AD LDS
|
@ -2,8 +2,9 @@ March 2020 7.1
|
|||
- PHP 7 required
|
||||
- Webauthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2)
|
||||
- Personal: support display name (hidden by default in server profile)
|
||||
- PPolicy: support for password check module
|
||||
|
||||
- LAM Pro:
|
||||
-> PPolicy: support for password check module
|
||||
-> Windows AD LDS support (users and groups)
|
||||
|
||||
21.12.2019 7.0
|
||||
- Lamdaemon can be configured with directory prefix for homedirs
|
||||
|
|
|
@ -1349,6 +1349,146 @@
|
|||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
||||
|
||||
<para>Please activate the account type "Users" in your LAM server
|
||||
profile and then add the user module "AD LDS
|
||||
(windowsLDSUser)(*)".</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_windowsUser4.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>The default list attributes are for Unix and not suitable for AD
|
||||
LDS (blank lines in account table). Please use
|
||||
"#cn;#givenName;#sn;#mail" or select your own attributes to display in
|
||||
the account list.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds1.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>On tab "Module settings" you can specify the possible Windows
|
||||
domain names.</para>
|
||||
|
||||
<para>You can also set maximum values for user photos in advanced
|
||||
options.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>Now you can manage your AD LDS users and e.g. assign groups. You
|
||||
might want to set the default domain name in the <link
|
||||
linkend="a_accountProfile">profile editor</link>.</para>
|
||||
|
||||
<para><emphasis role="bold">Attention:</emphasis></para>
|
||||
|
||||
<para>Password changes require a secure connection via ldaps://. Check
|
||||
your LAM server profile if password changes are refused by the
|
||||
server.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds4a.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds4b.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para><emphasis role="bold">Wildcards</emphasis></para>
|
||||
|
||||
<para>This module provides the following wildcards (others may be
|
||||
provided by other modules):</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>$firstname: First name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>$lastname: Last name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>$user: User name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>$commonname: Common name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>$email: Email address</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>You can use them in the following input fields on user edit
|
||||
screen:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Common name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Display name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Email</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Email alias</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Use this when some of your data always follows the same schema.
|
||||
E.g. using "$firstname $lastname" in common name field can be used like
|
||||
this to get "Demo User". You can set the wildcards in profile editor so
|
||||
they are automatically applied for new users.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds5a.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para/>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds5b.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Filesystem quota (lamdaemon)</title>
|
||||
|
||||
|
@ -2580,6 +2720,52 @@ AuthorizedKeysCommandUser root</literallayout>
|
|||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
||||
|
||||
<para>LAM can manage your AD LDS groups. Please enable the account type
|
||||
"Groups" in your LAM server profile and then add the group module "AD
|
||||
LDS (windowsLDSGroup)(*)".</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_windowsGroup3.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>The default list attributes are for Unix and not suitable for AD
|
||||
LDS (blank lines in account table). Please use
|
||||
"#cn;#member;#description" or select your own attributes to display in
|
||||
the account list.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds2.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para/>
|
||||
|
||||
<para>Now you can edit your groups inside LAM. You can manage the group
|
||||
name, description and its type. Of course, you can also set the group
|
||||
members.</para>
|
||||
|
||||
<para>With "Show effective members" you can show a list of all members
|
||||
of this group including members of subgroups and their subgroups.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_adLds6.png"/>
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Kolab</title>
|
||||
|
||||
|
|
|
@ -910,7 +910,7 @@
|
|||
<imageobject>
|
||||
<imagedata fileref="images/schema_samba.png"/>
|
||||
</imageobject>
|
||||
</inlinemediaobject> Windows</entry>
|
||||
</inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry>
|
||||
|
||||
<entry>Password</entry>
|
||||
|
||||
|
|
After Width: | Height: | Size: 47 KiB |
After Width: | Height: | Size: 39 KiB |
After Width: | Height: | Size: 80 KiB |
After Width: | Height: | Size: 156 KiB |
After Width: | Height: | Size: 60 KiB |
After Width: | Height: | Size: 52 KiB |
After Width: | Height: | Size: 51 KiB |
After Width: | Height: | Size: 53 KiB |
|
@ -45,3 +45,5 @@
|
|||
/nPosixUser.inc
|
||||
/bindDLZXfr.inc
|
||||
/webauthn.inc
|
||||
/windowsLDSGroup.inc
|
||||
/windowsLDSUser.inc
|
||||
|
|