diff --git a/lam/HISTORY b/lam/HISTORY
index e1daa99d..02224f01 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -9,6 +9,7 @@ March 2014 4.5
-> Separate IP restriction list for self service
-> Bind DLZ: support TXT/SRV records
-> Self Service: added language selection
+ -> Password self reset: support backup email address
-> Custom fields: support help texts
-> Support for Oracle databases (orclNetService) (RFE 104)
- fixed bugs:
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 2ed1123c..7f403091 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -724,6 +724,11 @@ Have fun!
The self service pages now have an own option for allowed IPs.
If your LAM installation uses IP restrictions please update the LAM
main configuration.
+
+ Password self reset (LAM Pro) allows to set a backup email
+ address. You need to update the LDAP
+ schema if you want to use this feature.
@@ -2384,80 +2389,8 @@ Have fun!
Schema installation
- Please install the schema that comes with LAM Pro. The schema
- files are located in:
-
-
-
- tar.bz2: docs/schema
-
-
-
- DEB: /usr/share/doc/ldap-account-manager/docs/schema
-
-
-
- RPM:
- /usr/share/doc/ldap-account-manager-{VERSION}/schema
-
-
-
-
-OpenLDAP:
-
- For a configuration with slapd.conf-file copy
- passwordSelfReset.schema to /etc/ldap/schema/ and add this line to
- slapd.conf:
-
- include /etc/ldap/schema/passwordSelfReset.schema
-
-
-
- For slapd.d configurations you need to upload the schema file
- passwordSelfReset.ldif via ldapadd command:
-
- ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f
- /daten/dev/lamPro/docs/schema/passwordSelfReset.ldif
-
- Please replace "localhost" with your LDAP server and
- "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with
- cn=admin or cn=manager).
-
-
-
-
- Samba 4:
-
- The schema files are passwordSelfReset-Samba4-attributes.ldif
- and passwordSelfReset-Samba4-objectClass.ldif.
-
- First, you need to edit them and replace "DOMAIN_TOP_DN" with
- your LDAP suffix (e.g. dc=samba4,dc=test).
-
- Then install the attribute and afterwards the object class
- schema file:
-
- ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
- ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
-
-
-
- Windows:
-
- The schema file is passwordSelfReset-Windows.ldif.
-
- First, you need to edit it and replace "DOMAIN_TOP_DN" with your
- LDAP suffix (e.g. dc=windows,dc=test).
-
- Then install the schema file as administrator on a command
- line:
-
- ldifde -v -i -f passwordSelfReset-Windows.ldif
-
-
-
- This allows to set a security question + answer for each
- account.
+ Please install the LDAP schema as described here.Activate password self reset
module
@@ -2492,6 +2425,11 @@ Have fun!
can activate/remove the password self reset function for each user.
You can also change the security question and answer.
+ If you set a backup email address then confirmation emails will
+ also be sent to this address. This is useful if the user password
+ grants access to the user's primary mailbox. So passwords can be
+ unlocked with an external email address.
+
Hint: You can add the
passwordSelfReset object class to all your users with the multi edit tool.
@@ -6739,7 +6677,7 @@ OK (10 msec)
-
+
@@ -6756,6 +6694,13 @@ OK (10 msec)
Security answer
+
+
Backup email
+
+
(External) backup email address that has no relation to user
+ password.
+
+
@@ -7114,6 +7059,11 @@ OK (10 msec)
Password self reset
+ Schema installation
+
+ Please install the LDAP schema as described here.
+
SettingsYou can allow your users to reset their passwords themselves.
@@ -7176,11 +7126,11 @@ OK (10 msec)
LAM Pro can send your users an email with a confirmation link
to validate their email address. Of course, this should only be used
if the email account is independent from the user password (e.g. at
- external provider). The mail must include the confirmation link by
- using the special wildcard "@@resetLink@@". Additionally, you may
- want to insert other wildcards that are replaced by the
- corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
- the user name.
+ external provider) or you use the backup email address feature. The
+ mail body must include the confirmation link by using the special
+ wildcard "@@resetLink@@". Additionally, you may want to insert other
+ wildcards that are replaced by the corresponding LDAP attributes.
+ E.g. "@@uid@@" will be replaced by the user name.There is also an option to skip the security question at all
if email verification is enabled. In this case the password can be
@@ -7214,9 +7164,10 @@ OK (10 msec)
New fields for self service
page
- There are two new fields that you may put on the self service
+ There are special fields that you may put on the self service
page for your users. These fields allow them to change the reset
- question and its answer.
+ question and its answer. It is also possible to set a backup email
+ address to reset passwords with an external email address.
@@ -9035,6 +8986,208 @@ OK (10 msec)
+
+ Setup password self reset schema (LAM Pro)
+
+
+ New installation
+
+ Please see here if you want to
+ upgrade an existing schema version.
+
+ Schema installation
+
+ Please install the schema that comes with LAM Pro. The schema
+ files are located in:
+
+
+
+ tar.bz2: docs/schema
+
+
+
+ DEB: /usr/share/doc/ldap-account-manager/docs/schema
+
+
+
+ RPM:
+ /usr/share/doc/ldap-account-manager-{VERSION}/schema
+
+
+
+
+
+
+ OpenLDAP with slapd.conf
+ configuration
+
+ For a configuration with slapd.conf-file copy
+ passwordSelfReset.schema to /etc/ldap/schema/ and add this line to
+ slapd.conf:
+
+ include /etc/ldap/schema/passwordSelfReset.schema
+
+
+
+ OpenLDAP with slapd.d
+ configuration
+
+ For slapd.d configurations you need to upload the schema file
+ passwordSelfReset.ldif via ldapadd command:
+
+ ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f
+ passwordSelfReset.ldif
+
+ Please replace "localhost" with your LDAP server and
+ "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with
+ cn=admin or cn=manager).
+
+
+
+
+ Samba 4
+
+ The schema files are passwordSelfReset-Samba4-attributes.ldif and
+ passwordSelfReset-Samba4-objectClass.ldif.
+
+ First, you need to edit them and replace "DOMAIN_TOP_DN" with your
+ LDAP suffix (e.g. dc=samba4,dc=test).
+
+ Then install the attribute and afterwards the object class schema
+ file:
+
+ ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+ ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
+
+
+
+ Windows
+
+ The schema file is passwordSelfReset-Windows.ldif.
+
+ First, you need to edit it and replace "DOMAIN_TOP_DN" with your
+ LDAP suffix (e.g. dc=windows,dc=test).
+
+ Then install the schema file as administrator on a command
+ line:
+
+ ldifde -v -i -f passwordSelfReset-Windows.ldif
+
+
+
+ This allows to set a security question + answer for each
+ account.
+
+
+
+ Schema update
+
+ The schema files are located in:
+
+
+
+ tar.bz2: docs/schema/updates
+
+
+
+ DEB:
+ /usr/share/doc/ldap-account-manager/docs/schema/updates
+
+
+
+ RPM:
+ /usr/share/doc/ldap-account-manager-{VERSION}/schema/updates
+
+
+
+
+
+
+ Schema versions:
+
+
+
+ Initial version (LAM Pro 3.6)
+
+
+
+ Added passwordSelfResetBackupMail (LAM Pro 4.5)
+
+
+
+
+
+
+ OpenLDAP with slapd.conf
+ configuration
+
+ Install the schema file like a new install (skip
+ modification of slapd.conf file).
+
+
+
+
+ OpenLDAP with slapd.d
+ configuration
+
+ The upgrade requires to stop the LDAP server.
+
+ Steps:
+
+
+
+ Stop OpenLDAP with e.g. "/etc/init.d/slapd stop"
+
+
+
+ Delete the old schema file. It is located in e.g.
+ "/etc/ldap/slapd.d/cn=config/cn=schema" and called
+ "cn={XX}passwordselfreset.ldif" (XX can be any number)
+
+
+
+ Start OpenLDAP with e.g. "/etc/init.d/slapd start"
+
+
+
+ Install the schema file like a new install
+
+
+
+
+
+
+ Samba 4
+
+ Install the these update files by following the install
+ instructions in the file:
+
+
+
+ samba4_version_1_to_2_attributes.ldif
+
+
+
+ samba4_version_1_to_2_objectClass.ldif
+
+
+
+ Please note that attributes file needs to be installed
+ first.
+
+
+
+
+ Windows
+
+ Install the file "windows_version_1_to_2.ldif" by following the
+ install instructions in the file.
+
+
+
Adapt LAM to your corporate design
diff --git a/lam/docs/manual-sources/images/passwordSelfReset2.png b/lam/docs/manual-sources/images/passwordSelfReset2.png
index 14a3f0bc..3bcc9f5a 100644
Binary files a/lam/docs/manual-sources/images/passwordSelfReset2.png and b/lam/docs/manual-sources/images/passwordSelfReset2.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset3.png b/lam/docs/manual-sources/images/passwordSelfReset3.png
index 3bd4fe3d..1b5adde3 100644
Binary files a/lam/docs/manual-sources/images/passwordSelfReset3.png and b/lam/docs/manual-sources/images/passwordSelfReset3.png differ
diff --git a/lam/docs/manual-sources/images/passwordSelfReset9.png b/lam/docs/manual-sources/images/passwordSelfReset9.png
index 8f2c9677..2f847661 100644
Binary files a/lam/docs/manual-sources/images/passwordSelfReset9.png and b/lam/docs/manual-sources/images/passwordSelfReset9.png differ