389ds locking
This commit is contained in:
Roland Gruber
parent
f4f6b7c34c
commit
b5afb21b21
|
|
@ -2,7 +2,7 @@ June 2016 5.4
|
|||
- Unix: support magic numbers for UIDs/GIDs (e.g. 389 server DNA plugin)
|
||||
- Samba 3: support for Samba password history (RFE 133)
|
||||
- LAM Pro:
|
||||
-> New module for 389ds unlocking and deactivation status
|
||||
-> New module for 389ds unlocking and account (de)activation
|
||||
-> Self registration: support for Google reCAPTCHA
|
||||
-> Password notification jobs support CC and BCC
|
||||
-> Self Service: Samba 3 supports password history and minimum age check
|
||||
|
|
|
|||
|
|
@ -3710,6 +3710,17 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
server profile and activate the "Password policy" module for the user
|
||||
type.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/ppolicyUser2.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>You can select the password policy and force a password change
|
||||
on next login. Accounts can also be (un)locked.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
|
@ -3729,6 +3740,58 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
Otherwise, it will have no effect.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Locking status for 389ds (LAM Pro)</title>
|
||||
|
||||
<para>This module allows you to display if users are locked by 389ds
|
||||
server. You can also (de)activate users.</para>
|
||||
|
||||
<para>Requirements: 389ds LDAP server</para>
|
||||
|
||||
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||
|
||||
<para>Please add the user module "Locking status
|
||||
(locking389ds)".</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_389dsLocking1.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>This will show the number of failed login attempts and till when
|
||||
the user is locked by the system.</para>
|
||||
|
||||
<para>The limit of failed login attempts and lockout duration is
|
||||
configured on your server and not within LAM.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_389dsLocking2.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>You can unlock the user by clicking on the lock icon.</para>
|
||||
|
||||
<para>Here you can also (de)activate the account.</para>
|
||||
|
||||
<para>Note: Accounts are only locked by the LDAP server due to failed
|
||||
password attempts. You cannot manually lock an account. Deactivate it
|
||||
in case you want to disable login for a user.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_389dsLocking3.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>FreeRadius</title>
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 54 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 19 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 14 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 54 KiB |
|
|
@ -227,10 +227,10 @@ class user extends baseType {
|
|||
$is389dsAvailable = ($container->getAccountModule('locking389ds') != null);
|
||||
$is389dsLocked = $is389dsAvailable && $container->getAccountModule('locking389ds')->isLocked();
|
||||
$is389dsDeactivated = $is389dsAvailable && $container->getAccountModule('locking389ds')->isDeactivated();
|
||||
if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsDeactivated && !$is389dsLocked) {
|
||||
if (!$unixAvailable && !$sambaAvailable && !$ppolicyAvailable && !$windowsAvailable && !$is389dsAvailable) {
|
||||
return '';
|
||||
}
|
||||
$isEditable = checkIfWriteAccessIsAllowed('user') && ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsLocked);
|
||||
$isEditable = checkIfWriteAccessIsAllowed('user') && ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsAvailable);
|
||||
// get locking status
|
||||
$unixLocked = false;
|
||||
if ($unixAvailable && $container->getAccountModule('posixAccount')->isLocked()) {
|
||||
|
|
@ -300,8 +300,10 @@ class user extends baseType {
|
|||
$statusTable .= '<tr><td>' . _('Locked') . ' </td><td><img height=16 width=16 src="../../graphics/lock.png"></td></tr>';
|
||||
}
|
||||
// 389ds deactivated
|
||||
if ($is389dsDeactivated) {
|
||||
$statusTable .= '<tr><td>' . _('Deactivated') . ' </td><td><img height=16 width=16 src="../../graphics/lock.png"></td></tr>';
|
||||
if ($is389dsAvailable) {
|
||||
$text389dsActivation = $is389dsDeactivated ? _('Deactivated') : _('Active');
|
||||
$icon389dsActivation = $is389dsDeactivated ? 'lock.png' : 'unlocked.png';
|
||||
$statusTable .= '<tr><td>' . $text389dsActivation . ' </td><td><img height=16 width=16 src="../../graphics/' . $icon389dsActivation . '"></td></tr>';
|
||||
}
|
||||
$statusTable .= '</table>';
|
||||
$tipContent = $statusTable;
|
||||
|
|
|
|||
Loading…
Reference in New Issue