diff --git a/lam/HISTORY b/lam/HISTORY
index 572d00f8..91c5dcaf 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -3,7 +3,7 @@ September 2013 4.3
- LAM Pro:
-> PPolicy: check password history for password reuse
-> Custom fields: read-only fields for admin interface and file upload for binary data
- -> Password self reset: Samba 3 sync, identification with login attribute
+ -> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support
- fixed bugs:
-> Custom fields: auto-adding object classes via profile editor fixed
-> PHP 5.5 compatibility
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 08e97d6b..2fed3d68 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2166,11 +2166,32 @@ Have fun!
security questions in both self service profile(s) and server
profile(s).
- Schema
+ Schema installation
- Please install the schema that comes with LAM Pro:
- docs/schema/passwordSelfReset.schema or
- docs/schema/passwordSelfReset.ldif
+ Please install the schema that comes with LAM Pro.
+
+ OpenLDAP:
+
+ Install docs/schema/passwordSelfReset.schema for slapd.conf
+ configuration or docs/schema/passwordSelfReset.ldif for slapd.d
+ configuration.
+
+ Samba 4:
+
+ The schema files are
+ docs/schema/passwordSelfReset-Samba4-attributes.ldif and
+ docs/schema/passwordSelfReset-Samba4-objectClass.ldif.
+
+ First, you need to edit them and replace "DOMAIN_TOP_DN" with
+ your LDAP suffix (e.g. dc=samba4,dc=test).
+
+ Then install the attribute and afterwards the object class
+ schema file:
+
+ ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
+
+
This allows to set a security question + answer for each
account.