diff --git a/lam/HISTORY b/lam/HISTORY
index d1b6177f..3e3624f1 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,7 +2,7 @@ June 2016 5.4
- Unix: support magic numbers for UIDs/GIDs (e.g. 389 server DNA plugin)
- Samba 3: support for Samba password history (RFE 133)
- LAM Pro:
- -> New module for 389ds unlocking and deactivation status
+ -> New module for 389ds unlocking and account (de)activation
-> Self registration: support for Google reCAPTCHA
-> Password notification jobs support CC and BCC
-> Self Service: Samba 3 supports password history and minimum age check
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 391f6d1b..32cd1db7 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -3710,6 +3710,17 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
server profile and activate the "Password policy" module for the user
type.
+
+
+
+
+
+
+
+
+ You can select the password policy and force a password change
+ on next login. Accounts can also be (un)locked.
+
@@ -3729,6 +3740,58 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
Otherwise, it will have no effect.
+
+ Locking status for 389ds (LAM Pro)
+
+ This module allows you to display if users are locked by 389ds
+ server. You can also (de)activate users.
+
+ Requirements: 389ds LDAP server
+
+ Configuration
+
+ Please add the user module "Locking status
+ (locking389ds)".
+
+
+
+
+
+
+
+
+
+ This will show the number of failed login attempts and till when
+ the user is locked by the system.
+
+ The limit of failed login attempts and lockout duration is
+ configured on your server and not within LAM.
+
+
+
+
+
+
+
+
+
+ You can unlock the user by clicking on the lock icon.
+
+ Here you can also (de)activate the account.
+
+ Note: Accounts are only locked by the LDAP server due to failed
+ password attempts. You cannot manually lock an account. Deactivate it
+ in case you want to disable login for a user.
+
+
+
+
+
+
+
+
+
+
FreeRadius
diff --git a/lam/docs/manual-sources/images/mod_389dsLocking1.png b/lam/docs/manual-sources/images/mod_389dsLocking1.png
new file mode 100644
index 00000000..b6ca5c5c
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_389dsLocking1.png differ
diff --git a/lam/docs/manual-sources/images/mod_389dsLocking2.png b/lam/docs/manual-sources/images/mod_389dsLocking2.png
new file mode 100644
index 00000000..fd1d16ba
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_389dsLocking2.png differ
diff --git a/lam/docs/manual-sources/images/mod_389dsLocking3.png b/lam/docs/manual-sources/images/mod_389dsLocking3.png
new file mode 100644
index 00000000..fc862a4d
Binary files /dev/null and b/lam/docs/manual-sources/images/mod_389dsLocking3.png differ
diff --git a/lam/docs/manual-sources/images/ppolicyUser2.png b/lam/docs/manual-sources/images/ppolicyUser2.png
new file mode 100644
index 00000000..d8819ee2
Binary files /dev/null and b/lam/docs/manual-sources/images/ppolicyUser2.png differ
diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc
index 1a61c282..0fbd9552 100644
--- a/lam/lib/types/user.inc
+++ b/lam/lib/types/user.inc
@@ -227,10 +227,10 @@ class user extends baseType {
$is389dsAvailable = ($container->getAccountModule('locking389ds') != null);
$is389dsLocked = $is389dsAvailable && $container->getAccountModule('locking389ds')->isLocked();
$is389dsDeactivated = $is389dsAvailable && $container->getAccountModule('locking389ds')->isDeactivated();
- if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsDeactivated && !$is389dsLocked) {
+ if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsAvailable) {
return '';
}
- $isEditable = checkIfWriteAccessIsAllowed('user') && ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsLocked);
+ $isEditable = checkIfWriteAccessIsAllowed('user') && ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsAvailable);
// get locking status
$unixLocked = false;
if ($unixAvailable && $container->getAccountModule('posixAccount')->isLocked()) {
@@ -300,8 +300,10 @@ class user extends baseType {
$statusTable .= '