From 66c83efecdc09d212535c87231224aed5236f9fa Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 11 Aug 2013 18:58:20 +0000
Subject: [PATCH] password self reset for Samba 4

---
 lam/HISTORY                       |  2 +-
 lam/docs/manual-sources/howto.xml | 29 +++++++++++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/lam/HISTORY b/lam/HISTORY
index 572d00f8..91c5dcaf 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -3,7 +3,7 @@ September 2013 4.3
   - LAM Pro:
    -> PPolicy: check password history for password reuse
    -> Custom fields: read-only fields for admin interface and file upload for binary data
-   -> Password self reset: Samba 3 sync, identification with login attribute
+   -> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support
   - fixed bugs:
    -> Custom fields: auto-adding object classes via profile editor fixed
    -> PHP 5.5 compatibility
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 08e97d6b..2fed3d68 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2166,11 +2166,32 @@ Have fun!
         security questions in both self service profile(s) and server
         profile(s).</para>
 
-        <para><emphasis role="bold">Schema</emphasis></para>
+        <para><emphasis role="bold">Schema installation</emphasis></para>
 
-        <para>Please install the schema that comes with LAM Pro:
-        docs/schema/passwordSelfReset.schema or
-        docs/schema/passwordSelfReset.ldif</para>
+        <para>Please install the schema that comes with LAM Pro.</para>
+
+        <para><emphasis role="underline">OpenLDAP:</emphasis></para>
+
+        <para>Install docs/schema/passwordSelfReset.schema for slapd.conf
+        configuration or docs/schema/passwordSelfReset.ldif for slapd.d
+        configuration.</para>
+
+        <para><emphasis role="underline">Samba 4:</emphasis></para>
+
+        <para>The schema files are
+        docs/schema/passwordSelfReset-Samba4-attributes.ldif and
+        docs/schema/passwordSelfReset-Samba4-objectClass.ldif.</para>
+
+        <para>First, you need to edit them and replace "DOMAIN_TOP_DN" with
+        your LDAP suffix (e.g. dc=samba4,dc=test).</para>
+
+        <para>Then install the attribute and afterwards the object class
+        schema file:</para>
+
+        <literallayout>ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
+
+</literallayout>
 
         <para>This allows to set a security question + answer for each
         account.</para>