Merge remote-tracking branch 'origin/develop' into webauthn

Conflicts:
	lam/locale/de_DE/LC_MESSAGES/messages.mo
	lam/locale/de_DE/LC_MESSAGES/messages.po

lam-packaging/buildPackages

@@ -44,7 +44,7 @@ function minifyCSS {
 	echo "Minify CSS files in $dir"
 	local outFile=$dir/100_lam.${VERSION}.min.css
 	local files=`ls $dir/*.css`
-	cat $files | cleancss -o $outFile
+	cat $files | cleancss --skip-rebase -o $outFile
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile

lam-packaging/debian/changelog

@@ -1,8 +1,8 @@
-ldap-account-manager (7.0.DEV-1) unstable; urgency=medium
+ldap-account-manager (7.0.RC1-1) unstable; urgency=medium
 
   * new upstream release
 
- -- Roland Gruber <post@rolandgruber.de>  Sat, 12 Oct 2019 15:26:14 +0200
+ -- Roland Gruber <post@rolandgruber.de>  Sun, 08 Dec 2019 09:14:46 +0100
 
 ldap-account-manager (6.9-1) unstable; urgency=medium
 

lam-packaging/debian/control

@@ -2,7 +2,7 @@ Source: ldap-account-manager
 Maintainer: Roland Gruber <post@rolandgruber.de>
 Section: web
 Priority: optional
-Standards-Version: 4.4.0
+Standards-Version: 4.4.1
 Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
 Homepage: https://www.ldap-account-manager.org/
 
@@ -20,7 +20,7 @@ Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon,
 Description: webfrontend for managing accounts in an LDAP directory
  LDAP Account Manager (LAM) runs on an existing webserver.
  It manages user, group and host accounts. Currently LAM
- supports these account types: Samba 3/4, Unix, Kolab 2/3,
+ supports these account types: Samba 3/4, Unix, Kolab,
  address book entries, NIS mail aliases and MAC addresses.
  There is an integrated LDAP browser to allow access to the
  raw LDAP attributes. You can use templates

lam-packaging/debian/minify

@@ -17,7 +17,7 @@ fi
 files=`ls style/*.css`
 outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
 if [ ! -e $outFile ]; then
-	cat $files | cleancss -o ${outFile}
+	cat $files | cleancss --skip-rebase -o ${outFile}
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile

lam-packaging/docker/.env

@@ -0,0 +1,18 @@
+# domain of LDAP database root entry, will be converted to dc=...,dc=...
+LDAP_DOMAIN=my-domain.com
+# LDAP base DN to overwrite value generated by LDAP_DOMAIN
+LDAP_BASE_DN=dc=my-domain,dc=com
+# LDAP server URL
+LDAP_SERVER=ldap://ldap:389
+# LDAP admin user (set as login user for LAM)
+LDAP_USER=cn=admin,dc=my-domain,dc=com
+# LDAP admin password
+LDAP_ADMIN_PASSWORD=adminpw
+
+# LAM configuration master password and password for server profile "lam"
+LAM_PASSWORD=lam
+
+# docker-compose only, LDAP organisation name for OpenLDAP
+LDAP_ORGANISATION="LDAP Account Manager Demo"
+# docker-compose only, password for LDAP read-only user
+LDAP_READONLY_USER_PASSWORD=readonlypw

lam-packaging/docker/Dockerfile

@@ -23,34 +23,62 @@
 #
 #  Then access LAM at http://localhost:8080/
 #  You can change the port 8080 if needed.
+#  See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
 #
 
-FROM debian:stretch
-MAINTAINER Roland Gruber <post@rolandgruber.de>
+FROM debian:buster-slim
+LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
 
-ARG LAM_RELEASE=6.9
+ARG LAM_RELEASE=7.0.RC1
 
-# update OS
-RUN apt-get update \
- && apt-get upgrade -y
+ENV \
+    DEBIAN_FRONTEND=noninteractive \
+    DEBUG=''
 
-# install requirements
-RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu php-monolog
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+        apache2 \
+        ca-certificates \
+        dumb-init \
+        fonts-dejavu \
+        libapache2-mod-php \
+        php \
+        php-curl \
+        php-gd \
+        php-imagick \
+        php-ldap \
+        php-monolog \
+        php-phpseclib \
+        php-xml \
+        php-zip \
+        wget \
+    && \
+    rm /etc/apache2/sites-enabled/*default* && \
+    rm -rf /var/cache/apt /var/lib/apt/lists/*
 
 # install LAM
-RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
- && dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
+RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
+    -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
+    dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
+    rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
 
-# cleanup
-RUN apt-get autoremove -y && apt-get clean all \
- && rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
- && rm /etc/apache2/sites-enabled/*default*
+# redirect Apache logging
+RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
+# because there is no logging set in the lam vhost logging goes to other_vhost_access.log
+RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
 
 # add redirect for /
 RUN a2enmod rewrite
 RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
  && echo "RewriteRule   ^/$  /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
 
-# start Apache when container starts
-ENTRYPOINT service apache2 start && sleep infinity
+COPY start.sh /usr/local/bin/start.sh
 
+WORKDIR /var/lib/ldap-account-manager/config
+
+# start Apache when container starts
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+CMD [ "/usr/local/bin/start.sh" ]
+
+HEALTHCHECK --interval=1m --timeout=10s \
+    CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'

lam-packaging/docker/docker-compose.yml

@@ -0,0 +1,44 @@
+version: '3.5'
+services:
+  ldap-account-manager:
+    build:
+      context: .
+      args:
+       - LAM_RELEASE=7.0.RC1
+    image: ldapaccountmanager/lam:latest
+    restart: unless-stopped
+    ports:
+      - "8080:80"
+    volumes:
+      - lametc/:/etc/ldap-account-manager
+      - lamconfig/:/var/lib/ldap-account-manager/config
+      - lamsession/:/var/lib/ldap-account-manager/sess
+    environment:
+      - LAM_PASSWORD=${LAM_PASSWORD}
+      - LAM_LANG=en_US
+      - LDAP_SERVER=${LDAP_SERVER}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+      - LDAP_BASE_DN=${LDAP_BASE_DN}
+      - ADMIN_USER=cn=admin,${LDAP_BASE_DN}
+      - DEBUG=true
+  ldap:
+    image: osixia/openldap:latest
+    restart: unless-stopped
+    environment:
+      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+      - LDAP_BASE_DN=${LDAP_BASE_DN}
+      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LDAP_READONLY_USER=true
+      - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
+    command: "--loglevel info --copy-service"
+    volumes:
+      - ldap:/var/lib/ldap
+      - slapd:/etc/ldap/slapd.d
+
+volumes:
+  lametc:
+  lamconfig:
+  lamsession:
+  ldap:
+  slapd:

lam-packaging/docker/start.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+#
+#  Docker start script for LDAP Account Manager
+
+#  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+#  Copyright (C) 2019  Felix Bartels
+
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+[ "$DEBUG" ] && set -x
+
+LAM_LANG="${LAM_LANG:-en_US}"
+export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
+LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
+LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
+LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
+LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
+LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
+
+sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
+	s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
+EOF
+unset LAM_PASSWORD
+
+sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
+	s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
+	s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
+	s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
+	s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
+	s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
+	s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
+	s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
+EOF
+
+echo "Starting Apache"
+rm -f /run/apache2/apache2.pid
+set +u
+# shellcheck disable=SC1091
+source /etc/apache2/envvars
+exec /usr/sbin/apache2 -DFOREGROUND

lam/HISTORY

@@ -3,10 +3,14 @@ December 2019 7.0
   - Lamdaemon can be configured with directory prefix for homedirs
   - Account list filters match on substrings instead of whole value
   - YubiKey: support to configure multiple verification servers
+  - Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
+    Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
+  - Docker updates
   - Fixed bugs:
    -> Missing CSS for Duo
    -> Editing of DNs with comma on Windows (210)
 
+
 29.09.2019 6.9
   - Group account types can show member+owner count in list view
   - 2-factor authentication:

lam/README

@@ -5,13 +5,10 @@ LAM - Readme
   LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
   directory. LAM runs on any webserver with PHP5 support and connects to your
   LDAP server unencrypted or via SSL/TLS.
-  Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
+  Currently LAM supports these account types: Samba 3/4, Unix, Kolab,
   address book entries, NIS mail aliases and MAC addresses. There is a tree
   viewer included to allow access to the raw LDAP attributes. You can use
   templates for account creation and use multiple configuration profiles.
-  LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
-  Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
-  Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
 
   https://www.ldap-account-manager.org/
 

lam/VERSION

@@ -1 +1 @@
-7.0.DEV
+7.0.RC1

lam/config/language

@@ -6,10 +6,10 @@
 # the second is the character encoding and the third the language name.
 
 # Catalan
-ca_ES.utf8:UTF-8:Català (Catalunya)
+# ca_ES.utf8:UTF-8:Català (Catalunya)
 
 # Czech
-cs_CZ.utf8:UTF-8:Čeština (Česko)
+# cs_CZ.utf8:UTF-8:Čeština (Česko)
 
 # German
 de_DE.utf8:UTF-8:Deutsch (Deutschland)
@@ -30,13 +30,13 @@ fr_FR.utf8:UTF-8:Français (France)
 it_IT.utf8:UTF-8:Italiano (Italia)
 
 # Hungarian
-hu_HU.utf8:UTF-8:Magyar (Magyarország)
+# hu_HU.utf8:UTF-8:Magyar (Magyarország)
 
 # Dutch
 nl_NL.utf8:UTF-8:Nederlands (Nederland)
 
 # Polish
-pl_PL.utf8:UTF-8:Polski (Polska)
+# pl_PL.utf8:UTF-8:Polski (Polska)
 
 # Portuguese
 pt_BR.utf8:UTF-8:Português (Brasil)
@@ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия)
 sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
 
 # Turkish
-tr_TR.utf8:UTF-8:Türkçe (Türkiye)
+# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
 
 # Ukrainian
 uk_UA.utf8:UTF-8:Українська (Україна)

lam/docs/manual-sources/chapter-installation.xml

@@ -318,6 +318,10 @@
 
       <para>You can run LAM inside Docker.</para>
 
+      <para>Possible environment variables are documented in the <ulink
+      url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
+      .env</ulink> file.</para>
+
       <para>See here:</para>
 
       <para><ulink

lam/lib/modules/posixAccount.inc

@@ -1991,6 +1991,10 @@ class posixAccount extends baseModule implements passwordService {
 				$gonSelect->setTransformSingleSelect(false);
 				$return->add($gonSelect, 12);
 			}
+			// common name
+			if ($this->manageCn($modules)) {
+				$return->add(new htmlResponsiveInputField(_('Common name'), 'posixAccount_cn', '', 'cn'), 12);
+			}
 			// home directory
 			$return->add(new htmlResponsiveInputField(_('Home directory'), 'posixAccount_homeDirectory', '/home/$user', 'homeDirectory'), 12);
 			// login shell
@@ -2026,6 +2030,10 @@ class posixAccount extends baseModule implements passwordService {
 		parent::load_profile($profile);
 		$modules = $this->getAccountContainer()->get_type()->getModules();
 		$typeId = $this->getAccountContainer()->get_type()->getId();
+		// cn
+		if ($this->manageCn($modules) && !empty($profile['posixAccount_cn'][0])) {
+			$this->attributes['cn'][0] = $profile['posixAccount_cn'][0];
+		}
 		// home directory
 		$homeDirAttr = $this->getHomedirAttrName($modules);
 		if (!empty($profile['posixAccount_homeDirectory'][0])) {

lam/lib/modules/yubiKeyUser.inc

@@ -86,7 +86,7 @@ class yubiKeyUser extends baseModule {
 		$return['help'] = array(
 			$attributeName => array(
 				"Headline" => _("YubiKey ids"), 'attr' => $attributeName,
-				"Text" => _("The YubiKey id are the first 12 letters of the key output. Simlply touch your YubiKey in an empty field to set it.")
+				"Text" => _("The YubiKey id are the first 12 letters of the key output. Simply touch your YubiKey in an empty field to set it.")
 			),
 			'keyList' => array(
 				"Headline" => _("YubiKey ids"), 'attr' => $attributeName,
@@ -102,7 +102,7 @@ class yubiKeyUser extends baseModule {
 			),
 			'whereToFind' => array(
 				"Headline" => _("YubiKey ids"),
-				"Text" => _("The YubiKey id are the first 12 letters of the key output. Simlply touch your YubiKey in an empty field to set it.")
+				"Text" => _("The YubiKey id are the first 12 letters of the key output. Simply touch your YubiKey in an empty field to set it.")
 			),
 		);
 		// upload fields

lam/lib/status.inc

@@ -1,10 +1,9 @@
 <?php
 /*
-$Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Michael Duergner
-                2011 - 2013  Roland Gruber
+                2011 - 2019  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -72,18 +71,11 @@ function StatusMessage($MessageTyp,$MessageHeadline,$MessageText='',$MessageVari
 	$MessageHeadline = parseMessageString($MessageHeadline);
 	$MessageText = parseMessageString($MessageText);
 
-	if (is_file("../graphics/error.png")) {
-		$MessageTyp = "<img class=\"margin5\" src=\"../graphics/" . strtolower($MessageTyp) . ".png\" alt=\"" . $MessageTyp . "\" width=\"24\" height=\"24\">";
-	}
-	else {
-		$MessageTyp = "<img class=\"margin5\" src=\"../../graphics/" . strtolower($MessageTyp) . ".png\" alt=\"" . $MessageTyp . "\" width=\"24\" height=\"24\">";
-	}
-
 	$MessageHeadline = "<div class=\"statusTitle\">" . $MessageHeadline . "</div>"; // Format $MessageHeadline
 	if ($MessageText != '') {
 		$MessageText = "<p class=\"statusText\">" . $MessageText . "</p>"; // Format $MessageText
 	}
-	$format = "<div " . $class . ">\n<table>\n<tr>\n<td>" . $MessageTyp . "</td>\n<td>" . $MessageHeadline . $MessageText . "</td>\n</tr>\n</table>\n</div>\n";
+	$format = "<div " . $class . ">\n<table>\n<tr>\n<td>" . $MessageHeadline . $MessageText . "</td>\n</tr>\n</table>\n</div>\n";
 	$output = '';
 	if (is_array($MessageVariables)) {
 		if (sizeof($MessageVariables) > 0) {

lam/locale/de_DE/LC_MESSAGES/messages.po

@@ -11,7 +11,7 @@ msgstr ""
 "Project-Id-Version: messages\n"
 "Report-Msgid-Bugs-To: post@rolandgruber.de \n"
 "POT-Creation-Date: 2004-01-14 17:45+0200\n"
-"PO-Revision-Date: 2019-12-07 12:48+0100\n"
+"PO-Revision-Date: 2019-12-07 12:58+0100\n"
 "Last-Translator: Roland Gruber <post@rolandgruber.de>\n"
 "Language-Team: German <kde-i18n-de@kde.org>\n"
 "Language: de\n"
@@ -15182,8 +15182,8 @@ msgstr "Das Unixsocket oder die Named Pipe zum Server."
 
 #: ../lib/modules/yubiKeyUser.inc:89 ../lib/modules/yubiKeyUser.inc:105
 msgid ""
-"The YubiKey id are the first 12 letters of the key output. Simlply touch "
-"your YubiKey in an empty field to set it."
+"The YubiKey id are the first 12 letters of the key output. Simply touch your "
+"YubiKey in an empty field to set it."
 msgstr ""
 "Die YubiKey-ID besteht aus den ersten 12 Ziffern der Ausgabe des Schlüssels. "
 "Berühren Sie einfach Ihren YubiKey in einem leeren Eingabefeld."