diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index e289880c..904d0583 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -3405,6 +3405,40 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
LAM supports full Samba 3 user management including logon hours
and terminal server options.
+ The module is enabled by adding "Samba 3 (sambaSamAccount)" to
+ your user modules.
+
+
+
+
+
+
+
+
+
+ In the configuration options you can enable password history
+ checking. Depending on your LDAP server you might need ascending or
+ descending order. Just switch the setting if the password history is
+ not correctly updated.
+
+ In case you have no very old Windows clients (e.g. Windows 98)
+ it is recommended to disable LM hashes. They are considered to be
+ insecure.
+
+ You can also hide some input fields if you do not need
+ them.
+
+
+
+
+
+
+
+
+
+ After configuring the module you will see the Samba 3 tab when
+ you edit a user.
+
@@ -3413,6 +3447,8 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
+ Logon hours can be changed.
+
@@ -3421,6 +3457,8 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
+ You can also setup terminal server settings.
+
@@ -8492,6 +8530,10 @@ OK (10 msec)
If you leave the field empty then no history and age checks will
be done.
+ Password history: depending on your LDAP server you might need
+ ascending or descending order. Just switch the setting if the password
+ history is not correctly updated.
+
diff --git a/lam/docs/manual-sources/images/mod_samba3Config1.png b/lam/docs/manual-sources/images/mod_samba3Config1.png
new file mode 100644
index 00000000..a2c10350
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_samba3Config1.png differ
diff --git a/lam/docs/manual-sources/images/mod_samba3Config2.png b/lam/docs/manual-sources/images/mod_samba3Config2.png
new file mode 100644
index 00000000..0375b4f1
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_samba3Config2.png differ
diff --git a/lam/docs/manual-sources/images/selfServiceSambaDomains.png b/lam/docs/manual-sources/images/selfServiceSambaDomains.png
index c9f57ac8..7fe4319f 100644
Binary files a/lam/docs/manual-sources/images/selfServiceSambaDomains.png and b/lam/docs/manual-sources/images/selfServiceSambaDomains.png differ
diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index f303c1b5..01af43d0 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -253,12 +253,6 @@ class sambaSamAccount extends baseModule implements passwordService {
);
// self service: fields that cannot be relabeled
$return['selfServiceNoRelabelFields'] = array('syncNTPassword', 'syncLMPassword', 'syncSambaPwdLastSet');
- // self service options
- $selfServiceContainer = new htmlTable();
- $selfServiceDomainSuffix = new htmlTableExtendedInputField(_('Domain suffix'), 'sambaSamAccount_domainSuffix');
- $selfServiceContainer->addElement($selfServiceDomainSuffix);
- $selfServiceContainer->addElement(new htmlHelpLink('domainSuffix', get_class($this)), true);
- $return['selfServiceSettings'] = $selfServiceContainer;
// help Entries
$return['help'] = array (
"displayName" => array(
@@ -413,7 +407,7 @@ class sambaSamAccount extends baseModule implements passwordService {
"Text" => _("Please enter the LDAP suffix where your Samba domain entries are stored.")),
'history' => array(
"Headline" => _("Password history"),
- "Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch if old passwords are not removed from history).")),
+ "Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch ordering here if old passwords are not removed from history).")),
);
// upload dependencies
$return['upload_preDepends'] = array('posixAccount', 'inetOrgPerson');
@@ -2265,6 +2259,40 @@ class sambaSamAccount extends baseModule implements passwordService {
return $errors;
}
+ /**
+ * Returns a list of self service configuration settings.
+ *
+ * Calling this method does not require the existence of an enclosing {@link accountContainer}.
+ *
+ * The name attributes are used as keywords to load
+ * and save settings. We recommend to use the module name as prefix for them
+ * (e.g. posixAccount_homeDirectory) to avoid naming conflicts.
+ *
+ * @param selfServiceProfile $profile currently edited profile
+ * @return htmlElement meta HTML object
+ *
+ * @see baseModule::get_metaData()
+ * @see htmlElement
+ */
+ public function getSelfServiceSettings($profile) {
+ $selfServiceContainer = new htmlTable();
+ // domain suffix
+ $selfServiceDomainSuffix = new htmlTableExtendedInputField(_('Domain suffix'), 'sambaSamAccount_domainSuffix');
+ $selfServiceContainer->addElement($selfServiceDomainSuffix);
+ $selfServiceContainer->addElement(new htmlHelpLink('domainSuffix', get_class($this)), true);
+ // password history
+ $historyOptions = array(
+ _('yes - ordered ascending') => 'yes_deleteLast',
+ _('yes - ordered descending') => 'yes_deleteFirst',
+ _('no') => 'no'
+ );
+ $historySelect = new htmlTableExtendedSelect('sambaSamAccount_history', $historyOptions, array('yes_deleteLast'), _("Password history"));
+ $historySelect->setHasDescriptiveElements(true);
+ $selfServiceContainer->addElement($historySelect);
+ $selfServiceContainer->addElement(new htmlHelpLink('history', get_class($this)), true);
+ return $selfServiceContainer;
+ }
+
/**
* Returns the meta HTML code for each input field.
* format: array( => array(), ...)
@@ -2423,17 +2451,29 @@ class sambaSamAccount extends baseModule implements passwordService {
}
else {
// update password history
- $sambaPasswordHistory = empty($attributes['sambaPasswordHistory']) ? null : $attributes['sambaPasswordHistory'];
- while (sizeof($sambaPasswordHistory) > ($sambaDomain->pwdHistoryLength - 1)) {
- array_pop($sambaPasswordHistory);
- }
- $sambaPasswordHistory[] = sambaSamAccount::createHistoryEntry($return['info']['sambaUserPasswordClearText'][0]);
- $sambaPasswordHistory = array_values($sambaPasswordHistory);
- if (empty($attributes['sambaPasswordHistory'])) {
- $return['add']['sambaPasswordHistory'] = $sambaPasswordHistory;
- }
- else {
- $return['mod']['sambaPasswordHistory'] = $sambaPasswordHistory;
+ if (sambaSamAccount::isPasswordHistoryEnabled($this->selfServiceSettings->moduleSettings)) {
+ $sambaPasswordHistory = empty($attributes['sambaPasswordHistory']) ? null : $attributes['sambaPasswordHistory'];
+ while (sizeof($sambaPasswordHistory) > ($sambaDomain->pwdHistoryLength - 1)) {
+ if (empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0]) || ($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
+ array_pop($sambaPasswordHistory);
+ }
+ else {
+ array_shift($sambaPasswordHistory);
+ }
+ }
+ if (empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0]) || ($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
+ array_unshift($sambaPasswordHistory, sambaSamAccount::createHistoryEntry($return['info']['sambaUserPasswordClearText'][0]));
+ }
+ else {
+ $sambaPasswordHistory[] = sambaSamAccount::createHistoryEntry($return['info']['sambaUserPasswordClearText'][0]);
+ }
+ $sambaPasswordHistory = array_values($sambaPasswordHistory);
+ if (empty($attributes['sambaPasswordHistory'])) {
+ $return['add']['sambaPasswordHistory'] = $sambaPasswordHistory;
+ }
+ else {
+ $return['mod']['sambaPasswordHistory'] = $sambaPasswordHistory;
+ }
}
}
}