Merge remote-tracking branch 'origin/develop' into webauthn

Conflicts:
	lam/locale/de_DE/LC_MESSAGES/messages.mo
	lam/locale/de_DE/LC_MESSAGES/messages.po
This commit is contained in:
Roland Gruber 2019-12-09 20:13:09 +01:00
commit 9086f5847e
22 changed files with 6850 additions and 6571 deletions

View File

@ -44,7 +44,7 @@ function minifyCSS {
echo "Minify CSS files in $dir" echo "Minify CSS files in $dir"
local outFile=$dir/100_lam.${VERSION}.min.css local outFile=$dir/100_lam.${VERSION}.min.css
local files=`ls $dir/*.css` local files=`ls $dir/*.css`
cat $files | cleancss -o $outFile cat $files | cleancss --skip-rebase -o $outFile
rm $files rm $files
# add final new line to supress Debian warnings # add final new line to supress Debian warnings
echo "" >> $outFile echo "" >> $outFile

View File

@ -1,8 +1,8 @@
ldap-account-manager (7.0.DEV-1) unstable; urgency=medium ldap-account-manager (7.0.RC1-1) unstable; urgency=medium
* new upstream release * new upstream release
-- Roland Gruber <post@rolandgruber.de> Sat, 12 Oct 2019 15:26:14 +0200 -- Roland Gruber <post@rolandgruber.de> Sun, 08 Dec 2019 09:14:46 +0100
ldap-account-manager (6.9-1) unstable; urgency=medium ldap-account-manager (6.9-1) unstable; urgency=medium

View File

@ -2,7 +2,7 @@ Source: ldap-account-manager
Maintainer: Roland Gruber <post@rolandgruber.de> Maintainer: Roland Gruber <post@rolandgruber.de>
Section: web Section: web
Priority: optional Priority: optional
Standards-Version: 4.4.0 Standards-Version: 4.4.1
Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
Homepage: https://www.ldap-account-manager.org/ Homepage: https://www.ldap-account-manager.org/
@ -20,7 +20,7 @@ Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon,
Description: webfrontend for managing accounts in an LDAP directory Description: webfrontend for managing accounts in an LDAP directory
LDAP Account Manager (LAM) runs on an existing webserver. LDAP Account Manager (LAM) runs on an existing webserver.
It manages user, group and host accounts. Currently LAM It manages user, group and host accounts. Currently LAM
supports these account types: Samba 3/4, Unix, Kolab 2/3, supports these account types: Samba 3/4, Unix, Kolab,
address book entries, NIS mail aliases and MAC addresses. address book entries, NIS mail aliases and MAC addresses.
There is an integrated LDAP browser to allow access to the There is an integrated LDAP browser to allow access to the
raw LDAP attributes. You can use templates raw LDAP attributes. You can use templates

View File

@ -17,7 +17,7 @@ fi
files=`ls style/*.css` files=`ls style/*.css`
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
if [ ! -e $outFile ]; then if [ ! -e $outFile ]; then
cat $files | cleancss -o ${outFile} cat $files | cleancss --skip-rebase -o ${outFile}
rm $files rm $files
# add final new line to supress Debian warnings # add final new line to supress Debian warnings
echo "" >> $outFile echo "" >> $outFile

18
lam-packaging/docker/.env Normal file
View File

@ -0,0 +1,18 @@
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_BASE_DN=dc=my-domain,dc=com
# LDAP server URL
LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin,dc=my-domain,dc=com
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

View File

@ -23,34 +23,62 @@
# #
# Then access LAM at http://localhost:8080/ # Then access LAM at http://localhost:8080/
# You can change the port 8080 if needed. # You can change the port 8080 if needed.
# See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# #
FROM debian:stretch FROM debian:buster-slim
MAINTAINER Roland Gruber <post@rolandgruber.de> LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
ARG LAM_RELEASE=6.9 ARG LAM_RELEASE=7.0.RC1
# update OS ENV \
RUN apt-get update \ DEBIAN_FRONTEND=noninteractive \
&& apt-get upgrade -y DEBUG=''
# install requirements RUN apt-get update && \
RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu php-monolog apt-get install --no-install-recommends -y \
apache2 \
ca-certificates \
dumb-init \
fonts-dejavu \
libapache2-mod-php \
php \
php-curl \
php-gd \
php-imagick \
php-ldap \
php-monolog \
php-phpseclib \
php-xml \
php-zip \
wget \
&& \
rm /etc/apache2/sites-enabled/*default* && \
rm -rf /var/cache/apt /var/lib/apt/lists/*
# install LAM # install LAM
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
&& dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
# cleanup # redirect Apache logging
RUN apt-get autoremove -y && apt-get clean all \ RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
&& rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ # because there is no logging set in the lam vhost logging goes to other_vhost_access.log
&& rm /etc/apache2/sites-enabled/*default* RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
# add redirect for / # add redirect for /
RUN a2enmod rewrite RUN a2enmod rewrite
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \ RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf && echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
# start Apache when container starts COPY start.sh /usr/local/bin/start.sh
ENTRYPOINT service apache2 start && sleep infinity
WORKDIR /var/lib/ldap-account-manager/config
# start Apache when container starts
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD [ "/usr/local/bin/start.sh" ]
HEALTHCHECK --interval=1m --timeout=10s \
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'

View File

@ -0,0 +1,44 @@
version: '3.5'
services:
ldap-account-manager:
build:
context: .
args:
- LAM_RELEASE=7.0.RC1
image: ldapaccountmanager/lam:latest
restart: unless-stopped
ports:
- "8080:80"
volumes:
- lametc/:/etc/ldap-account-manager
- lamconfig/:/var/lib/ldap-account-manager/config
- lamsession/:/var/lib/ldap-account-manager/sess
environment:
- LAM_PASSWORD=${LAM_PASSWORD}
- LAM_LANG=en_US
- LDAP_SERVER=${LDAP_SERVER}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
- DEBUG=true
ldap:
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
volumes:
lametc:
lamconfig:
lamsession:
ldap:
slapd:

54
lam-packaging/docker/start.sh Executable file
View File

@ -0,0 +1,54 @@
#!/bin/bash
#
# Docker start script for LDAP Account Manager
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
# Copyright (C) 2019 Felix Bartels
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u
# shellcheck disable=SC1091
source /etc/apache2/envvars
exec /usr/sbin/apache2 -DFOREGROUND

View File

@ -3,10 +3,14 @@ December 2019 7.0
- Lamdaemon can be configured with directory prefix for homedirs - Lamdaemon can be configured with directory prefix for homedirs
- Account list filters match on substrings instead of whole value - Account list filters match on substrings instead of whole value
- YubiKey: support to configure multiple verification servers - YubiKey: support to configure multiple verification servers
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
- Docker updates
- Fixed bugs: - Fixed bugs:
-> Missing CSS for Duo -> Missing CSS for Duo
-> Editing of DNs with comma on Windows (210) -> Editing of DNs with comma on Windows (210)
29.09.2019 6.9 29.09.2019 6.9
- Group account types can show member+owner count in list view - Group account types can show member+owner count in list view
- 2-factor authentication: - 2-factor authentication:

View File

@ -5,13 +5,10 @@ LAM - Readme
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
directory. LAM runs on any webserver with PHP5 support and connects to your directory. LAM runs on any webserver with PHP5 support and connects to your
LDAP server unencrypted or via SSL/TLS. LDAP server unencrypted or via SSL/TLS.
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2, Currently LAM supports these account types: Samba 3/4, Unix, Kolab,
address book entries, NIS mail aliases and MAC addresses. There is a tree address book entries, NIS mail aliases and MAC addresses. There is a tree
viewer included to allow access to the raw LDAP attributes. You can use viewer included to allow access to the raw LDAP attributes. You can use
templates for account creation and use multiple configuration profiles. templates for account creation and use multiple configuration profiles.
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
https://www.ldap-account-manager.org/ https://www.ldap-account-manager.org/

View File

@ -1 +1 @@
7.0.DEV 7.0.RC1

View File

@ -6,10 +6,10 @@
# the second is the character encoding and the third the language name. # the second is the character encoding and the third the language name.
# Catalan # Catalan
ca_ES.utf8:UTF-8:Català (Catalunya) # ca_ES.utf8:UTF-8:Català (Catalunya)
# Czech # Czech
cs_CZ.utf8:UTF-8:Čeština (Česko) # cs_CZ.utf8:UTF-8:Čeština (Česko)
# German # German
de_DE.utf8:UTF-8:Deutsch (Deutschland) de_DE.utf8:UTF-8:Deutsch (Deutschland)
@ -30,13 +30,13 @@ fr_FR.utf8:UTF-8:Français (France)
it_IT.utf8:UTF-8:Italiano (Italia) it_IT.utf8:UTF-8:Italiano (Italia)
# Hungarian # Hungarian
hu_HU.utf8:UTF-8:Magyar (Magyarország) # hu_HU.utf8:UTF-8:Magyar (Magyarország)
# Dutch # Dutch
nl_NL.utf8:UTF-8:Nederlands (Nederland) nl_NL.utf8:UTF-8:Nederlands (Nederland)
# Polish # Polish
pl_PL.utf8:UTF-8:Polski (Polska) # pl_PL.utf8:UTF-8:Polski (Polska)
# Portuguese # Portuguese
pt_BR.utf8:UTF-8:Português (Brasil) pt_BR.utf8:UTF-8:Português (Brasil)
@ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия)
sk_SK.utf8:UTF-8:Slovenčina (Slovensko) sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
# Turkish # Turkish
tr_TR.utf8:UTF-8:Türkçe (Türkiye) # tr_TR.utf8:UTF-8:Türkçe (Türkiye)
# Ukrainian # Ukrainian
uk_UA.utf8:UTF-8:Українська (Україна) uk_UA.utf8:UTF-8:Українська (Україна)

View File

@ -318,6 +318,10 @@
<para>You can run LAM inside Docker.</para> <para>You can run LAM inside Docker.</para>
<para>Possible environment variables are documented in the <ulink
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
.env</ulink> file.</para>
<para>See here:</para> <para>See here:</para>
<para><ulink <para><ulink

View File

@ -1991,6 +1991,10 @@ class posixAccount extends baseModule implements passwordService {
$gonSelect->setTransformSingleSelect(false); $gonSelect->setTransformSingleSelect(false);
$return->add($gonSelect, 12); $return->add($gonSelect, 12);
} }
// common name
if ($this->manageCn($modules)) {
$return->add(new htmlResponsiveInputField(_('Common name'), 'posixAccount_cn', '', 'cn'), 12);
}
// home directory // home directory
$return->add(new htmlResponsiveInputField(_('Home directory'), 'posixAccount_homeDirectory', '/home/$user', 'homeDirectory'), 12); $return->add(new htmlResponsiveInputField(_('Home directory'), 'posixAccount_homeDirectory', '/home/$user', 'homeDirectory'), 12);
// login shell // login shell
@ -2026,6 +2030,10 @@ class posixAccount extends baseModule implements passwordService {
parent::load_profile($profile); parent::load_profile($profile);
$modules = $this->getAccountContainer()->get_type()->getModules(); $modules = $this->getAccountContainer()->get_type()->getModules();
$typeId = $this->getAccountContainer()->get_type()->getId(); $typeId = $this->getAccountContainer()->get_type()->getId();
// cn
if ($this->manageCn($modules) && !empty($profile['posixAccount_cn'][0])) {
$this->attributes['cn'][0] = $profile['posixAccount_cn'][0];
}
// home directory // home directory
$homeDirAttr = $this->getHomedirAttrName($modules); $homeDirAttr = $this->getHomedirAttrName($modules);
if (!empty($profile['posixAccount_homeDirectory'][0])) { if (!empty($profile['posixAccount_homeDirectory'][0])) {

View File

@ -86,7 +86,7 @@ class yubiKeyUser extends baseModule {
$return['help'] = array( $return['help'] = array(
$attributeName => array( $attributeName => array(
"Headline" => _("YubiKey ids"), 'attr' => $attributeName, "Headline" => _("YubiKey ids"), 'attr' => $attributeName,
"Text" => _("The YubiKey id are the first 12 letters of the key output. Simlply touch your YubiKey in an empty field to set it.") "Text" => _("The YubiKey id are the first 12 letters of the key output. Simply touch your YubiKey in an empty field to set it.")
), ),
'keyList' => array( 'keyList' => array(
"Headline" => _("YubiKey ids"), 'attr' => $attributeName, "Headline" => _("YubiKey ids"), 'attr' => $attributeName,
@ -102,7 +102,7 @@ class yubiKeyUser extends baseModule {
), ),
'whereToFind' => array( 'whereToFind' => array(
"Headline" => _("YubiKey ids"), "Headline" => _("YubiKey ids"),
"Text" => _("The YubiKey id are the first 12 letters of the key output. Simlply touch your YubiKey in an empty field to set it.") "Text" => _("The YubiKey id are the first 12 letters of the key output. Simply touch your YubiKey in an empty field to set it.")
), ),
); );
// upload fields // upload fields

View File

@ -1,10 +1,9 @@
<?php <?php
/* /*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner Copyright (C) 2003 - 2006 Michael Duergner
2011 - 2013 Roland Gruber 2011 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -72,18 +71,11 @@ function StatusMessage($MessageTyp,$MessageHeadline,$MessageText='',$MessageVari
$MessageHeadline = parseMessageString($MessageHeadline); $MessageHeadline = parseMessageString($MessageHeadline);
$MessageText = parseMessageString($MessageText); $MessageText = parseMessageString($MessageText);
if (is_file("../graphics/error.png")) {
$MessageTyp = "<img class=\"margin5\" src=\"../graphics/" . strtolower($MessageTyp) . ".png\" alt=\"" . $MessageTyp . "\" width=\"24\" height=\"24\">";
}
else {
$MessageTyp = "<img class=\"margin5\" src=\"../../graphics/" . strtolower($MessageTyp) . ".png\" alt=\"" . $MessageTyp . "\" width=\"24\" height=\"24\">";
}
$MessageHeadline = "<div class=\"statusTitle\">" . $MessageHeadline . "</div>"; // Format $MessageHeadline $MessageHeadline = "<div class=\"statusTitle\">" . $MessageHeadline . "</div>"; // Format $MessageHeadline
if ($MessageText != '') { if ($MessageText != '') {
$MessageText = "<p class=\"statusText\">" . $MessageText . "</p>"; // Format $MessageText $MessageText = "<p class=\"statusText\">" . $MessageText . "</p>"; // Format $MessageText
} }
$format = "<div " . $class . ">\n<table>\n<tr>\n<td>" . $MessageTyp . "</td>\n<td>" . $MessageHeadline . $MessageText . "</td>\n</tr>\n</table>\n</div>\n"; $format = "<div " . $class . ">\n<table>\n<tr>\n<td>" . $MessageHeadline . $MessageText . "</td>\n</tr>\n</table>\n</div>\n";
$output = ''; $output = '';
if (is_array($MessageVariables)) { if (is_array($MessageVariables)) {
if (sizeof($MessageVariables) > 0) { if (sizeof($MessageVariables) > 0) {

View File

@ -11,7 +11,7 @@ msgstr ""
"Project-Id-Version: messages\n" "Project-Id-Version: messages\n"
"Report-Msgid-Bugs-To: post@rolandgruber.de \n" "Report-Msgid-Bugs-To: post@rolandgruber.de \n"
"POT-Creation-Date: 2004-01-14 17:45+0200\n" "POT-Creation-Date: 2004-01-14 17:45+0200\n"
"PO-Revision-Date: 2019-12-07 12:48+0100\n" "PO-Revision-Date: 2019-12-07 12:58+0100\n"
"Last-Translator: Roland Gruber <post@rolandgruber.de>\n" "Last-Translator: Roland Gruber <post@rolandgruber.de>\n"
"Language-Team: German <kde-i18n-de@kde.org>\n" "Language-Team: German <kde-i18n-de@kde.org>\n"
"Language: de\n" "Language: de\n"
@ -15182,8 +15182,8 @@ msgstr "Das Unixsocket oder die Named Pipe zum Server."
#: ../lib/modules/yubiKeyUser.inc:89 ../lib/modules/yubiKeyUser.inc:105 #: ../lib/modules/yubiKeyUser.inc:89 ../lib/modules/yubiKeyUser.inc:105
msgid "" msgid ""
"The YubiKey id are the first 12 letters of the key output. Simlply touch " "The YubiKey id are the first 12 letters of the key output. Simply touch your "
"your YubiKey in an empty field to set it." "YubiKey in an empty field to set it."
msgstr "" msgstr ""
"Die YubiKey-ID besteht aus den ersten 12 Ziffern der Ausgabe des Schlüssels. " "Die YubiKey-ID besteht aus den ersten 12 Ziffern der Ausgabe des Schlüssels. "
"Berühren Sie einfach Ihren YubiKey in einem leeren Eingabefeld." "Berühren Sie einfach Ihren YubiKey in einem leeren Eingabefeld."

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff