password self reset for Samba 4

2013-08-11 18:58:20 +00:00 · 2013-08-11 18:58:20 +00:00 · 66c83efecd
parent 650144364f
commit 66c83efecd
2 changed files with 26 additions and 5 deletions
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -3,7 +3,7 @@ September 2013 4.3
  - LAM Pro:
   -> PPolicy: check password history for password reuse
   -> Custom fields: read-only fields for admin interface and file upload for binary data
-   -> Password self reset: Samba 3 sync, identification with login attribute
+   -> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support
  - fixed bugs:
   -> Custom fields: auto-adding object classes via profile editor fixed
   -> PHP 5.5 compatibility
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@ -2166,11 +2166,32 @@ Have fun!
        security questions in both self service profile(s) and server
        profile(s).</para>

-        <para><emphasis role="bold">Schema</emphasis></para>
+        <para><emphasis role="bold">Schema installation</emphasis></para>

-        <para>Please install the schema that comes with LAM Pro:
-        docs/schema/passwordSelfReset.schema or
-        docs/schema/passwordSelfReset.ldif</para>
+        <para>Please install the schema that comes with LAM Pro.</para>
+
+        <para><emphasis role="underline">OpenLDAP:</emphasis></para>
+
+        <para>Install docs/schema/passwordSelfReset.schema for slapd.conf
+        configuration or docs/schema/passwordSelfReset.ldif for slapd.d
+        configuration.</para>
+
+        <para><emphasis role="underline">Samba 4:</emphasis></para>
+
+        <para>The schema files are
+        docs/schema/passwordSelfReset-Samba4-attributes.ldif and
+        docs/schema/passwordSelfReset-Samba4-objectClass.ldif.</para>
+
+        <para>First, you need to edit them and replace "DOMAIN_TOP_DN" with
+        your LDAP suffix (e.g. dc=samba4,dc=test).</para>
+
+        <para>Then install the attribute and afterwards the object class
+        schema file:</para>
+
+        <literallayout>ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
+
+</literallayout>

        <para>This allows to set a security question + answer for each
        account.</para>