<br>
|
||||
This file includes all functions needed to manage configuration
|
||||
profiles. It includes classes for the profiles itself and the master
|
||||
configuration (default profile, master password, etc.).<br>
|
||||
<br>
|
||||
There are also two global functions for general use: <span
|
||||
style="font-style: italic;">setlanguage</span> and <span
|
||||
style="font-style: italic;">metarefresh</span><br>
|
||||
<br>
|
||||
<h2>Meta refresh</h2>
|
||||
The global function <span
|
||||
style="font-weight: bold; font-style: italic;">metaRefresh()</span>
|
||||
takes an URL as argument and prints all HTML code needed for a meta
|
||||
refresh to this URL.<br>
|
||||
<br>
|
||||
<h2>Language</h2>
|
||||
LAM uses <span style="font-style: italic;">gettext</span> to translate
|
||||
the HTML pages to the different languages. Therefore some preferences
|
||||
need to be set on every page load. This is done by <span
|
||||
style="font-style: italic; font-weight: bold;">setlanguage()</span>.<br>
|
||||
The function should be called directly after starting the session.<br>
|
||||
<br>
|
||||
The list of possible languages is stored in <span
|
||||
style="font-style: italic;">config/language</span>. It includes the
|
||||
locale name, the character encoding an the language name.<br>
|
||||
All languages use UTF-8 as encoding because LDAP also stores values in
|
||||
this format.<br>
|
||||
<br>
|
||||
<h2>Configuration profiles</h2>
|
||||
Each configuration profile is saved in a single file in <span
|
||||
style="font-weight: bold;">config/</span>.<br>
|
||||
<br>
|
||||
There are two types of configuration options:<br>
|
||||
<ul>
|
||||
<li>Static options (LDAP server settings, etc.)<br>
|
||||
</li>
|
||||
<li>Module options (UID/GID ranges)<br>
|
||||
</li>
|
||||
</ul>
|
||||
All static options have a describing comment in the configuration file
|
||||
to make it easier for the user to modify the values. The dynamic
|
||||
options provided by the modules do not include a comment.<br>
|
||||
<br>
|
||||
<h2>Master configuration file</h2>
|
||||
LAM stores the default configuartion profile and a master password in <span
|
||||
style="font-style: italic;">config/config.cfg</span>.<br>
|
||||
The master password is verified when the user wants to create/delete
|
||||
configuration profiles.<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,45 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Configuration profiles</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Configuration profiles</h1>
|
||||
<br>
|
||||
LAM allows the user to store the configuration settings in <span
|
||||
style="font-weight: bold;">profiles</span>. This makes it easy to
|
||||
manage different LDAP servers. All profile files ae stored in <span
|
||||
style="font-weight: bold;">config/</span> and are named <span
|
||||
style="font-weight: bold;"><span style="font-style: italic;"><name></span>.conf</span>.<br>
|
||||
The <span style="font-weight: bold;">master configuration</span> file <span
|
||||
style="font-style: italic;">config/config.cfg</span> only stores the
|
||||
default profile and master password. It has the same file format as the
|
||||
profiles.<br>
|
||||
<br>
|
||||
<h2>File format</h2>
|
||||
LAM allows to store values and comments in the configuration files.
|
||||
Only one type per line is allowed, it is not possible to mix comments
|
||||
and values in the same line.<br>
|
||||
<br>
|
||||
<h3>Settings<br>
|
||||
</h3>
|
||||
<span style="font-weight: bold;"><identifier>: <value><br>
|
||||
<br>
|
||||
</span>The first word in the line is taken as identifier for the
|
||||
setting. It must be followed by a <span style="font-weight: bold;">":"</span>
|
||||
and a space.<br>
|
||||
The rest of the line is taken as the value for this setting.<br>
|
||||
<br>
|
||||
<h3>Comments</h3>
|
||||
<span style="font-weight: bold;"># Comment</span><br
|
||||
style="font-weight: bold;">
|
||||
<br>
|
||||
Comments always start with a <span style="font-weight: bold;">"#"</span>
|
||||
as first character and end at the line end. LAM will ignore all lines
|
||||
starting with a <span style="font-style: italic;">"#"</span>.<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,78 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>LAM - Configuration pages</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Configuration pages</h1>
|
||||
</div>
|
||||
<br>
|
||||
<div style="text-align: center;"><img
|
||||
style="width: 620px; height: 319px;" alt="configuration"
|
||||
src="images/lam_config.png"><br>
|
||||
<div style="text-align: left;">
|
||||
<h2>Configuration - Login (conflogin.php):</h2>
|
||||
This is the start page of the configuration editor. The user can select
|
||||
a profile for editing or go to the profile management page.<br>
|
||||
Each account profile is protected with a password which is stored in
|
||||
the profile.<br>
|
||||
The list of possible profiles is returned by <span
|
||||
style="font-style: italic; font-weight: bold;">getConfigProfiles()</span>
|
||||
in config.inc, the default profile is returned by an object of class <span
|
||||
style="font-weight: bold; font-style: italic;">CfgMain</span> from
|
||||
config.inc.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Configuration - Profile management (profmanage.php):</h2>
|
||||
Here the user can add and modify configuration profiles or change the
|
||||
configuration master password. <br>
|
||||
The configuration master password prevents unauthorised users from
|
||||
changing the profiles. The password is saved in config/config.cfg and
|
||||
managed via the <span style="font-style: italic; font-weight: bold;">CfgMain</span>
|
||||
class.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Configuration - Main page (confmain.php):</h2>
|
||||
This page presents all configuration settings for editing.<br>
|
||||
Some of the settings are module independent (e.g. server settings,
|
||||
language, ...) and displayed always.<br>
|
||||
The others are set up by the account modules. Only settings of
|
||||
currently selected modules are displayed.<br>
|
||||
Users may also change the profile password on this page.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Configuration - Module selection (confmodules.php):<br>
|
||||
</h2>
|
||||
On this page the user can select which account modules LAM should use.<br>
|
||||
The list of possible modules is returned by <span
|
||||
style="font-style: italic; font-weight: bold;">getAvailableModules()</span>
|
||||
in modules.inc and checked for dependencies/conflicts with <span
|
||||
style="font-weight: bold; font-style: italic;">check_module_depends()</span>
|
||||
and <span style="font-weight: bold; font-style: italic;">check_module_conflicts()</span>.<br>
|
||||
<br>
|
||||
Each account type needs exactly one <span style="font-style: italic;">base
|
||||
module</span>
|
||||
which is the base of a account by providing a structural object class.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>Configuration - Save settings (confsave.php):<br>
|
||||
</h2>
|
||||
This script checks the input and displays possible error messages or an
|
||||
overview of the saved settings.<br>
|
||||
The static settings are set and checked with an object of class <span
|
||||
style="font-style: italic; font-weight: bold;">Config</span> from
|
||||
config.inc.<br>
|
||||
The account modules manage the input validation for their fields and
|
||||
are also able to return error messages. This is done with <span
|
||||
style="font-weight: bold; font-style: italic;">checkConfigOptions()</span>
|
||||
from modules.inc.<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
After Width: | Height: | Size: 4.2 KiB |
After Width: | Height: | Size: 5.3 KiB |
After Width: | Height: | Size: 5.7 KiB |
After Width: | Height: | Size: 11 KiB |
After Width: | Height: | Size: 7.4 KiB |
After Width: | Height: | Size: 42 KiB |
After Width: | Height: | Size: 6.2 KiB |
After Width: | Height: | Size: 5.5 KiB |
After Width: | Height: | Size: 6.5 KiB |
|
@ -0,0 +1,132 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>LAM development documentation</title>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>LDAP Account Manager - Code overview</h1>
|
||||
These documents are supposed to give developers who want to modify LAM
|
||||
an overview of the codebase. It focuses mainly on what is done to
|
||||
generate the HTML output and the most important functions provided by
|
||||
the library files.<br>
|
||||
<br>
|
||||
<br>
|
||||
<img src="images/lam_overview.png" alt="overview" align="middle" border="0"><br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;">
|
||||
<table style="text-align: left; width: 100%;" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top; width: 33%;">
|
||||
<h2>Web pages:</h2>
|
||||
<ul>
|
||||
<li><a href="login.htm">Login</a><br>
|
||||
</li>
|
||||
<li><a href="config_pages.htm">Configuration</a></li>
|
||||
<li><a href="lists.htm">Account
|
||||
lists</a></li>
|
||||
<li><a href="tree_schema.htm">Tree view</a><br>
|
||||
</li>
|
||||
<li><a href="account_pages.htm">Account pages</a></li>
|
||||
<li><a href="tools.htm">Tools</a></li>
|
||||
<ul>
|
||||
<li><a href="profile_editor.htm">Profile editor</a></li>
|
||||
|
||||
<li><a href="upload.htm">File upload</a></li>
|
||||
<li><a href="ou-edit.htm">OU editor</a></li>
|
||||
<li><a href="pdf_editor.htm">PDF editor</a><br>
|
||||
</li>
|
||||
</ul>
|
||||
</ul>
|
||||
</td>
|
||||
<td style="vertical-align: top; width: 33%;">
|
||||
<h2>Libraries:</h2>
|
||||
<ul>
|
||||
<li><a href="account_modules_lib.htm">Account modules
|
||||
(modules.inc)</a></li>
|
||||
<li><a href="account_types_lib.htm">Account types (types.inc)</a><br>
|
||||
</li>
|
||||
<li><a href="pdf_libs.htm">PDF (pdf.inc, pdfstruct.inc)</a><br>
|
||||
</li>
|
||||
<li><a href="profiles.htm">Account profiles (profiles.inc)</a><br>
|
||||
</li>
|
||||
<li><a href="config.htm">Configuration (config inc)</a><br>
|
||||
</li>
|
||||
<li><a href="ldap.htm">LDAP
|
||||
(ldap.inc)</a><br>
|
||||
</li>
|
||||
<li><a href="other_libs.htm">other libraries</a></li>
|
||||
<ul>
|
||||
<li><a href="other_libs.htm#lamdaemon">Lamdaemon</a><br>
|
||||
</li>
|
||||
</ul>
|
||||
<ul>
|
||||
|
||||
<li><a href="other_libs.htm#lists">Account lists</a></li>
|
||||
<li><a href="other_libs.htm#status">Status messages</a></li>
|
||||
<li><a href="other_libs.htm#treeSchema">Tree view and schema
|
||||
browser</a><br>
|
||||
</li>
|
||||
</ul>
|
||||
</ul>
|
||||
</td>
|
||||
<td style="vertical-align: top; width: 33%;">
|
||||
<h2>Configuration files:</h2>
|
||||
<ul>
|
||||
<li><a href="base_module.htm">Base module</a></li>
|
||||
<li><a href="base_type.htm">Base type</a><br>
|
||||
</li>
|
||||
<li><a href="account_modules.htm">Account modules</a></li>
|
||||
<li><a href="account_types.htm">Account types</a><br>
|
||||
</li>
|
||||
<li><a href="pdf_profiles.htm">PDF templates</a></li>
|
||||
<li><a href="profile_files.htm">Account profiles</a></li>
|
||||
<li><a href="config_files.htm">Configuration profiles</a><br>
|
||||
</li>
|
||||
</ul>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<table width="100%">
|
||||
<tbody><tr valign="top">
|
||||
<td width="25%">
|
||||
<h2>Howtos</h2>
|
||||
<ul>
|
||||
<li><a href="mod_index.htm">Writing account modules</a></li>
|
||||
<li><a href="type_index.htm">Defining other account types</a></li>
|
||||
<li><a href="toolsHowTo.htm">Creating custom tools</a><br>
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</td>
|
||||
<td align="center" width="25%">
|
||||
<h2><a href="FAQ.htm">FAQ</a></h2>
|
||||
</td>
|
||||
<td width="25%">
|
||||
<h2>Specifications</h2>
|
||||
<ul>
|
||||
<li><a href="phpdoc/modules/baseModule.html">Module specification</a></li>
|
||||
<li><a href="types-specification.htm">Type specification<br>
|
||||
</a></li>
|
||||
</ul>
|
||||
</td>
|
||||
<td width="25%">
|
||||
<h2><a href="upgrade.htm">Upgrade notes</a></h2>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody></table>
|
||||
<br>
|
||||
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,55 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>ldap.inc</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">ldap.inc</h1>
|
||||
<br>
|
||||
<br>
|
||||
This library provides the access to the LDAP server and its content.<br>
|
||||
The <span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']</span>
|
||||
object reconnects automatically to the LDAP server on every page load.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>1. Server handle</h2>
|
||||
All PHP functions which access LDAP require a server handle as
|
||||
parameter. This is managed by ldap.inc.<br>
|
||||
You can access it with <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->server</span>.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Object classes</h2>
|
||||
Account modules may want to check if the current LDAP server supports
|
||||
all required object classes.<br>
|
||||
<span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->objectClasses
|
||||
</span>contains a list of object classes and their attributes which is
|
||||
read from the LDAP server.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>3. En-/Decryption</h2>
|
||||
For security reasons sensitive data like user passwords should be
|
||||
encrypted before storing in session.<br>
|
||||
<span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->encrypt(<string>)</span>
|
||||
encrypts a string and returns a binary object. This can be decrypted
|
||||
with <span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->decrypt(<object>)</span><br>
|
||||
<br>
|
||||
Ldap.inc will take care for the crypotographic key.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>4. Random values</h2>
|
||||
Ldap.inc contains a random integer value which is much more secure than
|
||||
calling <span style="font-style: italic;">mt_rand()</span>. The value
|
||||
changes on every page load and is accessible in <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->rand</span><span
|
||||
style="font-style: italic;">.</span><br>
|
||||
If you need multiple values you can get a new value by calling <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']->new_rand()</span><span
|
||||
style="font-style: italic;">.</span><br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,95 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head>
|
||||
|
||||
|
||||
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>LAM - Account lists</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head><body>
|
||||
<h1 style="text-align: center;">Account lists</h1>
|
||||
<br>
|
||||
<div style="text-align: center;"><img style="width: 496px; height: 177px;" alt="Account lists" src="images/lam_lists.png"><br>
|
||||
</div>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
The account lists are all built after the same schema. They provide a
|
||||
list of found accounts which can be restricted by LDAP filters and the
|
||||
LDAP OU (Organizational Unit).<br>
|
||||
<br>
|
||||
The list of LDAP attributes and thus table columns is taken from the
|
||||
configuration profile (<span style="font-weight: bold; font-style: italic;">get_...listAttributes()</span>
|
||||
in config.inc). Each account list has a separate list of attributes.<br>
|
||||
Only these attributes are given the LDAP search as attribute parameter.<br>
|
||||
There is also a predefined description list for the attributes in
|
||||
lists.inc. The user may use other values by setting them in the
|
||||
configuration profile.<br>
|
||||
<br>
|
||||
The number of accounts per page is limited by a list option. There will be links at the beginning and end of the
|
||||
list if more accounts were found.<br>
|
||||
<br>
|
||||
Several common helper functions for sorting and some page elements
|
||||
reside in lists.inc.<br>
|
||||
<br>
|
||||
<h2>1. Getting accounts from LDAP</h2>
|
||||
Each account list has its own LDAP suffix which is saved in the
|
||||
configuration profile. This is used as search base.<br>
|
||||
The account modules provide an LDAP filter (<span style="font-weight: bold; font-style: italic;">get_ldap_filter()</span>
|
||||
in modules.inc) to get only accounts of a special type.<br>
|
||||
<br>
|
||||
This list can be further reduced if the user provides an additional
|
||||
LDAP filter with the filter boxes or selects another LDAP OU with the
|
||||
drop-down-box.<br>
|
||||
<br>
|
||||
<h2>2. Caching LDAP accounts</h2>
|
||||
The lists usually do not ask the LDAP server for an account list every
|
||||
time the user changes the page. The accounts are cached in the session.<br>
|
||||
<br>
|
||||
A new LDAP search is done if the user:<br>
|
||||
<ul>
|
||||
<li>changes to another account list or tool</li>
|
||||
<li>adds/modifies an account</li>
|
||||
<li>selects the "refresh" button</li>
|
||||
<li>adds additional LDAP filters or changes the LDAP OU<br>
|
||||
</li>
|
||||
</ul>
|
||||
<br>
|
||||
It is <span style="font-style: italic;">not</span> done if the user:<br>
|
||||
<ul>
|
||||
<li>changes the list pages if there are more accounts than what can
|
||||
be shown</li>
|
||||
<li>sorts the list</li>
|
||||
</ul>
|
||||
<br>
|
||||
<h2>3. Adding/Editing accounts</h2>
|
||||
There are buttons at the end of the page to add/delete accounts. Adding
|
||||
accounts is done by account/edit.php and deleting by delete.php.<br>
|
||||
<br>
|
||||
The user can use the link in each account row to modify (in
|
||||
accounts/edit.php) the account. This can also be done by double
|
||||
clicking the row if Java Script is enabled.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>4. Export to PDF</h2>
|
||||
The user can generate PDF files for the accounts. This is done by the <span style="font-style: italic; font-weight: bold;">createModulePDF()</span>
|
||||
function from pdf.inc.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>5. Special abilities of some lists</h2>
|
||||
<h3>5.1. The user list</h3>
|
||||
If the attribute <span style="font-style: italic;">gidNumber</span> is
|
||||
shown as table column then there will be an additional checkbox to
|
||||
translate the GID to the group name.<br>
|
||||
This checkbox is hidden if <span style="font-style: italic;">gidNumber</span>
|
||||
is not part of the attribute list.<br>
|
||||
<br>
|
||||
<h3>5.2. The group list</h3>
|
||||
If the attribute memberUID is shown as table column then all values of
|
||||
this attribute are shown as links.<br>
|
||||
These links redirect to userlink.php which tries to find the given user
|
||||
and redirects to account/edit.php for account modifying.<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</body></html>
|
|
@ -0,0 +1,69 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>Login</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">Login<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<div style="text-align: left;">The <span style="font-style: italic;">login</span>
|
||||
page is the first page the user sees when opening LAM. It manages LDAP
|
||||
authentication and checks the environment of the user.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>login.php</h2>
|
||||
The login page offers authentication, language selection and profile
|
||||
selection. There are also some environment checks.<br>
|
||||
<br>
|
||||
<h3>Authentication</h3>
|
||||
The list of possible users is loaded from the current active profile.
|
||||
Only the RDN value is offered for selection by the user.<br>
|
||||
When the user submits his password then a new <span
|
||||
style="font-style: italic;">Ldap</span> object is created and LAM
|
||||
tries to connect to the LDAP server.<br>
|
||||
If the connection was successful the user is forwarded to the main
|
||||
frame (main.php). The session variable <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['loggedIn']</span>
|
||||
is set to <span style="font-style: italic;">true</span>. This informs
|
||||
the other PHP scripts that a valid user is connected (e.g. the user is
|
||||
allowed to create account profiles).<br>
|
||||
<br>
|
||||
<h3>Language selection</h3>
|
||||
The list of possible languages is read from <span
|
||||
style="font-weight: bold;">config/language</span>. The current active
|
||||
profile defines the preselected language and the language of the login
|
||||
page itself.<br>
|
||||
<br>
|
||||
<h3>Profile selection<br>
|
||||
</h3>
|
||||
The user can change the active configuration profile at login. A list
|
||||
of possible profiles is retrieved by <span
|
||||
style="font-weight: bold; font-style: italic;">getConfigProfiles()</span>.<br>
|
||||
If the profile is changed then the login replaces the config object in <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['config']</span>
|
||||
by a new one. Then the main login page is loaded and uses the new
|
||||
values.<br>
|
||||
<br>
|
||||
<h3>Environment checks</h3>
|
||||
LAM checks if all needed PHP extensions are installed.<br>
|
||||
<ul>
|
||||
<li><span style="font-weight: bold;">LDAP:</span> PHP needs LDAP
|
||||
support</li>
|
||||
<li><span style="font-weight: bold;">Gettext:</span> needed for
|
||||
translation<br>
|
||||
</li>
|
||||
</ul>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,376 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - Account pages</title>
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Account pages<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Loading the LDAP attributes<br>
|
||||
</h2>
|
||||
Every time the user selects an existing account to modify LAM will load
|
||||
the complete LDAP entry of it. Your module then should select the
|
||||
attributes which are useful for it.<br>
|
||||
There are two variables in <span style="font-style: italic;">baseModule</span>
|
||||
which should be used to store the attributes. The <span style="font-weight: bold;">$attributes</span> variable stores the
|
||||
current attributes including changes the user made. The <span style="font-weight: bold;">$orig</span> variable stores the attributes
|
||||
as they were originally when the account was loaded. This allows you to
|
||||
see what changes were made.<br>
|
||||
<br>
|
||||
The <span style="font-weight: bold;">load_attributes()</span> function
|
||||
in your module gets the complete attribute list from LDAP.<br>
|
||||
In most cases you will not need to implement this function because the
|
||||
parent class baseModule loads attributes based on your meta data.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span> uses an
|
||||
object class and the <span style="font-style: italic;">'macAddress'</span>
|
||||
attribute. Therefore we will save these two values.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* This function loads all needed attributes into the
|
||||
object.<br>
|
||||
*<br>
|
||||
* @param array $attr an array as it is retured from
|
||||
ldap_get_attributes<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
|
||||
|
||||
$this->attributes['objectClass'] = array();<br>
|
||||
|
||||
$this->attributes['macAddress'] = array();<br>
|
||||
$this->orig['objectClass'] =
|
||||
array();<br>
|
||||
$this->orig['macAddress'] =
|
||||
array();<br>
|
||||
if (isset($attr['objectClass'])) {<br>
|
||||
|
||||
$this->attributes['objectClass'] = $attr['objectClass'];<br>
|
||||
|
||||
$this->orig['objectClass'] = $attr['objectClass'];<br>
|
||||
}<br>
|
||||
if (isset($attr['macAddress'])) {<br>
|
||||
|
||||
$this->attributes['macAddress'] = $attr['macAddress'];<br>
|
||||
|
||||
$this->orig['macAddress'] = $attr['macAddress'];<br>
|
||||
}<br>
|
||||
return 0;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Page display</h2>
|
||||
Now that you have defined your subpages you will need one function for
|
||||
each page to display it. The function must return <span style="font-style: italic;">meta HTML code</span> as defined in the <span style="font-style: italic;">modules specification</span>.<br>
|
||||
This function is called <span style="font-weight: bold;">display_html_<page
|
||||
name>()</span> where <span style="font-style: italic;"><page
|
||||
name></span> is the name of your subpage.<br>
|
||||
<br>
|
||||
See also baseModule::addSimpleInputTextField() and
|
||||
baseModule::addMultiValueInputTextField()/processMultiValueInputTextField()
|
||||
if you only want to add some simple text fields.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The
|
||||
<span style="font-style: italic;">ieee802Device</span>
|
||||
module has only one subpage called <span style="font-style: italic;">'attributes'</span>.<br>
|
||||
<br>
|
||||
The first half of the code displays the existing MAC addresses and the
|
||||
second an input field for new values.<br>
|
||||
The variable <span style="font-style: italic;">$this->attributes</span>
|
||||
contains the LDAP attributes which are useful for this module.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* This function will create the meta HTML code to
|
||||
show a page with all attributes.<br>
|
||||
*<br>
|
||||
* @return htmlElement HTML meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">display_html_attributes</span>() {<br> $return = new htmlTable();<br>
|
||||
$macCount = 0;<br>
|
||||
// list current MACs<br>
|
||||
if (isset($this->attributes['macAddress'])) {<br>
|
||||
$macCount = sizeof($this->attributes['macAddress']);<br>
|
||||
for ($i = 0;
|
||||
$i < sizeof($this->attributes['macAddress']); $i++) {<br>
|
||||
|
||||
$return->addElement(new htmlOutputText(_('MAC
|
||||
address')));<br>
|
||||
|
||||
$macInput = new htmlInputField('macAddress' . $i,
|
||||
$this->attributes['macAddress'][$i]);<br>
|
||||
$macInput->setFieldSize(17);<br>
|
||||
$macInput->setFieldMaxLength(17);<br>
|
||||
$return->addElement($macInput);<br>
|
||||
|
||||
$return->addElement(new htmlButton('delMAC' . $i,
|
||||
'del.png', true));<br>
|
||||
|
||||
$return->addElement(new htmlHelpLink('mac'),
|
||||
true);<br>
|
||||
}<br>
|
||||
}<br>
|
||||
// input box for new MAC<br>
|
||||
$return->addElement(new htmlOutputText(_('New MAC address')));<br>
|
||||
$newMacInput = new htmlInputField('macAddress', '');<br>
|
||||
$newMacInput->setFieldSize(17);<br>
|
||||
$newMacInput->setFieldMaxLength(17);<br>
|
||||
$return->addElement($newMacInput);<br>
|
||||
$return->addElement(new htmlButton('addMAC', 'add.png', true));<br>
|
||||
$return->addElement(new htmlHelpLink('mac'));<br>
|
||||
$return->addElement(new htmlHiddenInput('mac_number', $macCount));<br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>3. Processing input data<br>
|
||||
</h2>
|
||||
Every time the user clicks on a submit button while your page is
|
||||
displayed LAM will call a function in your module.<br>
|
||||
This function is called <span style="font-weight: bold;">process_<page
|
||||
name>()</span> where <span style="font-style: italic;"><page
|
||||
name></span> is the name of your subpage.<br>
|
||||
<br>
|
||||
If all input data is ok then return an empty array. If you return one or more error messages then the user will be
|
||||
redirected to your page.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The
|
||||
<span style="font-style: italic;">ieee802Device</span>
|
||||
module has only one subpage called <span style="font-style: italic;">'attributes'</span>
|
||||
and therefore only <span style="font-style: italic;">process_attributes()</span>.<br>
|
||||
<br>
|
||||
The function checks the input fields and fills the LDAP attributes. If
|
||||
all is ok it will enable the user to move to another module page.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Write variables into object and do some regex
|
||||
checks<br>
|
||||
*<br>
|
||||
* @param array $post HTTP-POST values<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">process_attributes</span>($post) {<br>
|
||||
$errors = array();<br>
|
||||
|
||||
$this->attributes['macAddress'] = array();<br>
|
||||
// check old MACs<br>
|
||||
if (isset($post['mac_number'])) {<br>
|
||||
for ($i = 0;
|
||||
$i < $post['mac_number']; $i++) {<br>
|
||||
|
||||
if (isset($post['delMAC' . $i])) continue;<br>
|
||||
|
||||
if (isset($post['macAddress' . $i]) &&
|
||||
($post['macAddress' . $i] != "")) {<br>
|
||||
|
||||
// check if address has correct
|
||||
format<br>
|
||||
|
||||
if (!get_preg($post['macAddress'
|
||||
. $i], 'macAddress')) {<br>
|
||||
|
||||
$message =
|
||||
$this->messages['mac'][0];<br>
|
||||
|
||||
$message[] =
|
||||
$post['macAddress' . $i];<br>
|
||||
|
||||
$errors[] = $message;<br>
|
||||
|
||||
}<br>
|
||||
|
||||
|
||||
$this->attributes['macAddress'][] = $post['macAddress' . $i];<br>
|
||||
|
||||
}<br>
|
||||
}<br>
|
||||
}<br>
|
||||
// check new MAC<br>
|
||||
if (isset($post['macAddress'])
|
||||
&& ($post['macAddress'] != "")) {<br>
|
||||
// check if
|
||||
address has correct format<br>
|
||||
if
|
||||
(get_preg($post['macAddress'], 'macAddress')) {<br>
|
||||
|
||||
$this->attributes['macAddress'][] =
|
||||
$post['macAddress'];<br>
|
||||
}<br>
|
||||
else {<br>
|
||||
|
||||
$message =
|
||||
$this->messages['mac'][0];<br>
|
||||
|
||||
$message[] = $post['macAddress'];<br>
|
||||
|
||||
$errors[] = $message;<br>
|
||||
}<br>
|
||||
}<br>
|
||||
|
||||
$this->attributes['macAddress'] =
|
||||
array_unique($this->attributes['macAddress']);<br>
|
||||
return $errors;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>4. Defining that your module is ready for user input and LDAP
|
||||
add/modify</h2>
|
||||
In most cases you will not need to implement these functions. The <span style="font-style: italic;">baseModule</span> will return <span style="font-style: italic;">true</span> for both functions.<br>
|
||||
<br>
|
||||
<span style="text-decoration: underline;"><br>
|
||||
There are two functions which control the module status:</span><br style="text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-weight: bold;">module_ready()</span> function
|
||||
has to
|
||||
return <span style="font-style: italic;">true</span> if the user may
|
||||
move to your module page. If it is <span style="font-style: italic;">false</span>
|
||||
the user will be shown an error message that your module is not yet
|
||||
ready. You can use this if your module depends on input data from other
|
||||
modules (e.g. you need the user name from posixAccount first).<br>
|
||||
<br>
|
||||
The second function is
|
||||
<span style="font-weight: bold;">module_complete()</span>. The user
|
||||
cannot do the LDAP operation if one or more modules return <span style="font-style: italic;">false</span>. This defines if all needed
|
||||
input data for your module was entered.<br>
|
||||
Use this function if you want to check that all required attributes are
|
||||
set.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">sambaSamAccount</span>
|
||||
module needs the user's <span style="font-style: italic;">uidNumber</span>
|
||||
and <span style="font-style: italic;">gidNumber</span> before it can
|
||||
accept input and the account needs a <span style="font-style: italic;">sambaSID</span>
|
||||
before it can be saved.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* This function is used to check if this module page
|
||||
can be displayed.<br>
|
||||
* It returns false if a module depends on data from
|
||||
other modules which was not yet entered.<br>
|
||||
*<br>
|
||||
* @return boolean true, if page can be displayed<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">module_ready</span>() {<br>
|
||||
if
|
||||
($_SESSION[$this->base]->module['posixAccount']->attributes['gidNumber'][0]=='')
|
||||
return false;<br>
|
||||
if
|
||||
($_SESSION[$this->base]->module['posixAccount']->attributes['uidNumber'][0]=='')
|
||||
return false;<br>
|
||||
if
|
||||
($this->attributes['uid'][0]=='') return false;<br>
|
||||
return true;<br>
|
||||
}<br>
|
||||
<br>
|
||||
/**<br>
|
||||
* This functions is used to check if all settings
|
||||
for this module have been made.<br>
|
||||
*<br>
|
||||
* @return boolean true, if settings are complete<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">module_complete</span>() {<br>
|
||||
if (!$this->module_ready())
|
||||
return false;<br>
|
||||
if
|
||||
($this->attributes['sambaSID'][0] == '') return false;<br>
|
||||
return true;<br>
|
||||
}<br>
|
||||
<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>5. Saving the LDAP attributes<br>
|
||||
</h2>
|
||||
In most cases you will not have to implement this option if you use <span style="font-weight: bold;">$this->attributes</span> and <span style="font-weight: bold;">$this->orig</span> to manage the LDAP
|
||||
attributes. The <span style="font-style: italic;">baseModule</span>
|
||||
will generate the save comands for you.<br>
|
||||
<br>
|
||||
When all modules report that they are ready for LDAP add/modify and the
|
||||
user clicks on the add/modify button your module will be asked what
|
||||
changes have to be made.<br>
|
||||
This is done in the function <span style="font-weight: bold;">save_attributes()</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">kolabUser</span> module uses
|
||||
this function to make sure that its object class is saved. Other
|
||||
modules (e.g. quota) use it build the lamdaemon commands.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns a list of modifications which have to be
|
||||
made to the LDAP account.<br>
|
||||
*<br>
|
||||
* @return array list of modifications<br>
|
||||
* <br>This function returns an array with 3
|
||||
entries:<br>
|
||||
* <br>array( DN1 ('add' => array($attr),
|
||||
'remove' => array($attr), 'modify' => array($attr)), DN2 .... )<br>
|
||||
* <br>DN is the DN to change. It may be
|
||||
possible to change several DNs (e.g. create a new user and add him to
|
||||
some groups via attribute memberUid)<br>
|
||||
* <br>"add" are attributes which have to be
|
||||
added to LDAP entry<br>
|
||||
* <br>"remove" are attributes which have to be
|
||||
removed from LDAP entry<br>
|
||||
* <br>"modify" are attributes which have to
|
||||
been modified in LDAP entry<br>
|
||||
*/<br>
|
||||
function save_attributes() {<br>
|
||||
// add object class if needed<br>
|
||||
if
|
||||
(!isset($this->attributes['objectClass']) ||
|
||||
!in_array('kolabInetOrgPerson', $this->attributes['objectClass'])) {<br>
|
||||
|
||||
$this->attributes['objectClass'][] = 'kolabInetOrgPerson';<br>
|
||||
}<br>
|
||||
return parent::save_attributes();<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,98 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - Basic concepts</title>
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Basic concepts<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Licensing</h2>
|
||||
LAM is licensed under the <a href="http://www.gnu.org/licenses/gpl.txt">GNU
|
||||
General Public License</a>. This means your plugins need a compatible
|
||||
license.<br>
|
||||
LAM is distributed with a copy of the GPL license.<br>
|
||||
<br>
|
||||
<h2>2. Naming and position in directory structure</h2>
|
||||
<br>
|
||||
Module names are usually named after the object class they manage.
|
||||
However, you can use any name you want, it should be short and
|
||||
containing only a-z and 0-9. The module name is only shown in the
|
||||
configuration dialog, on all other pages LAM will show a provided <span style="font-style: italic;">alias</span> name.<br>
|
||||
All account modules are stored in <span style="font-weight: bold;">lib/modules</span>.
|
||||
The filename must end with <span style="font-weight: bold;">.inc</span>
|
||||
and the file must have the same name as its inside class.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span>
|
||||
Our example module will provide the <span style="font-weight: bold;">class
|
||||
ieee802Devic</span><span style="font-style: italic; font-weight: bold;">e</span>,
|
||||
therefore the file will be called <span style="font-weight: bold;">lib/modules/ieee802Devic</span><span style="font-style: italic; font-weight: bold;">e.inc</span>.<span style="font-style: italic;"></span><br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>3. Defining the class</h2>
|
||||
All module classes have <span style="font-weight: bold;">baseModule</span>
|
||||
as parent class. This provides common functionality and dummy functions
|
||||
for all required class functions.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Example:</span><br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;">/**<br>
|
||||
* Provides MAC addresses for hosts.<br>
|
||||
*<br>
|
||||
* @package modules<br>
|
||||
*/<span style="font-weight: bold;"><br>
|
||||
class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span>
|
||||
<span style="font-style: italic;">extends </span><span style="font-weight: bold;">baseModule</span> {<br>
|
||||
<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<h2>4. Meta data</h2>
|
||||
The module interface inludes a lot of required and optional functions.
|
||||
Many of these functions do not need to be implemented directly in the
|
||||
module, you can define <span style="font-weight: bold;">meta data</span>
|
||||
for them and the <span style="font-weight: bold;">baseModule</span>
|
||||
will do the rest.<br>
|
||||
Providing <span style="font-weight: bold;">meta data</span> is
|
||||
optional, you can implement the required functions in your class, too.<br>
|
||||
<br>
|
||||
The <span style="font-weight: bold;">baseModule</span> reads the <span style="font-weight: bold;">meta data</span> by calling <span style="font-weight: bold;">get_metaData()</span> in your class.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">get_metaData</span>() {<br>
|
||||
$return = array();<br>
|
||||
// icon<br>
|
||||
$return['icon'] = 'user.png';<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
You will see this functions several times in the next parts of this
|
||||
HowTo.<br>
|
||||
<br>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,145 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - Configuration options</title>
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<h1>Module HowTo - Configuration options<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
There might be situations where you want to give the user the
|
||||
possibility to make general settings which are not useful to place on
|
||||
the account detail pages or profile editor.<br>
|
||||
Therefore LAM allows the modules to define their own configuration
|
||||
options. E.g. the <span style="font-style: italic;">posixAccount</span>
|
||||
module uses this to define the ranges for the UIDs.<br>
|
||||
LAM will display your configuration options only if the user also
|
||||
selected your module.<br>
|
||||
</div>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Defining configuration options<br>
|
||||
</h2>
|
||||
First you have to define what options you want to offer the user. LAM
|
||||
will display all options in one fieldset for each module. Please notice
|
||||
that there will be no separation on account types if you module is
|
||||
suitable for different account types.<br>
|
||||
<br>
|
||||
The configuration options are specified with <span style="font-weight: bold;">get_configOptions()</span>
|
||||
or <span style="font-weight: bold;">meta['config_options']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixGroup</span> module offers several configuration options including the min/maximum values for GIDs.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// configuration options<br>
|
||||
$configContainer = new htmlTable();<br>
|
||||
$configContainer->addElement(new htmlSubTitle(_("Groups")), true);<br>
|
||||
$minGidInput = new
|
||||
htmlTableExtendedInputField(_('Minimum GID number'),
|
||||
'posixGroup_minGID', null, 'minMaxGID');<br>
|
||||
$minGidInput->setRequired(true);<br>
|
||||
$configContainer->addElement($minGidInput, true);<br>
|
||||
$maxGidInput = new
|
||||
htmlTableExtendedInputField(_('Maximum GID number'),
|
||||
'posixGroup_maxGID', null, 'minMaxGID');<br>
|
||||
$maxGidInput->setRequired(true);<br>
|
||||
$configContainer->addElement($maxGidInput, true);<br>
|
||||
$return[<span style="color: red;">'config_options'</span>][<span style="color: red;">'group'</span>] = $configContainer;<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
The min/maximum GID numbers are defined with simple text boxes.<br><br>
|
||||
<h2>2. Checking user input</h2>
|
||||
Probably you also want to check if the input data is syntactically
|
||||
correct.<br>
|
||||
The <span style="font-style: italic;">baseModule</span> already
|
||||
provides different checks which can be activated with <span style="font-style: italic;">meta data</span>. However you can also do
|
||||
the checking in the module.<br>
|
||||
Implementing the function <span style="font-weight: bold;">check_configOptions()</span>
|
||||
in your module will allow you to do the checks yourself. Basic checks
|
||||
can be defined with <span style="font-weight: bold;">meta['config_checks']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixGroup</span> module only
|
||||
needs to check if the GID numbers are correct. The password hash type
|
||||
needs not to be checked as it is a selection.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// configuration checks<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['posixGroup_minGID'] =
|
||||
array (<br>
|
||||
'type' =>
|
||||
'ext_preg',<br>
|
||||
'regex' =>
|
||||
'digit',<br>
|
||||
'required'
|
||||
=> true,<br>
|
||||
|
||||
'required_message' => $this->messages['gidNumber'][5],<br>
|
||||
|
||||
'error_message' => $this->messages['gidNumber'][5]);<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['posixGroup_maxGID'] =
|
||||
array (<br>
|
||||
'type' =>
|
||||
'ext_preg',<br>
|
||||
'regex' =>
|
||||
'digit',<br>
|
||||
'required'
|
||||
=> true,<br>
|
||||
|
||||
'required_message' => $this->messages['gidNumber'][6],<br>
|
||||
|
||||
'error_message' => $this->messages['gidNumber'][6]);<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['cmpGID'] = array (<br>
|
||||
'type' =>
|
||||
'int_greater',<br>
|
||||
'cmp_name1'
|
||||
=> 'posixGroup_maxGID',<br>
|
||||
'cmp_name2'
|
||||
=> 'posixGroup_minGID',<br>
|
||||
|
||||
'error_message' => $this->messages['gidNumber'][7]);<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
The type <span style="font-weight: bold;">"ext_preg"</span> means that
|
||||
the <span style="font-style: italic;">baseModule</span> will use the <span style="font-style: italic;">get_preg()</span> function in <span style="font-style: italic;">lib/account.inc</span> for the syntax
|
||||
check. This function already contains regular expressions for the most
|
||||
common cases.<br>
|
||||
To check if the minimum GID is smaller than the maximum GID we define a
|
||||
check for the nonexistant option "cmpGID" and define it as optional.
|
||||
This will do the comparison check.<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,56 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Module HowTo - Defining required extensions</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Defining required extensions<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
Your account module might require special PHP extensions. LAM can check
|
||||
this for you and display an error message at the login page.<br>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;">You will need to implement the function <span
|
||||
style="font-weight: bold;">getRequiredExtensions()</span> or use <span
|
||||
style="font-weight: bold;">meta['extensions']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
|
||||
style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixAccount</span> module needs
|
||||
to generate password hashes. Therefore it needs the Hash extension.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||
border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// PHP extensions<br>
|
||||
$return["extensions"] =
|
||||
array("hash");<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,321 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - General module options</title>
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - General module options<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Account types<br>
|
||||
</h2>
|
||||
LAM provides multiple account types (e.g. users, groups, hosts).<span style="font-weight: bold;"><br>
|
||||
</span>A module can manage one or more account types.<br>
|
||||
<br>
|
||||
The types are specified with <span style="font-weight: bold;">can_manage()</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
Our <span style="font-style: italic;">ieee802Device</span>
|
||||
module will be used only for host accounts.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns true if this module can manage accounts of the current type, otherwise false.<br>
|
||||
* <br>
|
||||
* @return boolean true if module fits<br>
|
||||
*/<br>
|
||||
public function <span style="color: red;">can_manage()</span> {<br>
|
||||
return $this->get_scope() == 'host';<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Base modules<br>
|
||||
</h2>
|
||||
In LDAP every entry needs exactly one <span style="font-style: italic;">structural
|
||||
object class</span>. Therefore all modules which provide a <span style="font-style: italic;">structural object class</span> are marked
|
||||
as <span style="font-weight: bold;">base module</span>.<br>
|
||||
<br>
|
||||
This is done with <span style="font-weight: bold;">is_base_module()</span>
|
||||
or <span style="font-weight: bold;">meta['is_base']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetOrgPerson</span>
|
||||
module manages the structural object class "inetOrgPerson" and
|
||||
therefore is a <span style="font-weight: bold;">base module</span>.<br>
|
||||
If your module is not a base module you can skip the meta data for
|
||||
this, default is <span style="font-style: italic;">false</span>.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// base module<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return["is_base"] = true;</span><br style="color: rgb(255, 0, 0);">
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>3. Alias name</h2>
|
||||
The module name is very limited, therefore every module has an <span style="font-style: italic;">alias name</span>. This <span style="font-style: italic;">alias name</span> has no limitations and
|
||||
can be translated. It may contain special characters but make sure that
|
||||
it does not contain HTML special characters like "<".<br>
|
||||
The <span style="font-style: italic;">alias name </span>can be the
|
||||
same for all managed <span style="font-style: italic;">account types</span>
|
||||
or differ for each type.<br>
|
||||
<br>
|
||||
The <span style="font-style: italic;">alias name</span> is specified
|
||||
with <span style="font-weight: bold;">get_alias()</span>
|
||||
or <span style="font-weight: bold;">meta['alias']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
Our <span style="font-style: italic;">ieee802Device</span>
|
||||
module will get the alias MAC address.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// alias name<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return["alias"] = _("MAC address");</span><br style="color: rgb(255, 0, 0);">
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>4. Dependencies</h2>
|
||||
Modules can depend on eachother. This is useful if you need to access
|
||||
attributes from other modules or the managed object classes of your
|
||||
module are not structural.<br>
|
||||
<br>
|
||||
The dependencies are specified with <span style="font-weight: bold;">get_dependencies()</span>
|
||||
or <span style="font-weight: bold;">meta['dependencies']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
Our <span style="font-style: italic;">ieee802Device</span>
|
||||
module depends on the account module (because it is the only structural
|
||||
module at this time).<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// module dependencies<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['dependencies'] = array('depends' =>
|
||||
array('account'), 'conflicts' => array());</span><br style="color: rgb(255, 0, 0);">
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>5. Messages</h2>
|
||||
There are many situations where you will display messages to the user.
|
||||
The modules should define such messages at a common place to make it
|
||||
easier to modify them without searching the complete file.<br>
|
||||
The <span style="font-style: italic;">baseModule</span> offers the $<span style="font-weight: bold;">messages</span> variable for this. It
|
||||
should be filled by a function called <span style="font-weight: bold;">load_Messages()</span>.<br>
|
||||
The <span style="font-style: italic;">baseModule</span> will
|
||||
automatically check if you have implemented this function and call it
|
||||
at construction time.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
Now let our <span style="font-style: italic;">ieee802Device</span>
|
||||
module define a message.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* This function fills the error message array with
|
||||
messages<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_Messages</span>() {<br>
|
||||
$this->messages['mac'][0] =
|
||||
array('ERROR', 'MAC address is invalid!'); // third array value
|
||||
is set dynamically<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>6. Managed object classes<br>
|
||||
</h2>
|
||||
<h2></h2>
|
||||
You can tell LAM what object classes are managed by your module.<br>
|
||||
LAM will then check the spelling of the objectClass attributes and
|
||||
correct it automatically. This is useful if other applications (e.g.
|
||||
smbldap-tools) also create accounts and the spelling is differnt.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span> module
|
||||
manages one object class.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// managed object classes<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['objectClasses'] = array('ieee802Device');</span><br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>7. Known LDAP aliases<br>
|
||||
</h2>
|
||||
LDAP attributes can have several names (e.g. "cn" and "commonName" are
|
||||
the same). If you manage such attributes then tell LAM about the alias
|
||||
names.<br>
|
||||
LAM will then convert all alias names to the given attribute names
|
||||
automatically.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixGroup</span> module manages
|
||||
the "cn" attribute. This attribute is also known under the alias
|
||||
"commonName".<br>
|
||||
This way the module will never see attributes called "commonName"
|
||||
because LAM renames them as soon as the LDAP entry is loaded.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// LDAP aliases<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['LDAPaliases'] = array('commonName' =>
|
||||
'cn');</span><br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
<h2>8. Icon<br>
|
||||
</h2>
|
||||
You can specify a icon for you module. It will be displayed on the
|
||||
account pages and other module specific places (e.g. file upload).<br>
|
||||
The icons must be 32x32 pixels in size. The location is relative to the <span style="font-style: italic;">graphics</span> directory.<br>
|
||||
|
||||
<br>
|
||||
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||
|
||||
<br>
|
||||
|
||||
The <span style="font-style: italic;">posixGroup</span> module uses the "tux.png" from the graphics directory.<br>
|
||||
|
||||
<br>
|
||||
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br> // icon<br>
|
||||
<span style="color: rgb(255, 0, 0);">$return['icon'] = 'tux.png';</span><br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
|
||||
|
||||
|
||||
</body></html>
|
|
@ -0,0 +1,89 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Module HowTo - Help entries</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Help entries<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Defining help entries<br>
|
||||
</h2>
|
||||
Your module should provide help for all input fields and other
|
||||
important things.<br>
|
||||
The LAM help system defines an extra ID range for each module. So you
|
||||
are free in defining your own IDs.<br>
|
||||
<br>
|
||||
The help entries are specified with <span style="font-weight: bold;">get_help()</span>
|
||||
or <span style="font-weight: bold;">meta['help']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
|
||||
style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span>
|
||||
module needs help entries for the MAC address.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||
border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
// help Entries</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['help'] = array(</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'mac' => array(</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
"Headline"
|
||||
=> _("MAC address"),</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
"Text" =>
|
||||
_("This is the MAC address of the network card of the device (e.g.
|
||||
00:01:02:DE:EF:18).")</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
),</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'macList' => array(</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
"Headline"
|
||||
=> _("MAC address list"),</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
"Text" =>
|
||||
_("This is a comma separated list of MAC addresses.")</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
));</span><br
|
||||
style="color: rgb(255, 0, 0);">
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,61 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>LAM module HowTo</title>
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;">
|
||||
<h2>Basic functions</h2>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;">LAM can be easily extended to support
|
||||
additional LDAP object classes and attributes.<br>
|
||||
This document provides a step-by-step description to build an account
|
||||
module. The <span style="font-style: italic;">ieee802Device</span>
|
||||
module which provides MAC addresses for hosts is used as example.<br>
|
||||
<br>
|
||||
<h3><a href="mod_basics.htm">1. Basic concepts</a><br>
|
||||
</h3>
|
||||
|
||||
<h3><a href="mod_general.htm">2. General module options</a></h3>
|
||||
|
||||
<h3><a href="mod_accountPages.htm">3. Account pages</a></h3>
|
||||
|
||||
<h3><a href="mod_help.htm">4. Help entries<br>
|
||||
</a></h3>
|
||||
|
||||
<h3><a href="mod_pdf.htm">5. PDF output<br>
|
||||
</a></h3>
|
||||
|
||||
<h3><a href="mod_upload.htm">6. File upload</a></h3>
|
||||
<br>
|
||||
<hr style="width: 100%; height: 2px;"><br>
|
||||
<h2>Advanced functions</h2>
|
||||
This part covers additional functionality of the modules which are only
|
||||
needed by a minority of modules. The examples are taken from different
|
||||
existing modules.<br>
|
||||
<br>
|
||||
<h3><a href="mod_profiles.htm">1. Account profiles</a></h3>
|
||||
|
||||
<h3><a href="mod_config.htm">2. Configuration options</a></h3>
|
||||
|
||||
<h3><a href="mod_upload2.htm">3. Advanced upload options</a></h3>
|
||||
|
||||
<h3><a href="mod_rdn.htm">4. Defining the RDN</a></h3>
|
||||
|
||||
<h3><a href="mod_ext.htm">5. Defining required PHP extensions</a></h3>
|
||||
<h3><a href="mod_selfService.htm">6. Self service</a></h3>
|
||||
<h3><a href="mod_jobs.htm">7. Jobs</a></h3>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,96 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head>
|
||||
<title>Module HowTo - Jobs</title>
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
|
||||
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
|
||||
</head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Jobs<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
Jobs can be used to run actions in regular intervals like daily.<br>
|
||||
They are configured on tab "Jobs" in LAM server profile.<br>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;">See ppolicyUser module for an example.<br>
|
||||
<br>
|
||||
<h2>Adding the job class</h2>
|
||||
The module defines the list of suuported jobs with function
|
||||
getSupportedJobs().<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns a list of jobs that can be run.<br>
|
||||
*<br>
|
||||
* @param LAMConfig $config configuration<br>
|
||||
* @return array list of jobs<br>
|
||||
*/<br>
|
||||
public function getSupportedJobs(&$config) {<br>
|
||||
return array(<br>
|
||||
new
|
||||
PPolicyPasswordNotifyJob()<br>
|
||||
);<br>
|
||||
}<br>
|
||||
<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>The job class itself can be in the module file or in any file
|
||||
included
|
||||
by the module file. Please add the class definition in an interface
|
||||
check as the example below. The job interface is not loaded on all
|
||||
pages.<br>
|
||||
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;">if (interface_exists('\LAM\JOB\Job')) {<br>
|
||||
<br>
|
||||
/**<br>
|
||||
* Job to notify users about password expiration.<br>
|
||||
*<br>
|
||||
* @package jobs<br>
|
||||
*/<br>
|
||||
class PPolicyPasswordNotifyJob implements \LAM\JOB\Job {<br>
|
||||
[...]<br>
|
||||
<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<h2>Basic job attributes</h2>
|
||||
Each job needs to provide a unique name, icon, alias and job
|
||||
description. You need also to specify if multiple configurations of the
|
||||
same job are allowed on a server profile.<br>
|
||||
<br>
|
||||
If your job requires any configuration options then use get/checkConfigOptions() functions.<br>
|
||||
<br>
|
||||
<h2>Database</h2>
|
||||
Jobs can access a database to read and store data about job runs. Use
|
||||
this e.g. if you need to save any status information accross job runs.<br>
|
||||
Database access is specified with needsDatabaseAccess().<br>
|
||||
<br>
|
||||
There is a built-in database upgrade mechanism. Your job must return
|
||||
its current schema version with getDatabaseSchemaVersion() and LAM will
|
||||
call updateSchemaVersion() whenever it detects a higher version in job
|
||||
class than on database.<br>
|
||||
<br>
|
||||
<h2>Execution</h2>
|
||||
When jobs are run the the execute() function is called. Please put all your logic in there.<br>
|
||||
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body></html>
|
|
@ -0,0 +1,95 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - PDF output</title>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - PDF output<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Defining possible PDF values<br>
|
||||
</h2>
|
||||
The first step to PDF output is defining what values your module
|
||||
provides. This is needed for the PDF editor, otherwise the user will
|
||||
not be able to select values from your module.<br>
|
||||
<br>
|
||||
The PDF values are specified with <span style="font-weight: bold;">get_pdfFields()</span>
|
||||
or <span style="font-weight: bold;">meta['PDF_fields']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span>
|
||||
module has only one attribute and therefore one PDF value: the MAC
|
||||
address.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
[...]<br>
|
||||
// available PDF fields<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['PDF_fields'] = array(</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'macAddress' => _('MAC address')</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
);</span><br style="color: rgb(255, 0, 0);">
|
||||
return $return;<br>
|
||||
}<br>
|
||||
<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Providing data to put into the PDF file<br>
|
||||
</h2>
|
||||
When the user wants to create a PDF file the LDAP account is loaded and
|
||||
you module is asked for data to put into the PDF file.<br>
|
||||
<br>
|
||||
This is done with <span style="font-weight: bold;">get_pdfEntries()</span>. Please use one of <span style="font-style: italic;">baseModule::addSimplePDFField/addPDFKeyValue/addPDFTable() </span>for this task.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span>
|
||||
module will return the MAC address list of the account.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns a list of PDF entries<br>
|
||||
*/<br>
|
||||
function get_pdfEntries() {<br>
|
||||
$return = array();<br>
|
||||
$this->addSimplePDFField($return, 'macAddress', _('MAC addresses'));<br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,170 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - Account profiles</title>
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Account profiles<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
Account profiles make it easy to set default values for new accounts
|
||||
and even to reset an existing account to default values.<br>
|
||||
Your module should provide the possibility to define default values for
|
||||
all attributes which do not differ for each account.<br>
|
||||
</div>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Defining possible profile options<br>
|
||||
</h2>
|
||||
The first step to account profiles is defining the attributes for which
|
||||
the user can set default values. You will also have to define the type
|
||||
(text, checkbox, ...) of the profile options.<br>
|
||||
The profile editor then will display a fieldset for each module
|
||||
containing its profile options.<br>
|
||||
<br>
|
||||
The profile options are specified with <span style="font-weight: bold;">get_profileOptions()</span>
|
||||
or <span style="font-weight: bold;">meta['profile_options']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetOrgPerson</span>
|
||||
module has only two attributes which may be set to a default value: job
|
||||
title and employee type.<br>
|
||||
The other attributes are account specific and not useful as profile
|
||||
options.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// profile elements<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'profile_options'</span>] = array(<br>
|
||||
new
|
||||
htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title',
|
||||
null, 'title'),<br>
|
||||
new htmlTableExtendedInputField(_('Employee type'), 'inetOrgPerson_employeeType', null, 'employeeType')<br>
|
||||
);<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
This defines two text boxes in the profile editor, one for the job
|
||||
title and one for the employee type.<br>
|
||||
Your profile options should also provide a help link because the description
|
||||
of the input element might be not enough.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Checking user input</h2>
|
||||
Probably you also want to check if the input data is syntactically
|
||||
correct.<br>
|
||||
The <span style="font-style: italic;">baseModule</span> already
|
||||
provides different checks which can be activated with <span style="font-style: italic;">meta data</span>. However you can also do
|
||||
the checking in the module.<br>
|
||||
Implementing the function <span style="font-weight: bold;">check_profileOptions()</span>
|
||||
in your module will allow you to do the checks yourself. Basic checks
|
||||
can be defined with <span style="font-weight: bold;">meta['profile_checks']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetOrgPerson</span> module only
|
||||
needs some regular expression checks on the input. This can be done by
|
||||
the <span style="font-style: italic;">baseModule</span>.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// profile checks<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'profile_checks'</span>][<span style="color: rgb(255, 0, 0);">'inetOrgPerson_title'</span>] = array(<br>
|
||||
'type' =>
|
||||
'ext_preg',<br>
|
||||
'regex' =>
|
||||
'title',<br>
|
||||
|
||||
'error_message' => $this->messages['title'][0]);<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'profile_checks'</span>][<span style="color: rgb(255, 0, 0);">'inetOrgPerson_employeeType'</span>] =
|
||||
array(<br>
|
||||
'type' =>
|
||||
'ext_preg',<br>
|
||||
'regex' =>
|
||||
'employeeType',<br>
|
||||
|
||||
'error_message' => $this->messages['employeeType'][0]);<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
The type <span style="font-weight: bold;">"ext_preg"</span> means that
|
||||
the <span style="font-style: italic;">baseModule</span> will use the <span style="font-style: italic;">get_preg()</span> function in <span style="font-style: italic;">lib/account.inc</span> for the syntax
|
||||
check. This function already contains regular expressions for the most
|
||||
common cases.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>3. Loading an account profile</h2>
|
||||
When an account profile is loaded the modules have to check what values
|
||||
they need for their internal data structures.<br>
|
||||
The <span style="font-style: italic;">baseModule</span> already
|
||||
provides the possibility to store profile values directly as LDAP
|
||||
attributes in <span style="font-style: italic;">$this->attributes</span>.
|
||||
This is done by defining profile-attribute mappings in <span style="font-weight: bold;">meta['profile_mappings']</span>.<br>
|
||||
If you have other values than LDAP attributes or need some post
|
||||
processing you can implement the function <span style="font-weight: bold;">load_profile()</span> in your module.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetLocalMailRecipient</span>
|
||||
module only
|
||||
needs a static mapping. This can be done by
|
||||
the <span style="font-style: italic;">baseModule</span>.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// profile mappings<br>
|
||||
$return[<span style="color: rgb(255, 0, 0);">'profile_mappings'</span>] = array(<br>
|
||||
|
||||
'inetLocalMailRecipient_host' => 'mailHost'<br>
|
||||
);<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
In this example the profile option "inetLocalMailRecipient_host" is
|
||||
stored as LDAP attribute "mailHost".<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,60 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Module HowTo - Defining the RDN</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Defining the RDN<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
Every LDAP DN starts with a RDN (relative DN). This is the value of a
|
||||
LDAP attribute. Users usually use "uid", groups use "cn".<br>
|
||||
You can provide a list of suitable RDN attributes for your module and
|
||||
give them a priority, too.<br>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;">You will need to implement the function <span
|
||||
style="font-weight: bold;">get_RDNAttributes()</span> or use <span
|
||||
style="font-weight: bold;">meta['RDN']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
|
||||
style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixAccount</span> module
|
||||
offers to create accounts with DNs uid=foo,dc=.... and cn=foo,dc=...<br>
|
||||
The uid attribute has a higher priority as it is the usual attribute
|
||||
for Unix accounts.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||
border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// RDN attributes<br>
|
||||
$return["RDN"] = array("uid"
|
||||
=> "normal", "cn" => "low");<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,268 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - Self service</title>
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Self service<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
Self service is a LAM Pro feature. It allows your users to manage their own data (e.g. telephone numbers).<br>
|
||||
<br>
|
||||
</div>
|
||||
<div style="text-align: left;">First you need to implement the function <span style="font-weight: bold;">getSelfServiceFields()</span> or use <span style="font-weight: bold;">meta['selfServiceFieldSettings']</span>. Each field
|
||||
has an ID and a descriptive name that will be displayed on the self
|
||||
service page.<br>
|
||||
Your input fields may also be defined as read-only in the self service
|
||||
profile editor. If your fields supports read-only then use
|
||||
canSelfServiceFieldBeReadOnly() or <span style="font-weight: bold;">meta['selfServiceReadOnlyFields']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetOrgPerson</span> module
|
||||
provides lots of possible input fields for the self service.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
$return['selfServiceFieldSettings'] =
|
||||
array('firstName' => _('First name'), 'lastName' => _('Last
|
||||
name'),<br>
|
||||
'mail' =>
|
||||
_('Email address'), 'telephoneNumber' => _('Telephone number'),
|
||||
'mobile' => _('Mobile number'),<br>
|
||||
'faxNumber'
|
||||
=> _('Fax number'), 'street' => _('Street'), 'postalAddress'
|
||||
=> _('Postal address'), 'registeredAddress' => _('Registered
|
||||
address'),<br>
|
||||
'postalCode'
|
||||
=> _('Postal code'), 'postOfficeBox' => _('Post office box'),
|
||||
'jpegPhoto' => _('Photo'),<br>
|
||||
'homePhone'
|
||||
=> _('Home telephone number'), 'roomNumber' => _('Room number'),
|
||||
'carLicense' => _('Car license'),<br>
|
||||
'location'
|
||||
=> _('Location'), 'state' => _('State'), 'officeName' =>
|
||||
_('Office name'), 'businessCategory' => _('Business category'),<br>
|
||||
|
||||
'departmentNumber' => _('Department'), 'initials' =>
|
||||
_('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web
|
||||
site'),<br>
|
||||
'userCertificate' => _('User certificates'));<br>
|
||||
// possible self service read-only fields<br>
|
||||
|
||||
$return['selfServiceReadOnlyFields'] = array('firstName',
|
||||
'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street',<br>
|
||||
|
||||
'postalAddress', 'registeredAddress', 'postalCode',
|
||||
'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense',<br>
|
||||
'location',
|
||||
'state', 'officeName', 'businessCategory', 'departmentNumber',
|
||||
'initials', 'title', 'labeledURI', 'userCertificate');<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
In very rare cases you need to specify self service search attributes.
|
||||
These are used to identify the user inside LDAP. Common examples are
|
||||
"uid" or "mail".<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
|
||||
<br>
|
||||
|
||||
The <span style="font-style: italic;">inetOrgPerson</span> module specifies several search attributes.<br>
|
||||
|
||||
<br>
|
||||
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br> // self service search attributes<br>
|
||||
|
||||
$return['selfServiceSearchAttributes'] = array('uid', 'mail',
|
||||
'cn', 'surname', 'givenName', 'employeeNumber');<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
The HTML code for the user page is generated with the function <span style="font-weight: bold;">getSelfServiceOptions()</span>. It returns one table row for each input field.<br>
|
||||
Please note that some fields may be defined as read-only
|
||||
($readOnlyFields). If $passwordChangeOnly is set then no input fields
|
||||
other than the bind password should be displayed (you will not get any
|
||||
attribute values).<br>
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
The <span style="font-style: italic;">windowsUser</span> module uses
|
||||
the addSimpleSelfServiceTextField() function from baseModule to print
|
||||
the text field. You may also build the table row yourself if the input
|
||||
field is more complex.<br>
|
||||
<br>
|
||||
|
||||
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns the meta HTML code for each input field.<br>
|
||||
* format: array(<field1> => array(<META HTML>), ...)<br>
|
||||
* It is not possible to display help links.<br>
|
||||
*<br>
|
||||
* @param array $fields list of active fields<br>
|
||||
* @param array $attributes attributes of LDAP account<br>
|
||||
* @param boolean $passwordChangeOnly indicates
|
||||
that the user is only allowed to change his password and no LDAP
|
||||
content is readable<br>
|
||||
* @param array $readOnlyFields list of read-only fields<br>
|
||||
* @return array list of meta HTML elements (field name => htmlTableRow)<br>
|
||||
*/<br>
|
||||
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {<br>
|
||||
$return = array();<br>
|
||||
if ($passwordChangeOnly) {<br>
|
||||
return
|
||||
$return; // only password fields as long no LDAP content can be read<br>
|
||||
}<br>
|
||||
|
||||
$this->addSimpleSelfServiceTextField($return,
|
||||
'physicalDeliveryOfficeName', _('Office name'), $fields, $attributes,
|
||||
$readOnlyFields);<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
<br>
|
||||
Of course, the user input should also be validated before making any LDAP changes. This is done in <span style="font-weight: bold;">checkSelfServiceOptions()</span>.<br>
|
||||
The return value includes any error messages to display and also all LDAP operations.<br>
|
||||
Please note that some fields may be defined as read-only
|
||||
($readOnlyFields). If $passwordChangeOnly is set then no input fields
|
||||
other than the bind
|
||||
password should be displayed (you will not get any attribute values).<br>
|
||||
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
The <span style="font-style: italic;">inetOrgPerson</span> module has a field for the user's first name.<br>
|
||||
<br>
|
||||
|
||||
|
||||
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
|
||||
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Checks if all input values are correct and returns the LDAP attributes which should be changed.<br>
|
||||
* <br>Return values:<br>
|
||||
* <br>messages: array of parameters to create status messages<br>
|
||||
* <br>add: array of attributes to add<br>
|
||||
* <br>del: array of attributes to remove<br>
|
||||
* <br>mod: array of attributes to modify<br>
|
||||
* <br>info: array of values with
|
||||
informational value (e.g. to be used later by pre/postModify actions)<br>
|
||||
* <br>
|
||||
* Calling this method does not require the existence of an enclosing {@link accountContainer}.<br>
|
||||
*<br>
|
||||
* @param string $fields input fields<br>
|
||||
* @param array $attributes LDAP attributes<br>
|
||||
* @param boolean $passwordChangeOnly indicates
|
||||
that the user is only allowed to change his password and no LDAP
|
||||
content is readable<br>
|
||||
* @param array $readOnlyFields list of read-only fields<br>
|
||||
* @return array messages and attributes
|
||||
(array('messages' => array(), 'add' => array('mail' =>
|
||||
array('test@test.com')), 'del' => array(), 'mod' => array(),
|
||||
'info' => array()))<br>
|
||||
*/<br>
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {<br>
|
||||
$return = array('messages' =>
|
||||
array(), 'add' => array(), 'del' => array(), 'mod' => array(),
|
||||
'info' => array());<br>
|
||||
if ($passwordChangeOnly) {<br>
|
||||
return $return; // skip processing if only a password change is done<br>
|
||||
}<br>
|
||||
$attributeNames = array(); // list of attributes which should be checked for modification<br>
|
||||
$attributesNew = $attributes;<br>
|
||||
// first name<br>
|
||||
if (in_array('firstName', $fields) && !in_array('firstName', $readOnlyFields)) {<br>
|
||||
$attributeNames[] = 'givenName';<br>
|
||||
if
|
||||
(isset($_POST['inetOrgPerson_firstName']) &&
|
||||
($_POST['inetOrgPerson_firstName'] != '')) {<br>
|
||||
|
||||
if (!get_preg($_POST['inetOrgPerson_firstName'],
|
||||
'realname')) $return['messages'][] = $this->messages['givenName'][0];<br>
|
||||
|
||||
else $attributesNew['givenName'][0] =
|
||||
$_POST['inetOrgPerson_firstName'];<br>
|
||||
}<br>
|
||||
elseif
|
||||
(isset($attributes['givenName'])) unset($attributesNew['givenName']);<br>
|
||||
}<br>
|
||||
[...]<br>
|
||||
</td></tr></tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
The self service also supports configuration settings for each module. See <span style="font-weight: bold;">getSelfServiceSettings() </span>or <span style="font-weight: bold;">meta['selfServiceSettings'] </span>to specify the options.<br>
|
||||
You can validate the input with <span style="font-weight: bold;">checkSelfServiceSettings()</span>.<br>
|
||||
Self service configuration settings are displayed on a separate tab in the self service profile editor.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,162 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head><title>Module HowTo - File upload</title>
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - File upload<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Defining upload columns<br>
|
||||
</h2>
|
||||
If you want to support account creation via file upload you have to
|
||||
define columns in the CSV file.<br>
|
||||
Each column has an non-translated identifier, a description, help entry
|
||||
and several other values.<br>
|
||||
<br>
|
||||
The upload columns are specified with <span style="font-weight: bold;">get_uploadColumns()</span>
|
||||
or <span style="font-weight: bold;">meta['upload_columns']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span>
|
||||
module has only one attribute and therefore one column: the MAC address.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// manages host accounts<br>
|
||||
|
||||
$return["account_types"] = array("host");<br>
|
||||
// upload fields<br>
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
$return['upload_columns'] = array(</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
array(</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'name' =>
|
||||
'ieee802Device_mac',</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'description'
|
||||
=> _('MAC address'),</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'help' =>
|
||||
'mac',</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
'example'
|
||||
=> '00:01:02:DE:EF:18'</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
)</span><br style="color: rgb(255, 0, 0);">
|
||||
<span style="color: rgb(255, 0, 0);">
|
||||
);</span><br>
|
||||
return $return;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Building the accounts<br>
|
||||
</h2>
|
||||
When the user has uploaded the CSV file the modules have to transform
|
||||
the input data to LDAP accounts.<br>
|
||||
<br>
|
||||
This is done with <span style="font-weight: bold;">build_uploadAccounts()</span>.
|
||||
The function gets the input data and a list of LDAP accounts as
|
||||
parameter.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">ieee802Device</span>
|
||||
module has only one LDAP attribute - <span style="font-style: italic;">'macAddress'</span>
|
||||
- and the <span style="font-style: italic;">'ieee802Device'</span>
|
||||
objectClass which is added to all accounts.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* In this function the LDAP account is built up.<br>
|
||||
*<br>
|
||||
* @param array $rawAccounts list of hash arrays
|
||||
(name => value) from user input<br>
|
||||
* @param array $partialAccounts list of hash arrays
|
||||
(name => value) which are later added to LDAP<br>
|
||||
* @param array $ids list of IDs for column position
|
||||
(e.g. "posixAccount_uid" => 5)<br> * @param array $selectedModules list of selected account modules<br>
|
||||
* @return array list of error messages if any<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">build_uploadAccounts</span>($rawAccounts,
|
||||
$ids, &$partialAccounts, $selectedModules) {<br>
|
||||
$messages = array();<br>
|
||||
for ($i = 0; $i <
|
||||
sizeof($rawAccounts); $i++) {<br>
|
||||
// add object
|
||||
class<br>
|
||||
if
|
||||
(!in_array("ieee802Device", $partialAccounts[$i]['objectClass']))
|
||||
$partialAccounts[$i]['objectClass'][] = "ieee802Device";<br>
|
||||
// add MACs<br>
|
||||
if
|
||||
($rawAccounts[$i][$ids['ieee802Device_mac']] != "") {<br>
|
||||
|
||||
$macs = explode(',',
|
||||
$rawAccounts[$i][$ids['ieee802Device_mac']]);<br>
|
||||
|
||||
// check format<br>
|
||||
|
||||
for ($m = 0; $m < sizeof($macs); $m++) {<br>
|
||||
|
||||
if (get_preg($macs[$m],
|
||||
'macAddress')) {<br>
|
||||
|
||||
|
||||
$partialAccounts[$i]['macAddress'][] = $macs[$m];<br>
|
||||
|
||||
}<br>
|
||||
|
||||
else {<br>
|
||||
|
||||
$errMsg =
|
||||
$this->messages['mac'][1];<br>
|
||||
|
||||
|
||||
array_push($errMsg, array($i));<br>
|
||||
|
||||
$messages[] =
|
||||
$errMsg;<br>
|
||||
|
||||
}<br>
|
||||
|
||||
}<br>
|
||||
}<br>
|
||||
}<br>
|
||||
return $messages;<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
|
@ -0,0 +1,123 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Module HowTo - Advanced upload options</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<div style="text-align: center;">
|
||||
<h1>Module HowTo - Advanced upload options<br>
|
||||
</h1>
|
||||
<div style="text-align: left;"><br>
|
||||
The <span style="font-style: italic;">ieee802Device</span> module only
|
||||
needs the basic upload functions for its functionality.<br>
|
||||
However there are more possibilities for the modules to control the
|
||||
file upload.<br>
|
||||
</div>
|
||||
<div style="text-align: left;"><br>
|
||||
<h2>1. Module order<br>
|
||||
</h2>
|
||||
Your module might depend on the input values of another module. In this
|
||||
case you probably want that your module is called as the second one.<br>
|
||||
<br>
|
||||
You can define dependencies to other modules with the function <span
|
||||
style="font-weight: bold;">get_uploadPreDepends()</span> or <span
|
||||
style="font-weight: bold;">meta['upload_preDepends']</span>.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
|
||||
style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">sambaGroupMapping</span> module
|
||||
needs the group name to set the default <span
|
||||
style="font-style: italic;">displayName</span>. Therefore it depends
|
||||
on the <span style="font-style: italic;">posixGroup</span> module<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||
border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* Returns meta data that is interpreted by parent
|
||||
class<br>
|
||||
*<br>
|
||||
* @return array array with meta data<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;"> function</span>
|
||||
get_metaData() {<br>
|
||||
$return = array();<br>
|
||||
// upload dependencies<br>
|
||||
$return[<span
|
||||
style="color: rgb(255, 0, 0);">'upload_preDepends'</span>] =
|
||||
array('posixGroup');<br>
|
||||
[...]<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
<br>
|
||||
<h2>2. Upload post actions<br>
|
||||
</h2>
|
||||
If your module does not only create an account but relates the account
|
||||
with other existing LDAP entries you can do these modifications after
|
||||
the account was created.<br>
|
||||
This is useful for adding users to groups or setting quotas.<br>
|
||||
<br>
|
||||
You have to implement the function <span style="font-weight: bold;">doUploadPostActions()</span>
|
||||
in your module. Since post actions are very special there is no <span
|
||||
style="font-style: italic;">meta data</span> for this.<br>
|
||||
<br>
|
||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
|
||||
style="font-weight: bold; text-decoration: underline;">
|
||||
<br>
|
||||
The <span style="font-style: italic;">posixAccount</span> module
|
||||
offers to put the user account in additional groups. This is done in
|
||||
the post actions.<br>
|
||||
<br>
|
||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||
border="0" cellpadding="2" cellspacing="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"> /**<br>
|
||||
* This function executes one post upload action.<br>
|
||||
*<br>
|
||||
* @param array $data array containing one account in
|
||||
each element<br>
|
||||
* @param array $ids array(<column_name> =>
|
||||
<column number>)<br>
|
||||
* @param array $failed list of accounts which were
|
||||
not created successfully<br>
|
||||
* @param array $temp variable to store temporary
|
||||
data between two post actions<br>
|
||||
* @return array current status<br>
|
||||
* <br> array (<br>
|
||||
* <br> 'status' => 'finished' |
|
||||
'inProgress'<br>
|
||||
* <br> 'progress' => 0..100<br>
|
||||
* <br> 'errors' => array (<array
|
||||
of parameters for StatusMessage>)<br>
|
||||
* <br> )<br>
|
||||
*/<br>
|
||||
<span style="font-weight: bold;">function</span> <span
|
||||
style="color: rgb(255, 0, 0);">doUploadPostActions</span>($data, $ids,
|
||||
$failed, &$temp) {<br>
|
||||
[...]<br>
|
||||
}<br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<br>
|
||||
Please make sure that the actions in one call of <span
|
||||
style="font-weight: bold;">doUploadPostActions()</span> are not very
|
||||
time consuming (only one LDAP operation). Your function will be called
|
||||
repeatedly until you give back the status "finished".<br>
|
||||
This allows LAM to avoid running longer than the maximum execution time
|
||||
by sending meta refreshes to the browser.<br>
|
||||
<span style="font-weight: bold;"></span>
|
||||
<h2><span style="font-weight: bold;"></span></h2>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,37 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html><head>
|
||||
|
||||
|
||||
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Other libraries</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
|
||||
<h1 style="text-align: center;">Other libraries<br>
|
||||
</h1>
|
||||
<br>
|
||||
<h2><a name="lamdaemon"></a>Lamdaemon (lamdaemon.pl)<br>
|
||||
</h2>
|
||||
<br>
|
||||
<h2><a name="lists"></a>Account lists (lists.inc)</h2>
|
||||
This file provides basic functions used by the account lists. They
|
||||
cover major parts of the HTML output.<br>
|
||||
There is also one list of LDAP attribute descriptions per account type.
|
||||
They allow to have translated descriptions of the most common
|
||||
attributes.<br>
|
||||
<br>
|
||||
<h2><a name="status"></a>Status messages (status.inc)</h2>
|
||||
Status.inc provides the function <span style="font-weight: bold; font-style: italic;">StatusMessage()</span>
|
||||
which can be used to display error, warning and information messages.<br>
|
||||
The function uses preg_replace() to convert the special tags to HTML
|
||||
tags. The message variables are included with printf().<br>
|
||||
<br>
|
||||
The parameters of <span style="font-weight: bold; font-style: italic;">StatusMessage()
|
||||
</span>are described in the developer FAQ.<br>
|
||||
<br>
|
||||
<h2><a name="treeSchema"></a>Schema browser</h2>
|
||||
The file schema.inc contains functions which are needed by
|
||||
the schema browser.<br>
|
||||
These functions were copied from <a href="http://sourceforge.net/projects/phpldapadmin/">phpLDAPadmin</a>
|
||||
(PLA).<br>
|
||||
<br>
|
||||
</body></html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>OU editor</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">OU editor<br>
|
||||
</h1>
|
||||
<br>
|
||||
<br>
|
||||
This is a simple tool for creating and deleting organisational units
|
||||
(OU) inside the LDAP tree.<br>
|
||||
OUs can be managed for the LDAP suffixes of all account types.<br>
|
||||
<br>
|
||||
<h2>1. Creating OUs<br>
|
||||
</h2>
|
||||
<span style="font-weight: bold; font-style: italic;"></span>The user
|
||||
provides the name of the new OU which can include a-z, 0-9, "_", "-"
|
||||
and " ".<br>
|
||||
LAM will then create a new OU object under the selected LDAP suffix.<br>
|
||||
<br>
|
||||
<h2>2. Deleting OUs</h2>
|
||||
If the user selects to delete an OU he will be asked if he is really
|
||||
sure and then the OU is deleted.<br>
|
||||
There is no recursive deletion.<br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,108 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>PDF editor</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">PDF editor<br>
|
||||
</h1>
|
||||
<div style="text-align: center;"><br>
|
||||
<img alt="" src="images/lam_pdfEditor.png"
|
||||
style="width: 443px; height: 162px;"><br>
|
||||
</div>
|
||||
<div style="text-align: center;"><br>
|
||||
<br>
|
||||
<div style="text-align: left;">The <span style="font-style: italic;">PDF
|
||||
editor</span> allows the user to create templates for the PDF output.<br>
|
||||
These templates are saved as files in <span style="font-weight: bold;">config/pdf</span>.<br>
|
||||
<br>
|
||||
<h2>Pdfmain.php<br>
|
||||
</h2>
|
||||
This is the start page of the <span style="font-style: italic;">PDF
|
||||
editor</span>. The user can select to add/modify/remove selected PDF
|
||||
profiles.<br>
|
||||
<br>
|
||||
The list of existing PDF profiles is returned by <span
|
||||
style="font-weight: bold;">getPDFStructureDefinitions()</span> in <span
|
||||
style="font-style: italic;">pdfstruct.inc</span>. It includes all
|
||||
structure names without file extensions for a given account type.<br>
|
||||
<br>
|
||||
Depending on the selection of the user he is forwarded to pdfpage.php
|
||||
or pdfdelete.php.<br>
|
||||
<br>
|
||||
<h2>Pdfpage.php<br>
|
||||
</h2>
|
||||
The user can edit the PDF structures on this page.<br>
|
||||
<br>
|
||||
The structure is loaded with <span style="font-weight: bold;">loadPDFStructureDefinitions()</span>
|
||||
from <span style="font-style: italic;">pdfstruct.inc</span>. If it
|
||||
does not yet exist then the default structure is loaded.<br>
|
||||
It is stored in <span style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>
|
||||
(sections) and <span style="font-weight: bold; font-style: italic;">$_SESSION['currentPageDefinitions']</span>
|
||||
(head line and logo).<br>
|
||||
<br>
|
||||
At the top of the page the head line and logo can be edited. The list
|
||||
of available logos is retrieved with <span style="font-weight: bold;">getAvailableLogos()</span>
|
||||
from <span style="font-style: italic;">pdfstruct.inc</span>.<br>
|
||||
<br>
|
||||
The sections on the left side are displayed like they are defined in <span
|
||||
style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>.
|
||||
Each item has links to move or delete it. Section titles may be changed.<br>
|
||||
<br>
|
||||
The list of available PDF entries on the right side is retrieved from <span
|
||||
style="font-weight: bold;">getAvailablePDFFields()</span> in <span
|
||||
style="font-style: italic;">modules.inc</span>.<br>
|
||||
<br>
|
||||
Near the bottom there the user can add a new section. The list of
|
||||
available PDF entries is retrieved as above.<br>
|
||||
<br>
|
||||
When the user pushes one of the buttons or clicks on a link then there
|
||||
are several actions:<br>
|
||||
<ul>
|
||||
<li><span style="font-weight: bold;">Abort button:</span> The user is
|
||||
redirected back to <span style="font-style: italic;">pdfmain.php</span>.<br>
|
||||
</li>
|
||||
<li><span style="font-weight: bold;">Save button:</span> The
|
||||
structure name is checked for correctness and the file is saved with <span
|
||||
style="font-weight: bold;">savePDFStructureDefinitions()</span>
|
||||
from <span style="font-style: italic;">pdfstruct.inc</span><span
|
||||
style="font-weight: bold;">.</span></li>
|
||||
<li><span style="font-weight: bold;">Add section button:</span> LAM
|
||||
adds a static text or section to the structure.</li>
|
||||
<li><span style="font-weight: bold;">Add entry button:</span> Adds a
|
||||
new entry to the selected section.</li>
|
||||
<li><span style="font-weight: bold;">Change name button:</span>
|
||||
Changes the name of the section title or the section attribute.</li>
|
||||
<li><span style="font-weight: bold;">Remove entry link:</span> If the
|
||||
entry is a section then all parts of this section are removed.
|
||||
Otherwise a single entry is removed.</li>
|
||||
<li><span style="font-weight: bold;">Move up/down links:</span> The
|
||||
entry or section is moved up or down.</li>
|
||||
</ul>
|
||||
<br>
|
||||
<span style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>
|
||||
is an array that contains all XML tags of the PDF structure. If you
|
||||
want to modify the structure always remember to put the opening and
|
||||
closing tags at the right place.<br>
|
||||
<br>
|
||||
<h2>Pdfdelete.php</h2>
|
||||
When the user selected to delete a structure in <span
|
||||
style="font-style: italic;">pdfmain.php</span> he is redirected to
|
||||
this page.<br>
|
||||
<br>
|
||||
LAM will ask once again if the user is sure to delete the structure. If
|
||||
this is the case the structure will be deleted with <span
|
||||
style="font-weight: bold;">deletePDFStructureDefinition()</span> from <span
|
||||
style="font-style: italic;">pdfstruct.inc</span>.<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,41 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>PDF (pdf.inc, pdfstruct.inc)</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">PDF (pdf.inc, pdfstruct.inc)<br>
|
||||
</h1>
|
||||
<br>
|
||||
These files control the management of PDF structures and creation of
|
||||
PDF files.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>pdfstruct.inc</h2>
|
||||
This file includes all functions which are needed to manage the PDF
|
||||
structures. You can load/save/delete structures, get a list of
|
||||
available structures and logos.<br>
|
||||
<br>
|
||||
<br>
|
||||
<h2>pdf.inc</h2>
|
||||
The pdf.inc library is used to create a PDF file. <br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">createModulePDF()</span> takes a list
|
||||
of <span style="font-style: italic;">accountContainer</span> objects
|
||||
and a PDF structure as parameters. The function then creates a PDF
|
||||
file, saves it to the <span style="font-style: italic;">tmp</span>
|
||||
folder and returns the file name.<br>
|
||||
<br>
|
||||
<br>
|
||||
The <span style="font-weight: bold;">lamPDF</span> class extends the <span
|
||||
style="font-style: italic;">UFPDF</span> class and adds the LAM
|
||||
specific header and footer.<br>
|
||||
It also defines the used font. Currently only Bitstream-Vera is
|
||||
supported.<br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,100 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta content="text/html; charset=ISO-8859-15"
|
||||
http-equiv="content-type">
|
||||
<title>PDF templates</title>
|
||||
<link rel="stylesheet" type="text/css" href="style/layout.css">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center;">PDF templates<br>
|
||||
</h1>
|
||||
<br>
|
||||
Every PDF structure is saved as a single file in <span
|
||||
style="font-weight: bold;">config/pdf</span>. The
|
||||
file extension is the account type (user, group, ...) plus ".xml" (e.g.
|
||||
default.user.xml).<br>
|
||||
<br>
|
||||
<h2>Format</h2>
|
||||
The root tag is <span style="font-weight: bold;"><pdf></span>
|
||||
with the attributes <span
|
||||
style="font-weight: bold; font-style: italic;">filename</span> for the
|
||||
logo and <span style="font-weight: bold; font-style: italic;">headline</span>
|
||||
for the title.<br>
|
||||
<br>
|
||||
There are two types of subentries in <pdf>:<br>
|
||||
<ul>
|
||||
<li>sections</li>
|
||||
<li>text<br>
|
||||
</li>
|
||||
</ul>
|
||||
<h3>Sections:</h3>
|
||||
Sections are parts of the PDF file where data from the account profiles
|
||||
(e.g. LDAP attributes) is shown. Each section has a title and a list of
|
||||
entries.<br>
|
||||
<br>
|
||||
The title is defined with the <span
|
||||
style="font-weight: bold; font-style: italic;">name</span> attribute
|
||||
inside the section tag. If the title begins with a "_" then LAM
|
||||
interprets it as entry. This means that LAM will insert the value part
|
||||
of this entry here.<br>
|
||||
<br>
|
||||
Each section has a list of subentries which are defined with the <span
|
||||
style="font-weight: bold;"><entry></span> tag. The have only one
|
||||
attribute which is <span style="font-weight: bold;">name</span> and
|
||||
contains the identifier of this entry.<br>
|
||||
<br>
|
||||
<h3>Text:</h3>
|
||||
LAM allows to display a fixed text in the PDF which is defined with the
|
||||
<span style="font-weight: bold;"><text></span> tag. The text is
|
||||
just written inside the tags.<br>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<span style="font-weight: bold;">Example:</span><br
|
||||
style="font-weight: bold;">
|
||||
<br>
|
||||
<pdf type="user" filename="printLogo.jpg" headline="LDAP Account
|
||||
Manager"><br>
|
||||
<text>This document includes your personal
|
||||
account settings.</text><br>
|
||||
<section name="Personal User Infos"><br>
|
||||
<entry
|
||||
name="inetOrgPerson_givenName" /><br>
|
||||
<entry name="inetOrgPerson_sn"
|
||||
/><br>
|
||||
<entry
|
||||
name="inetOrgPerson_street" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_postalCode" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_postalAddress" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_mail" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_telephoneNumber" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_mobileTelephoneNumber" /><br>
|
||||
<entry
|
||||
name="inetOrgPerson_facsimileTelephoneNumber" /><br>
|
||||
</section><br>
|
||||
<section name="Unix User Settings"><br>
|
||||
<entry name="posixAccount_uid"
|
||||
/><br>
|
||||
<entry
|
||||
name="posixAccount_userPassword" /><br>
|
||||
<entry
|
||||
name="posixAccount_primaryGroup" /><br>
|
||||
<entry
|
||||
name="posixAccount_additionalGroups" /><br>
|
||||
<entry
|
||||
name="posixAccount_homeDirectory" /><br>
|
||||
<entry
|
||||
name="posixAccount_loginShell" /><br>
|
||||
</section><br>
|
||||
</pdf><br>
|
||||
<br>
|
||||
<br>
|
||||
</body>
|
||||
</html>
|