diff --git a/lam-web/documentation/LAMPro-HowTo/ch01.html b/lam-web/documentation/LAMPro-HowTo/ch01.html index 749fa33a..a5d40088 100644 --- a/lam-web/documentation/LAMPro-HowTo/ch01.html +++ b/lam-web/documentation/LAMPro-HowTo/ch01.html @@ -1,10 +1,10 @@ -
Table of Contents
By default only a few administrative users have write access to +
Table of Contents
By default only a few administrative users have write access to the LDAP database. Before your users may change their settings you must allow them to change their LDAP data.
This can be done by adding an ACL to your slapd.conf which looks like this:
access to
attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,password
by self write
If you do not want them to change all attributes then reduce the list to fit your needs. Some modules may require additional LDAP attributes.
Usually, the slapd.conf file is located in /etc/ldap or - /etc/openldap.
A self service profile defines what input fields your users see +
A self service profile defines what input fields your users see and some other general settings like the login caption.
When you go to the LAM configuration page you will see the self service link at the bottom. This will lead you to the self service configuration pages
Now we need to create a new self service profile. Click on the diff --git a/lam-web/documentation/LAMPro-HowTo/ch02.html b/lam-web/documentation/LAMPro-HowTo/ch02.html index 2d68207d..e764dbc1 100644 --- a/lam-web/documentation/LAMPro-HowTo/ch02.html +++ b/lam-web/documentation/LAMPro-HowTo/ch02.html @@ -1,6 +1,6 @@ -
Table of Contents
LAM Pro provides some more account modules to support additional +
Table of Contents
LAM Pro provides some more account modules to support additional LDAP object classes.
Currently these are:
groupOfNames
groupOfUniqueNames
These classes can be used to represent group relations. Since they allow DNs as members you can also use them to represent nested - groups.
Group of (unique) names have four basic attributes:
Name: a unique name for the group
Description: optional description
Owner: the account which owns this group (optional)
Members: the members of the group (at least one is + groups.
Group of (unique) names have four basic attributes:
Name: a unique name for the group
Description: optional description
Owner: the account which owns this group (optional)
Members: the members of the group (at least one is required)
You can add any accounts as members. This includes other groups - which leads to nested groups.
Table of Contents
You can define different access levels for each profile to allow or + disallow write access. The password reset page helps your deskside support + staff to reset user passwords.
There are three access levels:
Write access (default)
There are no restrictions. LAM admin users can manage account, + create profiles and set passwords.
Change passwords
Similar to "Read only" except that the password reset page is available.
Read only
No write access to the LDAP database is allowed. It is also + impossible to manage account and PDF profiles.
Accounts may be viewed but no changes can be saved.
The access level can be set on the server configuration + page:
This special page allows your deskside support staff to reset the + Unix and Samba passwords of your users. If you set the access level to "Change passwords" then + LAM will not allow any changes to the LDAP database except password + changes via this page. The account pages will be still available in + read-only mode.
You can open the password reset page by clicking on the key symbol + on each user account:
There are three different options to set a new + password:
set random password and display it on + screen
This will set the user's password to a random value. The + password will be 11 characters long with a random combination of + letters, digits and ".-_".
You may want to use this method to tell users their new + passwords via phone.
set random password and mail it to + user
If the user account has set the mail attribute then LAM can + send your user a mail with the new password. You can change the mail + template to fit your needs. See the help link for further + details.
Using this method will prevent that your support staff knows + the new password.
set specific password
Here you can specify your own password.
LAM will display contact information about the user like the + user's name, email address and telephone number. This will help your + deskside support to easily contact your users.
If a user account has Samba passwords set then LAM will offer to + synchronize the passwords.
Table of Contents
List of Tables
Table of Contents
List of Tables