WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

AD LDS

This commit is contained in:
Roland Gruber 2020-02-01 11:37:53 +01:00
parent 981b0320f9
commit c8d1e5ab82
12 changed files with 192 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lam/HISTORY
View File

@ -2,8 +2,9 @@ March 2020 7.1
- PHP 7 required - PHP 7 required
- Webauthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2) - Webauthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2)
- Personal: support display name (hidden by default in server profile) - Personal: support display name (hidden by default in server profile)
- PPolicy: support for password check module - LAM Pro:
-> PPolicy: support for password check module
-> Windows AD LDS support (users and groups)
21.12.2019 7.0 21.12.2019 7.0
- Lamdaemon can be configured with directory prefix for homedirs - Lamdaemon can be configured with directory prefix for homedirs

186
lam/docs/manual-sources/chapter-modules.xml
View File

@ -1349,6 +1349,146 @@
</screenshot> </screenshot>
</section> </section>
<section>
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
<para>Please activate the account type "Users" in your LAM server
profile and then add the user module "AD LDS
(windowsLDSUser)(*)".</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_windowsUser4.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>The default list attributes are for Unix and not suitable for AD
LDS (blank lines in account table). Please use
"#cn;#givenName;#sn;#mail" or select your own attributes to display in
the account list.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds1.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>On tab "Module settings" you can specify the possible Windows
domain names.</para>
<para>You can also set maximum values for user photos in advanced
options.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>Now you can manage your AD LDS users and e.g. assign groups. You
might want to set the default domain name in the <link
linkend="a_accountProfile">profile editor</link>.</para>
<para><emphasis role="bold">Attention:</emphasis></para>
<para>Password changes require a secure connection via ldaps://. Check
your LAM server profile if password changes are refused by the
server.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds4a.png"/>
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds4b.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Wildcards</emphasis></para>
<para>This module provides the following wildcards (others may be
provided by other modules):</para>
<itemizedlist>
<listitem>
<para>$firstname: First name</para>
</listitem>
<listitem>
<para>$lastname: Last name</para>
</listitem>
<listitem>
<para>$user: User name</para>
</listitem>
<listitem>
<para>$commonname: Common name</para>
</listitem>
<listitem>
<para>$email: Email address</para>
</listitem>
</itemizedlist>
<para>You can use them in the following input fields on user edit
screen:</para>
<itemizedlist>
<listitem>
<para>Common name</para>
</listitem>
<listitem>
<para>Display name</para>
</listitem>
<listitem>
<para>Email</para>
</listitem>
<listitem>
<para>Email alias</para>
</listitem>
</itemizedlist>
<para>Use this when some of your data always follows the same schema.
E.g. using "$firstname $lastname" in common name field can be used like
this to get "Demo User". You can set the wildcards in profile editor so
they are automatically applied for new users.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds5a.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para/>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds5b.png"/>
</imageobject>
</mediaobject>
</screenshot>
</section>
<section> <section>
<title>Filesystem quota (lamdaemon)</title> <title>Filesystem quota (lamdaemon)</title>
@ -2580,6 +2720,52 @@ AuthorizedKeysCommandUser root</literallayout>
</screenshot> </screenshot>
</section> </section>
<section>
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
<para>LAM can manage your AD LDS groups. Please enable the account type
"Groups" in your LAM server profile and then add the group module "AD
LDS (windowsLDSGroup)(*)".</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_windowsGroup3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>The default list attributes are for Unix and not suitable for AD
LDS (blank lines in account table). Please use
"#cn;#member;#description" or select your own attributes to display in
the account list.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds2.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para/>
<para>Now you can edit your groups inside LAM. You can manage the group
name, description and its type. Of course, you can also set the group
members.</para>
<para>With "Show effective members" you can show a list of all members
of this group including members of subgroups and their subgroups.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds6.png"/>
</imageobject>
</mediaobject>
</screenshot>
</section>
<section> <section>
<title>Kolab</title> <title>Kolab</title>

2
lam/docs/manual-sources/chapter-selfService.xml
View File

@ -910,7 +910,7 @@
<imageobject> <imageobject>
<imagedata fileref="images/schema_samba.png"/> <imagedata fileref="images/schema_samba.png"/>
</imageobject> </imageobject>
</inlinemediaobject> Windows</entry> </inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry>
<entry>Password</entry> <entry>Password</entry>

BIN
lam/docs/manual-sources/images/mod_adLds1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
lam/docs/manual-sources/images/mod_adLds2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
lam/docs/manual-sources/images/mod_adLds3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
lam/docs/manual-sources/images/mod_adLds4a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
lam/docs/manual-sources/images/mod_adLds4b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
lam/docs/manual-sources/images/mod_adLds5a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
lam/docs/manual-sources/images/mod_adLds5b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
lam/docs/manual-sources/images/mod_adLds6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

2
lam/lib/modules/.gitignore vendored
View File

@ -45,3 +45,5 @@
/nPosixUser.inc /nPosixUser.inc
/bindDLZXfr.inc /bindDLZXfr.inc
/webauthn.inc /webauthn.inc
/windowsLDSGroup.inc
/windowsLDSUser.inc