diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index e69c8d8e..9f1c9041 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -1854,6 +1854,34 @@ Have fun!
+
+ Authorized services
+
+ You can setup PAM to check if a user is allowed to run a
+ specific service (e.g. sshd) by reading the LDAP attribute
+ "authorizedService". This way you can manage all allowed services via
+ LAM.
+
+
+
+ To activate this PAM feature please setup your /etc/libnss-ldap.conf and set
+ "pam_check_service_attr" to "yes".
+
+
+
+ Inside LAM you can now set the allowed services. You may also
+ setup default services in your account profiles.
+
+
+
+
+
+
+
+
+
+
IMAP mailboxes
@@ -2335,7 +2363,7 @@ Have fun!
ldap_user_sendas_relation_attribute = uid
-
+
@@ -3714,6 +3742,24 @@ Have fun!
Pro.
+
+
+
+
+
+
+
+ Authorized services
+
+ authorizedServiceObject
+
+ ldapns.schema
+
+ Part of libpam-ldap installation
+
+
+
+
diff --git a/lam/docs/manual-sources/images/mod_authorizedServices.png b/lam/docs/manual-sources/images/mod_authorizedServices.png
new file mode 100644
index 00000000..69d3ccae
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_authorizedServices.png differ
diff --git a/lam/docs/manual-sources/images/schema_authorizedServices.png b/lam/docs/manual-sources/images/schema_authorizedServices.png
new file mode 100755
index 00000000..ea221c06
Binary files /dev/null and b/lam/docs/manual-sources/images/schema_authorizedServices.png differ