WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

moved docs to new manual

This commit is contained in:
Roland Gruber 2009-11-07 18:01:46 +00:00
parent b68ce9b7fd
commit 7d97de4642
8 changed files with 0 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
lam/docs/README.Kolab.txt
View File

@ -1,48 +0,0 @@
Some notes on managing Kolab accounts with LAM:
1. Creating accounts
The mailbox server cannot be changed after the account has been saved. Please
make sure that the value is correct.
The email address ("Personal" page) must match your Kolab domain, otherwise the
account will not work.
2. Deleting accounts
If you want to cleanly delete accounts use the "Mark for deletion" button on the
Kolab subpage of an account. This will also remove the user's mailbox.
If you delete the account from the account list (which is standard for LAM accounts)
then no cleanup actions are made.
3. Managing accounts with both LAM and Kolab Admin GUI
The Kolab GUI has some restrictions that LAM does not have.
Please pay attention to the following restrictions:
- Common name in LAM
The common name must have the format "<first name> <last name>".
You can leave the field empty in LAM and it will automatically
fill in the correct value.
- Changing first/last name in Kolab GUI
Do not change the first/last name of your users in the Kolab GUI!
The GUI will change the common name which leads to an LDAP object class
violation. This is caused by a bug in the Kolab GUI.
4. Adding a Kolab part to existing accounts
If you upgrade existing non-Kolab accounts please make sure that the account
has a Unix password.
5. Installing LAM on the Kolab server
You can install LAM in the directory "/kolab/var/kolab/www" which is
the root directory for Apache.
The PHP installation already includes all required packages.

286
lam/docs/README.fpdf.htm
View File

@ -1,286 +0,0 @@
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<TITLE>FAQ</TITLE>
<LINK TYPE="text/css" REL="stylesheet" HREF="fpdf.css">
</HEAD>
<BODY>
<H2>FAQ</H2>
<B>1.</B> <A HREF='#1'>What's exactly the license of FPDF? Are there any usage restrictions?</A><BR>
<B>2.</B> <A HREF='#2'>When I try to create a PDF, a lot of weird characters show on the screen. Why?</A><BR>
<B>3.</B> <A HREF='#3'>I try to generate a PDF and IE displays a blank page. What happens?</A><BR>
<B>4.</B> <A HREF='#4'>I send parameters using the POST method and the values don't appear in the PDF.</A><BR>
<B>5.</B> <A HREF='#5'>When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.</A><BR>
<B>6.</B> <A HREF='#6'>When I'm on SSL, IE can't open the PDF.</A><BR>
<B>7.</B> <A HREF='#7'>When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".</A><BR>
<B>8.</B> <A HREF='#8'>I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".</A><BR>
<B>9.</B> <A HREF='#9'>I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)</A><BR>
<B>10.</B> <A HREF='#10'>I try to display a variable in the Header method but nothing prints.</A><BR>
<B>11.</B> <A HREF='#11'>I defined the Header and Footer methods in my PDF class but nothing appears.</A><BR>
<B>12.</B> <A HREF='#12'>I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.</A><BR>
<B>13.</B> <A HREF='#13'>I try to put the euro symbol but it doesn't work.</A><BR>
<B>14.</B> <A HREF='#14'>I draw a frame with very precise dimensions, but when printed I notice some differences.</A><BR>
<B>15.</B> <A HREF='#15'>I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?</A><BR>
<B>16.</B> <A HREF='#16'>What's the limit of the file sizes I can generate with FPDF?</A><BR>
<B>17.</B> <A HREF='#17'>Can I modify a PDF with FPDF?</A><BR>
<B>18.</B> <A HREF='#18'>I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?</A><BR>
<B>19.</B> <A HREF='#19'>Can I convert an HTML page to PDF with FPDF?</A><BR>
<B>20.</B> <A HREF='#20'>Can I concatenate PDF files with FPDF?</A><BR>
<BR><BR>
<P><A NAME='1'></A><B>1.</B> <FONT CLASS='st'>What's exactly the license of FPDF? Are there any usage restrictions?</FONT></P>
FPDF is Freeware (it is stated at the beginning of the source file). There is no usage
restriction. You may embed it freely in your application (commercial or not), with or
without modification. You may redistribute it, too.
<P><A NAME='2'></A><B>2.</B> <FONT CLASS='st'>When I try to create a PDF, a lot of weird characters show on the screen. Why?</FONT></P>
These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
without launching Acrobat. This happens frequently during the development stage: on the least
script error, an HTML page is sent, and after correction, the PDF arrives.
<BR>
To solve the problem, simply quit and restart IE. You can also go to another URL and come
back.
<BR>
To avoid this kind of inconvenience during the development, you can generate the PDF directly
to a file and open it through the explorer.
<P><A NAME='3'></A><B>3.</B> <FONT CLASS='st'>I try to generate a PDF and IE displays a blank page. What happens?</FONT></P>
First of all, check that you send nothing to the browser after the PDF (not even a space or a
carriage return). You can put an exit statement just after the call to the Output() method to
be sure.
<BR>
If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
test your application with as many IE versions as possible (at least if you're on the Internet).
The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
more that it causes other problems, see the next question). The GET works better but may fail
when the URL becomes too long: don't use a query string with more than 45 characters. However, a
tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a form, you
can add a hidden field at the last position:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
&lt;INPUT TYPE=&quot;HIDDEN&quot; NAME=&quot;ext&quot; VALUE=&quot;.pdf&quot;&gt;
</TT>
</TD></TR></TABLE><BR>
The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching).
See question 5 for a workaround.
<BR>
<BR>
To avoid all these problems in a reliable manner, two main techniques exist:
<BR>
<BR>
- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in
the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat
5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in
IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask
before opening this type of file" and choose Open. From now on, PDF files will open
automatically in an external Acrobat window.
<BR>
The drawback of the method is that you need to alter the client configuration, which you can do
in an intranet environment but not for the Internet.
<BR>
<BR>
- Use a redirection technique. It consists in generating the PDF in a temporary file on the
server and redirect the client on it (by using JavaScript, not the Location HTTP header which
also causes trouble). For instance, at the end of the script, you can put the following:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
//Determine a temporary file name in the current directory<BR>
$file=basename(tempnam(getcwd(),'tmp'));<BR>
//Save PDF to file<BR>
$pdf-&gt;Output($file);<BR>
//JavaScript redirection<BR>
echo &quot;&lt;HTML&gt;&lt;SCRIPT&gt;document.location='getpdf.php?f=$file';&lt;/SCRIPT&gt;&lt;/HTML&gt;&quot;;
</TT>
</TD></TR></TABLE><BR>
Then create the getpdf.php file with this:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
&lt;?php<BR>
$f=$HTTP_GET_VARS['f'];<BR>
//Check file (don't skip it!)<BR>
if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))<BR>
&nbsp;&nbsp;&nbsp;&nbsp;die('Incorrect file name');<BR>
if(!file_exists($f))<BR>
&nbsp;&nbsp;&nbsp;&nbsp;die('File does not exist');<BR>
//Handle special IE request if needed<BR>
if($HTTP_SERVER_VARS['HTTP_USER_AGENT']=='contype')<BR>
{<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Header('Content-Type: application/pdf');<BR>
&nbsp;&nbsp;&nbsp;&nbsp;exit;<BR>
}<BR>
//Output PDF<BR>
Header('Content-Type: application/pdf');<BR>
Header('Content-Length: '.filesize($f));<BR>
readfile($f);<BR>
//Remove file<BR>
unlink($f);<BR>
exit;<BR>
?&gt;
</TT>
</TD></TR></TABLE><BR>
This method works in most cases but IE6 can still experience trouble. The "ultimate" method
consists in redirecting directly to the temporary file. The file name must therefore end with .pdf:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
//Determine a temporary file name in the current directory<BR>
$file=basename(tempnam(getcwd(),'tmp'));<BR>
rename($file,$file.'.pdf');<BR>
$file.='.pdf';<BR>
//Save PDF to file<BR>
$pdf-&gt;Output($file);<BR>
//JavaScript redirection<BR>
echo &quot;&lt;HTML&gt;&lt;SCRIPT&gt;document.location='$file';&lt;/SCRIPT&gt;&lt;/HTML&gt;&quot;;
</TT>
</TD></TR></TABLE><BR>
This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do
some cleaning in order to delete the temporary files. For instance:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
function CleanFiles($dir)<BR>
{<BR>
&nbsp;&nbsp;&nbsp;&nbsp;//Delete temporary files<BR>
&nbsp;&nbsp;&nbsp;&nbsp;$t=time();<BR>
&nbsp;&nbsp;&nbsp;&nbsp;$h=opendir($dir);<BR>
&nbsp;&nbsp;&nbsp;&nbsp;while($file=readdir($h))<BR>
&nbsp;&nbsp;&nbsp;&nbsp;{<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(substr($file,0,3)=='tmp' and substr($file,-4)=='.pdf')<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$path=$dir.'/'.$file;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if($t-filemtime($path)&gt;3600)<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;@unlink($path);<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR>
&nbsp;&nbsp;&nbsp;&nbsp;}<BR>
&nbsp;&nbsp;&nbsp;&nbsp;closedir($h);<BR>
}
</TT>
</TD></TR></TABLE><BR>
This function deletes all files of the form tmp*.pdf older than an hour in the specified
directory. You may call it where you want, for instance in the script which generates the PDF.
<BR>
<BR>
Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the
redirection.
<P><A NAME='4'></A><B>4.</B> <FONT CLASS='st'>I send parameters using the POST method and the values don't appear in the PDF.</FONT></P>
It's a problem affecting some versions of IE (especially the first 5.5). See the previous
question for the ways to work around it.
<P><A NAME='5'></A><B>5.</B> <FONT CLASS='st'>When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.</FONT></P>
It's a problem affecting some versions of IE. To work around it, add the following line before
session_start():
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
session_cache_limiter('private');
</TT>
</TD></TR></TABLE><BR>
or do a redirection as explained in question 3.
<P><A NAME='6'></A><B>6.</B> <FONT CLASS='st'>When I'm on SSL, IE can't open the PDF.</FONT></P>
The problem may be fixed by adding this line:<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
Header('Pragma: public');
</TT>
</TD></TR></TABLE><BR>
<P><A NAME='7'></A><B>7.</B> <FONT CLASS='st'>When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".</FONT></P>
When the decimal separator is configured as a comma before including a file, there is a
<A HREF="http://bugs.php.net/bug.php?id=17105" TARGET="_blank">bug</A> in some PHP versions and decimal
numbers get truncated. Therefore you shouldn't make a call to setlocale() before including the class.
On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a
setlocale() call.
<P><A NAME='8'></A><B>8.</B> <FONT CLASS='st'>I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".</FONT></P>
Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per
pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
<P><A NAME='9'></A><B>9.</B> <FONT CLASS='st'>I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)</FONT></P>
You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return,
neither before nor after. The script outputs something at line X.
<P><A NAME='10'></A><B>10.</B> <FONT CLASS='st'>I try to display a variable in the Header method but nothing prints.</FONT></P>
You have to use the <TT>global</TT> keyword, for instance:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
function Header()<BR>
{<BR>
&nbsp;&nbsp;&nbsp;&nbsp;global $title;<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;$this-&gt;SetFont('Arial','B',15);<BR>
&nbsp;&nbsp;&nbsp;&nbsp;$this-&gt;Cell(0,10,$title,1,1,'C');<BR>
}
</TT>
</TD></TR></TABLE><BR>
<P><A NAME='11'></A><B>11.</B> <FONT CLASS='st'>I defined the Header and Footer methods in my PDF class but nothing appears.</FONT></P>
You have to create an object from the PDF class, not FPDF:<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
$pdf=new PDF();
</TT>
</TD></TR></TABLE><BR>
<P><A NAME='12'></A><B>12.</B> <FONT CLASS='st'>I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.</FONT></P>
You have to enclose your string with double quotes, not single ones.
<P><A NAME='13'></A><B>13.</B> <FONT CLASS='st'>I try to put the euro symbol but it doesn't work.</FONT></P>
The standard fonts have the euro character at position 128. You can define a constant like this
for convenience:
<BR>
<BR>
<TABLE WIDTH="100%" BGCOLOR="#E0E0E0"><TR><TD>
<TT>
define('EURO',chr(128));
</TT>
</TD></TR></TABLE><BR>
Note: Acrobat 4 or higher is required to display euro.
<P><A NAME='14'></A><B>14.</B> <FONT CLASS='st'>I draw a frame with very precise dimensions, but when printed I notice some differences.</FONT></P>
To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
<P><A NAME='15'></A><B>15.</B> <FONT CLASS='st'>I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?</FONT></P>
All printers have physical margins (different depending on the model), it is therefore impossible
to remove them and print on the totality of the paper.
<P><A NAME='16'></A><B>16.</B> <FONT CLASS='st'>What's the limit of the file sizes I can generate with FPDF?</FONT></P>
There is no particular limit. There are some constraints however:
<BR>
<BR>
- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
especially with images, this limit may be reached (the file being built into memory). The
parameter is configured in the php.ini file.
<BR>
<BR>
- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
<BR>
<BR>
- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
reach the limit, it will be lost. It is therefore advised for very big documents to
generate them in a file, and to send some data to the browser from time to time (for instance
page 1, page 2... with flush() to force the output). When the document is finished, you can send
a redirection on it with JavaScript or create a link.
<BR>
Remark: even when the browser goes in time-out, the script may continue to run on the server.
<P><A NAME='17'></A><B>17.</B> <FONT CLASS='st'>Can I modify a PDF with FPDF?</FONT></P>
No.
<P><A NAME='18'></A><B>18.</B> <FONT CLASS='st'>I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?</FONT></P>
No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
a PDF. It is provided with the Xpdf package:<BR>
<BR>
<A HREF="http://www.foolabs.com/xpdf/" TARGET="_blank">http://www.foolabs.com/xpdf/</A>
<P><A NAME='19'></A><B>19.</B> <FONT CLASS='st'>Can I convert an HTML page to PDF with FPDF?</FONT></P>
No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:<BR>
<BR>
<A HREF="http://www.easysw.com/htmldoc/" TARGET="_blank">http://www.easysw.com/htmldoc/</A>
<P><A NAME='20'></A><B>20.</B> <FONT CLASS='st'>Can I concatenate PDF files with FPDF?</FONT></P>
No. But a free C utility exists to perform this task:<BR>
<BR>
<A HREF="http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html" TARGET="_blank">http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html</A>
</BODY>
</HTML>

28
lam/docs/README.hosts.txt
View File

@ -1,28 +0,0 @@
The attribute "host" is only in objectclass account.
Unfortunatly "account" conflicts with
"inetorgperson". so there's no perfect way to use
both.
In order to get attribute host working you have to
modify schema/inetorgperson and include host:
# inetOrgPerson
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 $ host )
)

122
lam/docs/README.lamdaemon.txt
View File

@ -1,122 +0,0 @@
This document describes the installation of lamdaemon which is responsible
for managing quotas and creating home directories.
Setting up lamdaemon:
=====================
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
If you want wo use it you have to set up some things to get it to work:
1. Setup values in LDAP Account Manager
=======================================
* Set the remote or local host in the configuration
(e.g. 127.0.0.1)
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
If you installed a Debian or RPM package then the script may be located at
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
* Your LAM admin user must be a valid Unix account. It needs to have the object class
"posixAccount" and an attribute "uid". This account must be accepted by the
SSH daemon of your home directory server.
Do not create a second local account but change your system to accept LDAP users.
You can use LAM to add the Unix account part to your admin user.
2. Setup sudo
=============
The perl script has to run as root. Therefore we need
a wrapper, sudo.
Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:
$admin All= NOPASSWD: $path
$admin is the admin user from LAM (must be a valid Unix account)
and $path is the path to lamdaemon.pl
e.g.: myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
You might need to run the sudo command once manually to init sudo.
3. Setup Perl
==============
We need an extra Perl module - Quota
To install it, run:
perl -MCPAN -e shell
install Quota
If your Perl executable is not located in /usr/bin/perl you will have to edit
the path in the first line of lamdaemon.pl.
If you have problems compiling the Perl modules try installing a newer release
of your GCC compiler and the "make" application.
Several Linux distributions already include a quota package for Perl.
4. Install libssh2
==================
4.1 Install libssh2
You can get libssh2 here: http://www.libssh2.org
Unpack the package and install it by executing the commands
"./configure", "make" and "make install" in the extracted directory.
4.2 Install SSH2 for PHP
The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install
the PHP Pear package (e.g. php-pear or php5-pear) for your distribution.
If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2
After installing the PHP module please add this line to your php.ini:
extension=ssh2.so
5. Set up SSH
=============
Your SSH daemon must offer the password authentication method.
To activate it just use this configuration option in /etc/ssh/sshd_config:
PasswordAuthentication yes
Now everything should work fine.
6. Troubleshooting
======================
- There is a test page for lamdaemon:
Login to LAM and open Tools -> Tests -> Lamdaemon test
- If you get garbage characters at the test page then PHP and your php5-ssh2 library may not
fit together. Try recompiling the library and libssh2.
This combination was tested successfully: libssh2 0.13 with php5-ssh2 0.10
php5-ssh2 0.11 should have no problems with recent libssh2 releases.
- Check /var/log/auth.log or the equivalent on your system
This file contains messages about all logins. If the ssh login
failed then you will find a description about the reason here.
- Set sshd in debug mode
In /etc/ssh/sshd_conf add these lines:
SyslogFacility AUTH
LogLevel DEBUG3
Now check /var/log/syslog for messages from sshd.
- Update Openssh
A Suse Linux user reported that upgrading Openssh solved the problem.

18
lam/docs/README.openldap.txt
View File

@ -1,18 +0,0 @@
Some basic hints to configure the OpenLDAP server:
SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts
change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values.
INDICES: Indices will improve the performance when searching for entries in the LDAP directory.
The following indices are recommended:
index objectClass eq
index default sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index cn,sn,uid,displayName pres,sub,eq
# Samba 3.x
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

86
lam/docs/README.schema.txt
View File

@ -1,86 +0,0 @@
Here is a list of needed LDAP schema files for the different LAM modules.
For OpenLDAP we also provide a source where you can get the files.
1. Unix accounts (modules posixAccount/shadowAccount/posixGroup)
Schema: nis.schema, rfc2307bis.schema
Source: Part of OpenLDAP installation
The rfc2307bis.schema is only supported by LAM Pro. Use the nis.schema
if you do not want to upgrade to LAM Pro.
2. Address book entries (module inetOrgPerson)
Schema: inetorgperson.schema
Source: Part of OpenLDAP installation
3. Samba 3 accounts (modules sambaSamAccount)
Schema: samba.schema
Source: Part of Samba tarball (examples/LDAP/samba.schema)
4. Quota (module quota)
Schema: none
5. Kolab 2 users (module kolabUser)
Schema: kolab2.schema, rfc2739.schema
Source: Part of Kolab 2 installation
6. Mail routing (module inetLocalMailRecipient)
Schema: misc.schema
Source: Part of OpenLDAP installation
7. Mail aliases (module nisMailAlias)
Schema: misc.schema
Source: Part of OpenLDAP installation
8. MAC addresses (module ieee802device)
Schema: nis.schema
Source: Part of OpenLDAP installation
9. Simple Accounts (module account)
Schema: cosine.schema
Source: Part of OpenLDAP installation
10. SSH public keys (module ldapPublicKey)
Schema: openssh-lpk.schema
Source: Included in patch from http://code.google.com/p/openssh-lpk/
11. Group of (unique) names (modules groupOfNames/groupOfUniqueNames)
These modules are only available in LAM Pro.
Schema: core.schema
Source: Part of OpenLDAP installation
12. phpGroupWare (modules phpGroupwareUser, phpGroupwareGroup)
Schema: phpgroupware.schema
Source: http://www.phpgroupware.org/
13. DHCP (modules dhcp_settings, ddns, fixed_ip, range)
Schema: dhcp.schema
Source: docs/schema/dhcp.schema
The LDAP suffix should be set to your dhcpServer entry.

76
lam/docs/README.security.txt
View File

@ -1,76 +0,0 @@
1. Use of SSL
The data which is transfered between you and LAM is very sensitive.
Please always use SSL encrypted connections between LAM and your browser to
protect yourself against network sniffers.
2. LDAP with SSL and TLS
SSL will be used if you use ldaps://servername in your configuration profile.
TLS can be activated with the "Activate TLS" option.
You will need to setup ldap.conf to trust your server certificate. Some installations
use /etc/ldap.conf and some use /etc/ldap/ldap.conf. It is a good idea to symlink
/etc/ldap.conf to /etc/ldap/ldap.conf.
Specify the server CA certificate with the following option:
TLS_CACERT /etc/ldap/ca/myCA/cacert.pem
This needs to be the public part of the signing certificate authority. See "man ldap.conf"
for additional options.
3. Chrooted servers
If your server is chrooted and you have no access to /dev/random or /dev/urandom
this can be a security risk. LAM stores your LDAP password encrypted in the session.
LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible.
Therefore the key can be easily guessed.
An attaker needs read access to the session file (e.g. by another Apache instance) to
exploit this.
4. Protection of your LDAP password and directory contents
You have to install the MCrypt extension for PHP to enable encryption.
Your LDAP password is stored encrypted in the session file. The key and IV to decrypt
it are stored in two cookies. We use MCrypt/AES to encrypt the password.
All data that was read from LDAP and needs to be stored in the session file is also
encrypted.
5. Apache configuration
LAM includes several .htaccess files to protect your configuration files and temporary
data. Apache is often configured to not use .htaccess files by default.
Therefore, please check your Apache configuration and change the override setting to:
AllowOverride All
If you are experienced in configuring Apache then you can also copy the security settings
from the .htaccess files to your main Apache configuration.
If possible, you should not rely on .htaccess files but also move the config and sess
directory to a place outside of your WWW root. You can put a symbolic link in the LAM
directory so that LAM finds the configuration/session files.
Security sensitive directories:
config: Contains your LAM configuration and account profiles
- LAM configuration clear text passwords
- default values for new accounts
- directory must be accessibly by Apache but needs not to be accessible by the browser
sess: PHP session files
- LAM admin password in clear text or MCrypt encrypted
- cached LDAP entries in clear text or MCrypt encrypted
- directory must be accessibly by Apache but needs not to be accessible by the browser
tmp: temporary files
- PDF documents which may also include passwords
- images of your users
- directory contents must be accessible by browser but directory itself must not be browseable

84
lam/docs/README.upgrade.txt
View File

@ -1,84 +0,0 @@
Upgrade instructions:
=====================
1. Migrating configuration files
================================
LAM stores all configuration files in the "config" folder. Please backup the
following files and copy them after the new version is installed.
* config/*.conf
* config/config.cfg
* config/pdf/*.xml
* config/profiles/*.xml
LAM Pro only:
* config/selfService/*.*
* config/passwordMailTemplate.txt
Please check also the version specific instructions. They might include
additional actions.
2. Version specific upgrade instructions
========================================
2.2.0 -> 2.3.0
==============
LAM Pro: There is now a separate account type for group of (unique) names.
Please edit your server profiles to activate the new account type.
1.1.0 -> 2.2.0
==============
No changes.
1.0.4 -> 1.1.0:
===============
If you use the lamdaemon.pl script to manage quotas and home directories please
read docs/README.lamdaemon.txt.
0.5.x -> 1.0.0:
===============
The architecture of LAM changed again.
Please enter the LAM configuration editor and edit your existing profiles.
You can now select which account lists should be displayed by selecting
the active account types ("Edit account types"). The settings for the LDAP
suffixes and the list attributes also moved on this page.
After saving all configuration profiles you can login to LAM. The Samba domain
editor under "Tools" no longer exists. This is now an account type just like
users or groups. The NIS mail aliases have their own account list, too.
0.4.x -> 0.5.0:
===============
There were some major changes since 0.4.x.
First enter the LAM configuration editor and check if all settings are correct. Since
LAM now supports a plugin architecture for all accounts you can select the needed
modules. Click on "Edit modules" and select which account types you want to manage.
Depending on which modules you selected there might be more configuration options.
Now save your settings and login to LAM. You will have to recreate all your account
profiles because the format changed. The profile editor can be found on the tools
page ("Tools" in the upper left corner).
The tools page also includes the new flexible file upload and the PDF editor.
You can specify yourself which attributes should show up in the PDF files. There
are also different PDF profiles possible.