added password policies

2010-02-28 14:37:30 +00:00 · 2010-02-28 14:37:30 +00:00 · ae672c4d85
parent 5d11bb28fe
commit ae672c4d85
3 changed files with 69 additions and 10 deletions
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@ -118,7 +118,7 @@ Have fun!

        <para>This includes all people who need to manage their own data
        inside the LDAP directory. E.g. these people edit their contact
-        information with LAM self service (LAM Pro only).</para>
+        information with LAM self service (LAM Pro).</para>
      </listitem>
    </itemizedlist>

@ -665,7 +665,7 @@ Have fun!
    </screenshot>

    <para>Here you can change LAM's general settings, setup server profiles
-    for your LDAP server(s) and configure the self service (LAM Pro only). You
+    for your LDAP server(s) and configure the self service (LAM Pro). You
    should start with the general settings and then setup a server
    profile.</para>

@ -982,13 +982,46 @@ Have fun!
      </listitem>
    </itemizedlist>

+    <section>
+      <title>Users</title>
+
+      <para></para>
+
+      <section>
+        <title>Password policy (LAM Pro)</title>
+
+        <para>OpenLDAP supports the <ulink
+        url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay
+        to manage password policies for LDAP entries. LAM Pro supports <link
+        linkend="a_ppolicy">managing the policies</link> and assigning them to
+        user accounts.</para>
+
+        <para>Please add the account type "Password policies" to your LAM
+        server profile and activate the "Password policy" module for the user
+        type.</para>
+
+        <screenshot>
+          <mediaobject>
+            <imageobject>
+              <imagedata fileref="images/ppolicyUser.png" />
+            </imageobject>
+          </mediaobject>
+        </screenshot>
+
+        <para>You can assign any password policy which is found in the LDAP
+        suffix of the "Password policies" type. When you set the policy to
+        "default" then OpenLDAP will use the default policy as defined in your
+        slapd.conf file.</para>
+      </section>
+    </section>
+
    <section>
      <title>Groups</title>

      <para></para>

      <section>
-        <title>Unix groups with rfc2307bis schema (LAM Pro only)</title>
+        <title>Unix groups with rfc2307bis schema (LAM Pro)</title>

        <para>Some applications (e.g. Suse Linux) use the rfc2307bis schema
        for Unix accounts instead of the nis schema. In this case group
@ -1017,7 +1050,7 @@ Have fun!
      <para></para>

      <section>
-        <title>IP addresses (LAM Pro only)</title>
+        <title>IP addresses (LAM Pro)</title>

        <para>You can manage the IP addresses of host accounts with the ipHost
        module. It manages the following information:</para>
@ -1050,7 +1083,7 @@ Have fun!
    </section>

    <section>
-      <title>Group of (unique) names (LAM Pro only)</title>
+      <title>Group of (unique) names (LAM Pro)</title>

      <para>These classes can be used to represent group relations. Since they
      allow DNs as members you can also use them to represent nested groups.
@ -1091,7 +1124,7 @@ Have fun!
    </section>

    <section>
-      <title>Aliases (LAM Pro only)</title>
+      <title>Aliases (LAM Pro)</title>

      <para>Some applications use the object class "alias" to link LDAP
      entries to other parts of the LDAP tree. Activate the account type
@ -1110,7 +1143,7 @@ Have fun!
    </section>

    <section>
-      <title>NIS objects (LAM Pro only)</title>
+      <title>NIS objects (LAM Pro)</title>

      <para>You can manage NIS objects with LAM Pro. This allows you define
      network mount points in LDAP.</para>
@ -1127,8 +1160,34 @@ Have fun!
      </screenshot>
    </section>

+    <section id="a_ppolicy">
+      <title>Password policies (LAM Pro)</title>
+
+      <para>OpenLDAP supports the <ulink
+      url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay
+      to manage password policies for LDAP entries. This allows you to set
+      password policies which are independent from your applications. The
+      policies are managed internally by the LDAP server.</para>
+
+      <para>You can manage these policies with LAM Pro with the account type
+      "Password policies".</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/ppolicy.png" />
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <para>You will need to add the ppolicy schema to your OpenLDAP
+      configuration and activate the <ulink
+      url="http://linux.die.net/man/5/slapo-ppolicy">ppolicy</ulink> overlay
+      module in slapd.conf to use this feature.</para>
+    </section>
+
    <section>
-      <title>Custom scripts (LAM Pro only)</title>
+      <title>Custom scripts (LAM Pro)</title>

      <para>LAM Pro allows you to execute scripts whenever an account is
      created, modified or deleted. This can be useful to automate processes
@ -1278,7 +1337,7 @@ Have fun!
  </chapter>

  <chapter id="a_accessLevelPasswordReset">
-    <title>Access levels and password reset page (LAM Pro only)</title>
+    <title>Access levels and password reset page (LAM Pro)</title>

    <para>You can define different access levels for each profile to allow or
    disallow write access. The password reset page helps your deskside support
@ -1425,7 +1484,7 @@ Have fun!
  </chapter>

  <chapter>
-    <title>Self service (LAM Pro only)</title>
+    <title>Self service (LAM Pro)</title>

    <section>
      <title>Preparations</title>
--- a/lam/docs/manual-sources/images/ppolicy.png
+++ b/lam/docs/manual-sources/images/ppolicy.png
--- a/lam/docs/manual-sources/images/ppolicyUser.png
+++ b/lam/docs/manual-sources/images/ppolicyUser.png