FPDF is Freeware (it is stated at the beginning of the source file). There is no usage -restriction. You may embed it freely in your application (commercial or not), with or -without modification.
-2. When I try to create a PDF, a lot of weird characters show on the screen. Why? -These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
-IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
-without launching Acrobat. This happens frequently during the development stage: on the least
-script error, an HTML page is sent, and after correction, the PDF arrives.
-
-To solve the problem, simply quit and restart IE. You can also go to another URL and come
-back.
-
-To avoid this kind of inconvenience during the development, you can generate the PDF directly
-to a file and open it through the explorer.
First of all, check that you send nothing to the browser after the PDF (not even a space or a
-carriage return). You can put an exit statement just after the call to the Output() method to
-be sure.
-
-If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
-conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
-test your application with as many IE versions as possible (at least if you're on the Internet).
-The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
-more that it causes other problems, see the next question). The GET works better but may fail
-when the URL becomes too long: don't use a query string with more than 45 characters. However, a
-tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a
-formular, you can add a hidden field at the last position:
-
-
-
| - -<INPUT TYPE="HIDDEN" NAME="ext" VALUE=".pdf"> - - |
|
-
-//Determine a temporary file name in the current directory -$file=basename(tempnam(getcwd(),'tmp')); -//Save PDF to file -$pdf->Output($file); -//JavaScript redirection -echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>"; - - |
|
-
-<?php -$f=$HTTP_GET_VARS['f']; -//Check file (don't skip it!) -if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\')) - die('Incorrect file name'); -if(!file_exists($f)) - die('File does not exist'); -//Handle special IE request if needed -if($HTTP_ENV_VARS['USER_AGENT']=='contype') -{ - Header('Content-Type: application/pdf'); - exit; -} -//Output PDF -Header('Content-Type: application/pdf'); -Header('Content-Length: '.filesize($f)); -readfile($f); -//Remove file -unlink($f); -exit; -?> - - |
|
-
-//Determine a temporary file name in the current directory -$file=basename(tempnam(getcwd(),'tmp')); -rename($file,$file.'.pdf'); -$file.='.pdf'; -//Save PDF to file -$pdf->Output($file); -//JavaScript redirection -echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>"; - - |
|
-
-function CleanFiles($dir) -{ - //Delete temporary files - $t=time(); - $h=opendir($dir); - while($file=readdir($h)) - { - if(substr($file,0,3)=='tmp' and substr($file,-4)=='.pdf') - { - $path=$dir.'/'.$file; - if($t-filemtime($path)>3600) - @unlink($path); - } - } - closedir($h); -} - - |
It's a problem affecting some versions of IE (especially the first 5.5). See the previous -question for the ways to work around it.
-5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it. -It's a problem affecting some versions of IE. To work around it, add the following line before
-session_start():
-
-
-
| - -session_cache_limiter('private'); - - |
The problem may be fixed by adding this line:
-
-
| - -Header('Pragma: public'); - - |
When the decimal separator is configured as a comma before including a file, there is a -bug in PHP and decimal numbers -get truncated. Therefore you shouldn't make a call to setlocale() before including the class. -On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a -setlocale() call.
-8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred". -Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per -pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
-9. I try to put an image and Acrobat says "There was an error processing a page. Wrong operand type". -You have to give at least one dimension; height and width can't be both equal to zero.
-10. I'd like to put my image in real size in the PDF. How can I convert pixels to mm? -An image has no "real size". The dimension it is given in the document is arbitrary. Except if -you want to impose a particular resolution (for instance 72dpi, which is the one typically used -on screen display), in which case the ratio between the pixel width and the resolution gives the -dimension.
-11. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X) -You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return, -neither before nor after. The script outputs something at line X.
-12. I try to display a variable in the Header method but nothing prints. -You have to use the global keyword, for instance:
-
-
-
|
-
-function Header() -{ - global $title; - - $this->SetFont('Arial','B',15); - $this->Cell(0,10,$title,1,1,'C'); -} - - |
You have to create an object from the PDF class, not FPDF:
-
-
| - -$pdf=new PDF(); - - |
You have to enclose your string with double quotes, not single ones.
-15. I try to put the euro symbol but it doesn't work. -The standard fonts have the euro character at position 128. You can define a constant like this
-for convenience:
-
-
-
| - -define('EURO',chr(128)); - - |
To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
-17. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them? -All printers have physical margins (different depending on the model), it is therefore impossible -to remove them and print on the totality of the paper.
-18. What's the limit of the file sizes I can generate with FPDF? -There is no particular limit. There are some constraints however:
-
-
-- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
-especially with images, this limit may be reached (the file being built into memory). The
-parameter is configured in the php.ini file.
-
-
-- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
-reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
-
-
-- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
-reach the limit, it will be lost. It is therefore advised for very big documents to
-generate them in a file, and to send some data to the browser from time to time (for instance
-page 1, page 2... with flush() to force the output). When the document is finished, you can send
-a redirection on it with JavaScript or create a link.
-
-Remark: even when the browser goes in time-out, the script may continue to run on the server.
No.
-20. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF? -No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
-a PDF. It is provided with the Xpdf package:
-
-http://www.foolabs.com/xpdf/
No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
-
-http://www.easysw.com/htmldoc/
No. But a free C utility exists to perform this task:
-
-http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html
You can't for the moment. The feature will be implemented in the future.
- - diff --git a/lam-0.4/docs/README.hosts b/lam-0.4/docs/README.hosts deleted file mode 100644 index 6176ab75..00000000 --- a/lam-0.4/docs/README.hosts +++ /dev/null @@ -1,28 +0,0 @@ -The attribute "host" is only in objectclass account. -Unfortunatly "account" conflicts with -"inetorgperson". so there's no perfect way to use -both. - -In order to get attribute host working you have to -modify schema/inetoergperson and include host: - - -# inetOrgPerson -# The inetOrgPerson represents people who are associated with an -# organization in some way. It is a structural class and is derived -# from the organizationalPerson which is defined in X.521 [X521]. -objectclass ( 2.16.840.1.113730.3.2.2 - NAME 'inetOrgPerson' - DESC 'RFC2798: Internet Organizational Person' - SUP organizationalPerson - STRUCTURAL - MAY ( - audio $ businessCategory $ carLicense $ departmentNumber $ - displayName $ employeeNumber $ employeeType $ givenName $ - homePhone $ homePostalAddress $ initials $ jpegPhoto $ - labeledURI $ mail $ manager $ mobile $ o $ pager $ - photo $ roomNumber $ secretary $ uid $ userCertificate $ - x500uniqueIdentifier $ preferredLanguage $ - userSMIMECertificate $ userPKCS12 $ host ) - ) - diff --git a/lam-0.4/docs/README.lamdaemon.pl b/lam-0.4/docs/README.lamdaemon.pl deleted file mode 100644 index 9d9b9834..00000000 --- a/lam-0.4/docs/README.lamdaemon.pl +++ /dev/null @@ -1,84 +0,0 @@ -lamdaemon.pl is used to modify quota and homedirs -on a remote or local host via ssh. -If you want wo use it you have to set up many -thins to get it work. - -1. Set values in LDAP Account manager - * Set the remote or local host in the configuration - (e.g. 127.0.0.1) - * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl - - -2. Set up sudo - The perlskript has to run as root (very ugly I know but - I haven't found any other solution). Therefor we need - a wrapper, sudo. - Edit /etc/sudoers on host homedirs or quotas should be used - and add the following line: - $admin All= NOPASSWD: $path - $admin is the adminuser from lam and $path - is the path include the filename of lamdaemon.pl - e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl - At the moment the password is a paramteter of lamdaemon.pl - Therefore you should disable logging so the password doesn't - apear in any logfile - This can be done by adding the following line: - Defaults:$admin !syslog - -3. Set up perl - We need some external perl-modules, Quota and Net::SSH::Perl - Th install them, run: - perl -MCPAN -e shell - install Quota - install Net::SSH::Perl - Please answer all questions to describe your system - Every additional needed module should be installed - automaticly - LDAP isn't used by lamdaemon.pl anymore - - I installed Math::Pari, a needed module, by hand. - I had many problems to install Math::Pari, a module needed - by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case). - I found the following solution to prevent this bug: - * Download and untar pari (http://www.parigp-home.de) - * Download and untar Math::Pari - * run perl Makefile.PL - * edit Makefile and libPARI/Makefile - Replace line "OPTIMIZE = -O3 --pipe" with - "OPTIMIZE = -O1 --pipe". - * run make - * run make install - -4. Set up ssh - On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config - to get lamdaemon.pl work - I had some problems to log in with ssh if the password hash of the - admin-user was encrypted with {SSHA}. I had to change encryption - for admin-accounts to {CRYPT} to get ssh work. - -5. Test lamdaemon.pl - I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl - with the following attributes to test it: - lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test - $ssh-server is the remote host lamdaemon.pl should be run - $lam_path_on_host is the path to lamdaemon.pl on remote host - $admin-username is the name of the user which is allowed to run lamdaemon.pl - as root. It's the same user in /etc/sudoers - $admin-password is the password of admin-user - *test is the command which tells lamdaemon.pl to test settings - - You have to run the coammd as the user your webserver is running as, e.g. - - wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ - 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test - - You should get the following response: - Net::SSH::Perl successfully installed. - sudo set up correctly. - Perl quota module successfully installed. - If you have'nt seen any error lamdaemon.pl should set up successfully. - -Now everything should work fine - -This is a very incomplete Documention for Beta-Release only. -Pleas send a mail to TiloLutz@gmx.de if you have any suggsestion diff --git a/lam-0.4/docs/README.openldap b/lam-0.4/docs/README.openldap deleted file mode 100644 index 8e69be4f..00000000 --- a/lam-0.4/docs/README.openldap +++ /dev/null @@ -1,21 +0,0 @@ -Some basic hints to configure the openLDAP server: - -SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts - change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values. - -INDICES: Indices will improve the performance when searching for entries in the LDAP directory. - The following indices are recommended: - - index objectClass eq - index default sub - index uidNumber eq - index gidNumber eq - index memberUid eq - index cn,mail,surname,givenname eq,subinitial - # Samba 2.x - index rid eq - index primaryGroupID eq - # Samba 3.x - index sambaSID eq - index sambaPrimaryGroupSID eq - index sambaDomainName eq diff --git a/lam-0.4/docs/README.security b/lam-0.4/docs/README.security deleted file mode 100644 index b797912f..00000000 --- a/lam-0.4/docs/README.security +++ /dev/null @@ -1,36 +0,0 @@ - -1. Use of SSL - - The data which is transfered between you and the LAM server is very sensitive. - Please always use SSL encrypted connections between LAM and your browser to - protect yourself against network sniffers. - - -2. LDAP+SSL and TLS - - LAM should start TLS automatically if possible. LDAP+SSL will be used if you use - ldaps://servername in your configuration file. - - -3. Chrooted servers - - If your server is chrooted and you have no access to /dev/random or /dev/urandom - this can be a security risk. LAM stores your LDAP password encrypted in the session. - LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. - Therefore the key can be easily guessed. - An attaker needs read access to the session file (e.g. by another Apache instance) to - exploit this. - - -4. LDAP-password protection - - Your LDAP-password is stored encrypted in the session file. The key and IV to decrypt - it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password. - - -5. Protection of new user passwords - - These passwords are, if stored in the session file, encrypted with the same key and IV - as your LDAP-password. - - diff --git a/lam/docs/README.fpdf b/lam/docs/README.fpdf deleted file mode 100644 index cad36274..00000000 --- a/lam/docs/README.fpdf +++ /dev/null @@ -1,298 +0,0 @@ - - - -FPDF is Freeware (it is stated at the beginning of the source file). There is no usage -restriction. You may embed it freely in your application (commercial or not), with or -without modification.
-2. When I try to create a PDF, a lot of weird characters show on the screen. Why? -These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
-IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
-without launching Acrobat. This happens frequently during the development stage: on the least
-script error, an HTML page is sent, and after correction, the PDF arrives.
-
-To solve the problem, simply quit and restart IE. You can also go to another URL and come
-back.
-
-To avoid this kind of inconvenience during the development, you can generate the PDF directly
-to a file and open it through the explorer.
First of all, check that you send nothing to the browser after the PDF (not even a space or a
-carriage return). You can put an exit statement just after the call to the Output() method to
-be sure.
-
-If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
-conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
-test your application with as many IE versions as possible (at least if you're on the Internet).
-The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
-more that it causes other problems, see the next question). The GET works better but may fail
-when the URL becomes too long: don't use a query string with more than 45 characters. However, a
-tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a
-formular, you can add a hidden field at the last position:
-
-
-
| - -<INPUT TYPE="HIDDEN" NAME="ext" VALUE=".pdf"> - - |
|
-
-//Determine a temporary file name in the current directory -$file=basename(tempnam(getcwd(),'tmp')); -//Save PDF to file -$pdf->Output($file); -//JavaScript redirection -echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>"; - - |
|
-
-<?php -$f=$HTTP_GET_VARS['f']; -//Check file (don't skip it!) -if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\')) - die('Incorrect file name'); -if(!file_exists($f)) - die('File does not exist'); -//Handle special IE request if needed -if($HTTP_ENV_VARS['USER_AGENT']=='contype') -{ - Header('Content-Type: application/pdf'); - exit; -} -//Output PDF -Header('Content-Type: application/pdf'); -Header('Content-Length: '.filesize($f)); -readfile($f); -//Remove file -unlink($f); -exit; -?> - - |
|
-
-//Determine a temporary file name in the current directory -$file=basename(tempnam(getcwd(),'tmp')); -rename($file,$file.'.pdf'); -$file.='.pdf'; -//Save PDF to file -$pdf->Output($file); -//JavaScript redirection -echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>"; - - |
|
-
-function CleanFiles($dir) -{ - //Delete temporary files - $t=time(); - $h=opendir($dir); - while($file=readdir($h)) - { - if(substr($file,0,3)=='tmp' and substr($file,-4)=='.pdf') - { - $path=$dir.'/'.$file; - if($t-filemtime($path)>3600) - @unlink($path); - } - } - closedir($h); -} - - |
It's a problem affecting some versions of IE (especially the first 5.5). See the previous -question for the ways to work around it.
-5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it. -It's a problem affecting some versions of IE. To work around it, add the following line before
-session_start():
-
-
-
| - -session_cache_limiter('private'); - - |
The problem may be fixed by adding this line:
-
-
| - -Header('Pragma: public'); - - |
When the decimal separator is configured as a comma before including a file, there is a -bug in PHP and decimal numbers -get truncated. Therefore you shouldn't make a call to setlocale() before including the class. -On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a -setlocale() call.
-8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred". -Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per -pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
-9. I try to put an image and Acrobat says "There was an error processing a page. Wrong operand type". -You have to give at least one dimension; height and width can't be both equal to zero.
-10. I'd like to put my image in real size in the PDF. How can I convert pixels to mm? -An image has no "real size". The dimension it is given in the document is arbitrary. Except if -you want to impose a particular resolution (for instance 72dpi, which is the one typically used -on screen display), in which case the ratio between the pixel width and the resolution gives the -dimension.
-11. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X) -You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return, -neither before nor after. The script outputs something at line X.
-12. I try to display a variable in the Header method but nothing prints. -You have to use the global keyword, for instance:
-
-
-
|
-
-function Header() -{ - global $title; - - $this->SetFont('Arial','B',15); - $this->Cell(0,10,$title,1,1,'C'); -} - - |
You have to create an object from the PDF class, not FPDF:
-
-
| - -$pdf=new PDF(); - - |
You have to enclose your string with double quotes, not single ones.
-15. I try to put the euro symbol but it doesn't work. -The standard fonts have the euro character at position 128. You can define a constant like this
-for convenience:
-
-
-
| - -define('EURO',chr(128)); - - |
To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
-17. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them? -All printers have physical margins (different depending on the model), it is therefore impossible -to remove them and print on the totality of the paper.
-18. What's the limit of the file sizes I can generate with FPDF? -There is no particular limit. There are some constraints however:
-
-
-- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
-especially with images, this limit may be reached (the file being built into memory). The
-parameter is configured in the php.ini file.
-
-
-- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
-reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
-
-
-- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
-reach the limit, it will be lost. It is therefore advised for very big documents to
-generate them in a file, and to send some data to the browser from time to time (for instance
-page 1, page 2... with flush() to force the output). When the document is finished, you can send
-a redirection on it with JavaScript or create a link.
-
-Remark: even when the browser goes in time-out, the script may continue to run on the server.
No.
-20. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF? -No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
-a PDF. It is provided with the Xpdf package:
-
-http://www.foolabs.com/xpdf/
No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
-
-http://www.easysw.com/htmldoc/
No. But a free C utility exists to perform this task:
-
-http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html
You can't for the moment. The feature will be implemented in the future.
- - diff --git a/lam/docs/README.hosts b/lam/docs/README.hosts deleted file mode 100644 index 6176ab75..00000000 --- a/lam/docs/README.hosts +++ /dev/null @@ -1,28 +0,0 @@ -The attribute "host" is only in objectclass account. -Unfortunatly "account" conflicts with -"inetorgperson". so there's no perfect way to use -both. - -In order to get attribute host working you have to -modify schema/inetoergperson and include host: - - -# inetOrgPerson -# The inetOrgPerson represents people who are associated with an -# organization in some way. It is a structural class and is derived -# from the organizationalPerson which is defined in X.521 [X521]. -objectclass ( 2.16.840.1.113730.3.2.2 - NAME 'inetOrgPerson' - DESC 'RFC2798: Internet Organizational Person' - SUP organizationalPerson - STRUCTURAL - MAY ( - audio $ businessCategory $ carLicense $ departmentNumber $ - displayName $ employeeNumber $ employeeType $ givenName $ - homePhone $ homePostalAddress $ initials $ jpegPhoto $ - labeledURI $ mail $ manager $ mobile $ o $ pager $ - photo $ roomNumber $ secretary $ uid $ userCertificate $ - x500uniqueIdentifier $ preferredLanguage $ - userSMIMECertificate $ userPKCS12 $ host ) - ) - diff --git a/lam/docs/README.lamdaemon.pl b/lam/docs/README.lamdaemon.pl deleted file mode 100644 index 9d9b9834..00000000 --- a/lam/docs/README.lamdaemon.pl +++ /dev/null @@ -1,84 +0,0 @@ -lamdaemon.pl is used to modify quota and homedirs -on a remote or local host via ssh. -If you want wo use it you have to set up many -thins to get it work. - -1. Set values in LDAP Account manager - * Set the remote or local host in the configuration - (e.g. 127.0.0.1) - * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl - - -2. Set up sudo - The perlskript has to run as root (very ugly I know but - I haven't found any other solution). Therefor we need - a wrapper, sudo. - Edit /etc/sudoers on host homedirs or quotas should be used - and add the following line: - $admin All= NOPASSWD: $path - $admin is the adminuser from lam and $path - is the path include the filename of lamdaemon.pl - e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl - At the moment the password is a paramteter of lamdaemon.pl - Therefore you should disable logging so the password doesn't - apear in any logfile - This can be done by adding the following line: - Defaults:$admin !syslog - -3. Set up perl - We need some external perl-modules, Quota and Net::SSH::Perl - Th install them, run: - perl -MCPAN -e shell - install Quota - install Net::SSH::Perl - Please answer all questions to describe your system - Every additional needed module should be installed - automaticly - LDAP isn't used by lamdaemon.pl anymore - - I installed Math::Pari, a needed module, by hand. - I had many problems to install Math::Pari, a module needed - by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case). - I found the following solution to prevent this bug: - * Download and untar pari (http://www.parigp-home.de) - * Download and untar Math::Pari - * run perl Makefile.PL - * edit Makefile and libPARI/Makefile - Replace line "OPTIMIZE = -O3 --pipe" with - "OPTIMIZE = -O1 --pipe". - * run make - * run make install - -4. Set up ssh - On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config - to get lamdaemon.pl work - I had some problems to log in with ssh if the password hash of the - admin-user was encrypted with {SSHA}. I had to change encryption - for admin-accounts to {CRYPT} to get ssh work. - -5. Test lamdaemon.pl - I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl - with the following attributes to test it: - lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test - $ssh-server is the remote host lamdaemon.pl should be run - $lam_path_on_host is the path to lamdaemon.pl on remote host - $admin-username is the name of the user which is allowed to run lamdaemon.pl - as root. It's the same user in /etc/sudoers - $admin-password is the password of admin-user - *test is the command which tells lamdaemon.pl to test settings - - You have to run the coammd as the user your webserver is running as, e.g. - - wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ - 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test - - You should get the following response: - Net::SSH::Perl successfully installed. - sudo set up correctly. - Perl quota module successfully installed. - If you have'nt seen any error lamdaemon.pl should set up successfully. - -Now everything should work fine - -This is a very incomplete Documention for Beta-Release only. -Pleas send a mail to TiloLutz@gmx.de if you have any suggsestion diff --git a/lam/docs/README.openldap b/lam/docs/README.openldap deleted file mode 100644 index 8e69be4f..00000000 --- a/lam/docs/README.openldap +++ /dev/null @@ -1,21 +0,0 @@ -Some basic hints to configure the openLDAP server: - -SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts - change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values. - -INDICES: Indices will improve the performance when searching for entries in the LDAP directory. - The following indices are recommended: - - index objectClass eq - index default sub - index uidNumber eq - index gidNumber eq - index memberUid eq - index cn,mail,surname,givenname eq,subinitial - # Samba 2.x - index rid eq - index primaryGroupID eq - # Samba 3.x - index sambaSID eq - index sambaPrimaryGroupSID eq - index sambaDomainName eq diff --git a/lam/docs/README.security b/lam/docs/README.security deleted file mode 100644 index b797912f..00000000 --- a/lam/docs/README.security +++ /dev/null @@ -1,36 +0,0 @@ - -1. Use of SSL - - The data which is transfered between you and the LAM server is very sensitive. - Please always use SSL encrypted connections between LAM and your browser to - protect yourself against network sniffers. - - -2. LDAP+SSL and TLS - - LAM should start TLS automatically if possible. LDAP+SSL will be used if you use - ldaps://servername in your configuration file. - - -3. Chrooted servers - - If your server is chrooted and you have no access to /dev/random or /dev/urandom - this can be a security risk. LAM stores your LDAP password encrypted in the session. - LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. - Therefore the key can be easily guessed. - An attaker needs read access to the session file (e.g. by another Apache instance) to - exploit this. - - -4. LDAP-password protection - - Your LDAP-password is stored encrypted in the session file. The key and IV to decrypt - it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password. - - -5. Protection of new user passwords - - These passwords are, if stored in the session file, encrypted with the same key and IV - as your LDAP-password. - -