From 82c579e56eb53ce821d1f06c39192c8ced633038 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 5 Nov 2016 12:13:14 +0100 Subject: [PATCH] docs update --- lam/docs/manual-sources/howto.xml | 921 +++++++++++++++--------------- 1 file changed, 472 insertions(+), 449 deletions(-) diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml index e37a33b1..a31059d8 100644 --- a/lam/docs/manual-sources/howto.xml +++ b/lam/docs/manual-sources/howto.xml @@ -2071,142 +2071,245 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; -
- PPolicy: Notify users about password expiration +
+ PPolicy: Notify users about password expiration - This will send your users an email reminder before their - password expires. + This will send your users an email reminder before their + password expires. - You need to activate the PPolicy module for users to be able - to add this job. The job can be added multiple times (e.g. to send a - second warning at a later time). + You need to activate the PPolicy module for users to be able + to add this job. The job can be added multiple times (e.g. to send + a second warning at a later time). - LAM calculates the expiration date based on the last password - change and the assigned password policy (or the default policy) - using attributes pwdMaxAge and pwdExpireWarning. + LAM calculates the expiration date based on the last + password change and the assigned password policy (or the default + policy) using attributes pwdMaxAge and pwdExpireWarning. - Examples: + Examples: - Warning time (pwdExpireWarning) = 14 days, notification period - = 10: LAM will send out the email 24 days before the password - expires + Warning time (pwdExpireWarning) = 14 days, notification + period = 10: LAM will send out the email 24 days before the + password expires - Warning time (pwdExpireWarning) = 14 days, notification period - = 0: LAM will send out the email 14 days before the password - expires + Warning time (pwdExpireWarning) = 14 days, notification + period = 0: LAM will send out the email 14 days before the + password expires - No warning time (pwdExpireWarning), notification period = 10: - LAM will send out the email 10 days before the password - expires + No warning time (pwdExpireWarning), notification period = + 10: LAM will send out the email 10 days before the password + expires - - - - - - - + + + + + + + - - Options +
+ Options - - - - Option + + + + Option - Description - + Description + - - From address + + From address - The email address to set as FROM. - + The email address to set as FROM. + - - Reply-to address + + Reply-to address - Optional Reply-to address for email. - + Optional Reply-to address for email. + - - CC address + + CC address - Optional CC mail address. - + Optional CC mail address. + - - BCC address + + BCC address - Optional BCC mail address. - + Optional BCC mail address. + - - Subject + + Subject - The email subject line. Supports wildcards, see - below. - + The email subject line. Supports wildcards, see + below. + - - Text + + Text - The email body text. Supports wildcards, see - below. - + The email body text. Supports wildcards, see + below. + - - Notification period + + Notification period - Number of days to notify before password - expires. - + Number of days to notify before password + expires. + - - Default password policy + + Default password policy - Default PPolicy password policy entry (object class - "pwdPolicy"). - - - -
+ Default PPolicy password policy entry (object class + "pwdPolicy"). + + + + - Wildcards: + Wildcards: - You can enter LDAP attributes as wildcards in the form - @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". - For the common name it would be "@@cn@@". + You can enter LDAP attributes as wildcards in the form + @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use + "@@cn@@". For the common name it would be "@@cn@@". - There are also two special wildcards for the expiration date. - @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". - @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. - "2016-12-31". -
+ There are also two special wildcards for the expiration + date. @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. + "31.12.2016". @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. + "2016-12-31". +
-
- 389ds: Notify users about password expiration +
+ 389ds: Notify users about password expiration - This will send your users an email reminder before their - password expires. + This will send your users an email reminder before their + password expires. - You need to activate the Account Locking module for users to - be able to add this job. The job can be added multiple times (e.g. - to send a second warning at a later time). + You need to activate the Account Locking module for users to + be able to add this job. The job can be added multiple times (e.g. + to send a second warning at a later time). - LAM calculates the expiration date based on the attribute - passwordExpirationTime. + LAM calculates the expiration date based on the attribute + passwordExpirationTime. - - - - - - - + + + + + + + - +
+ Options + + + + + Option + + Description + + + + From address + + The email address to set as FROM. + + + + Reply-to address + + Optional Reply-to address for email. + + + + CC address + + Optional CC mail address. + + + + BCC address + + Optional BCC mail address. + + + + Subject + + The email subject line. Supports wildcards, see + below. + + + + Text + + The email body text. Supports wildcards, see + below. + + + + Notification period + + Number of days to notify before password + expires. + + + +
+ + Wildcards: + + You can enter LDAP attributes as wildcards in the form + @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use + "@@cn@@". For the common name it would be "@@cn@@". + + There are also two special wildcards for the expiration + date. @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. + "31.12.2016". @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. + "2016-12-31". +
+ +
+ Shadow: Notify users about password expiration + + This will send your users an email reminder before their + password expires. + + You need to activate the Shadow module for users to be able + to add this job. The job can be added multiple times (e.g. to send + a second warning at a later time). + + LAM calculates the expiration date based on the last + password change, the password warning time (attribute + "shadowWarning") and the specified notification period. + + Examples: + + Warning time = 14, notification period = 10: LAM will send + out the email 24 days before the password expires + + Warning time = 14, notification period = 0: LAM will send + out the email 14 days before the password expires + + + + + + + + + + Options @@ -2264,407 +2367,313 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; -
+ - Wildcards: + Wildcards: - You can enter LDAP attributes as wildcards in the form - @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". - For the common name it would be "@@cn@@". + You can enter LDAP attributes as wildcards in the form + @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use + "@@cn@@". For the common name it would be "@@cn@@". - There are also two special wildcards for the expiration date. - @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". - @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. - "2016-12-31". -
+ There are also two special wildcards for the expiration + date. @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. + "31.12.2016". @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. + "2016-12-31". +
-
- Shadow: Notify users about password expiration +
+ Shadow: Delete or move expired accounts - This will send your users an email reminder before their - password expires. + You can automatically delete or move expired accounts. The + job checks Shadow account expiration dates (not password + expiration dates). - You need to activate the Shadow module for users to be able to - add this job. The job can be added multiple times (e.g. to send a - second warning at a later time). + + + + + + + - LAM calculates the expiration date based on the last password - change, the password warning time (attribute "shadowWarning") and - the specified notification period. + + Options - Examples: + + + + Option - Warning time = 14, notification period = 10: LAM will send out - the email 24 days before the password expires + Description + - Warning time = 14, notification period = 0: LAM will send out - the email 14 days before the password expires + + Delay - - - - - - - + Number of days to wait after the account is + expired. + -
- Options + + Action - - - - Option + Delete or move accounts + - Description - + + Target DN - - From address + Move only: specifies the DN where accounts are + moved + + + +
+
- The email address to set as FROM. - +
+ Windows: Notify users about password expiration - - Reply-to address + This will send your users an email reminder before their + password expires. - Optional Reply-to address for email. - + You need to activate the Windows module for users to be able + to add this job. The job can be added multiple times (e.g. to send + a second warning at a later time). - - CC address + LAM calculates the expiration date based on the last + password change and the domain policy. - Optional CC mail address. - + + + + + + + - - BCC address + + Options - Optional BCC mail address. - + + + + Option - - Subject + Description + - The email subject line. Supports wildcards, see - below. - + + From address - - Text + The email address to set as FROM. + - The email body text. Supports wildcards, see - below. - + + Reply-to address - - Notification period + Optional Reply-to address for email. + - Number of days to notify before password - expires. - - - -
+ + CC address - Wildcards: + Optional CC mail address. + - You can enter LDAP attributes as wildcards in the form - @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". - For the common name it would be "@@cn@@". + + BCC address - There are also two special wildcards for the expiration date. - @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". - @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. - "2016-12-31". -
+ Optional BCC mail address. + -
- Shadow: Delete or move expired accounts + + Subject - You can automatically delete or move expired accounts. The job - checks Shadow account expiration dates (not password expiration - dates). + The email subject line. Supports wildcards, see + below. + - - - - - - - + + Text - - Options + The email body text. Supports wildcards, see + below. + - - - - Option + + Notification period - Description - + Number of days to notify before password + expires. + + + +
- - Delay + Wildcards: - Number of days to wait after the account is - expired. - + You can enter LDAP attributes as wildcards in the form + @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use + "@@cn@@". For the common name it would be "@@cn@@". - - Action + There are also two special wildcards for the expiration + date. @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. + "31.12.2016". @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. + "2016-12-31". +
- Delete or move accounts - +
+ Windows: Delete or move expired accounts - - Target DN + You can automatically delete or move expired + accounts. - Move only: specifies the DN where accounts are - moved - - - - -
+ + + + + + + -
- Windows: Notify users about password expiration + + Options - This will send your users an email reminder before their - password expires. + + + + Option - You need to activate the Windows module for users to be able - to add this job. The job can be added multiple times (e.g. to send a - second warning at a later time). + Description + - LAM calculates the expiration date based on the last password - change and the domain policy. + + Delay - - - - - - - + Number of days to wait after the account is + expired. + -
- Options + + Action - - - - Option + Delete or move accounts + - Description - + + Target DN - - From address - - The email address to set as FROM. - - - - Reply-to address - - Optional Reply-to address for email. - - - - CC address - - Optional CC mail address. - - - - BCC address - - Optional BCC mail address. - - - - Subject - - The email subject line. Supports wildcards, see - below. - - - - Text - - The email body text. Supports wildcards, see - below. - - - - Notification period - - Number of days to notify before password - expires. - - - -
- - Wildcards: - - You can enter LDAP attributes as wildcards in the form - @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". - For the common name it would be "@@cn@@". - - There are also two special wildcards for the expiration date. - @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". - @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. - "2016-12-31". -
- -
- Windows: Delete or move expired accounts - - You can automatically delete or move expired accounts. - - - - - - - - - - - Options - - - - - Option - - Description - - - - Delay - - Number of days to wait after the account is - expired. - - - - Action - - Delete or move accounts - - - - Target DN - - Move only: specifies the DN where accounts are - moved - - - -
-
- -
- FreeRadius: Delete or move expired accounts - - You can automatically delete or move expired accounts. - - - - - - - - - - - Options - - - - - Option - - Description - - - - Delay - - Number of days to wait after the account is - expired. - - - - Action - - Delete or move accounts - - - - Target DN - - Move only: specifies the DN where accounts are - moved - - - -
-
- -
- Qmail: Delete or move expired accounts - - You can automatically delete or move expired accounts. The job - reads the qmail deletion date of user accounts. - - - - - - - - - - - Options - - - - - Option - - Description - - - - Delay - - Number of days to wait after the account is - expired. - - - - Action - - Delete or move accounts - - - - Target DN - - Move only: specifies the DN where accounts are - moved - - - -
-
+ Move only: specifies the DN where accounts are + moved + + + + +
+ +
+ FreeRadius: Delete or move expired accounts + + You can automatically delete or move expired + accounts. + + + + + + + + + + + Options + + + + + Option + + Description + + + + Delay + + Number of days to wait after the account is + expired. + + + + Action + + Delete or move accounts + + + + Target DN + + Move only: specifies the DN where accounts are + moved + + + +
+
+ +
+ Qmail: Delete or move expired accounts + + You can automatically delete or move expired accounts. The + job reads the qmail deletion date of user accounts. + + + + + + + + + + + Options + + + + + Option + + Description + + + + Delay + + Number of days to wait after the account is + expired. + + + + Action + + Delete or move accounts + + + + Target DN + + Move only: specifies the DN where accounts are + moved + + + +
+
@@ -7351,6 +7360,20 @@ OK (10 msec) cleartext answer to security question + + $INFO.389lockingStatusChange$: for 389ds + account locking, provides information if account was unlocked. + Possible values: unchanged, unlocked + + + + $INFO.389deactivationStatusChange$: for 389ds + account locking, provides information if account was deactivated. + Possible values: unchanged, activated, deactivated + + $NEW.<attribute>$: the value of a new attribute (e.g. $NEW.telephoneNumber$) for modified