department changes

This commit is contained in:
Roland Gruber 2017-03-04 11:18:30 +01:00
parent 4d6724430e
commit cb62f63cd8
2 changed files with 884 additions and 883 deletions

View File

@ -1,6 +1,7 @@
15.03.2017 5.7
- 2-factor authentication for admin login and self service with privacyIDEA
- PDF files use DejaVu serif font for better readability and more supported characters (e.g. Cyrillic)
- Windows users: the department option now uses attribute "department" instead of "departmentNumber"
- Updated Debian dependencies
- Fixed bugs:
-> Comparison issue prevents saving of values (185)

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter id="a_installation">
<chapter id="a_installation">
<title>Installation</title>
<section id="a_install">
@ -14,8 +14,8 @@
<itemizedlist>
<listitem>
<para>Apache/Nginx webserver (SSL recommended) with PHP module
(PHP 5 (&gt;= 5.2.4) with ldap, gettext, xml, openssl and optional
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
5 (&gt;= 5.2.4) with ldap, gettext, xml, openssl and optional
mcrypt)</para>
</listitem>
@ -44,9 +44,8 @@
</listitem>
<listitem>
<para>Internet Explorer 9 <emphasis
role="bold">(compatibility mode turned
off)</emphasis></para>
<para>Internet Explorer 9 <emphasis role="bold">(compatibility
mode turned off)</emphasis></para>
</listitem>
<listitem>
@ -95,8 +94,8 @@
automatically in testing and the stable releases. You can
run<literal> </literal><para><emphasis role="bold">apt-get
install ldap-account-manager</emphasis></para>to install LAM
on your server. Additionally, you may download the latest
LAM Debian packages from the <ulink type=""
on your server. Additionally, you may download the latest LAM
Debian packages from the <ulink type=""
url="http://www.ldap-account-manager.org/">LAM
homepage</ulink> or the <ulink
url="http://packages.debian.org/search?keywords=ldap-account-manager">Debian
@ -108,8 +107,8 @@
<para>dpkg -i ldap-account-manager_*.deb</para>
<para>If you get any messages about missing
dependencies run now: apt-get -f install</para>
<para>If you get any messages about missing dependencies
run now: apt-get -f install</para>
</listitem>
<listitem>
@ -142,14 +141,13 @@
</imageobject>
</inlinemediaobject></entry>
<entry>There are RPM packages available on the <ulink
type="" url="http://www.ldap-account-manager.org/">LAM
<entry>There are RPM packages available on the <ulink type=""
url="http://www.ldap-account-manager.org/">LAM
homepage</ulink>. The packages can be installed with these
commands:<para><emphasis role="bold">rpm -e
ldap-account-manager
ldap-account-manager-lamdaemon</emphasis> (if an older
version is installed)</para><para><emphasis role="bold">rpm
-i &lt;path to LAM
ldap-account-manager ldap-account-manager-lamdaemon</emphasis>
(if an older version is installed)</para><para><emphasis
role="bold">rpm -i &lt;path to LAM
package&gt;</emphasis></para><literallayout>
</literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages
for Fedora/CentOS do not contain a dependency to PHP due to
@ -164,9 +162,9 @@
<section>
<title>Other RPM based distributions</title>
<para>The RPM packages for Suse/Fedora are very generic and should
be installable on other RPM-based distributions, too. The Fedora
packages use apache:apache as file owner and the Suse ones use
<para>The RPM packages for Suse/Fedora are very generic and should be
installable on other RPM-based distributions, too. The Fedora packages
use apache:apache as file owner and the Suse ones use
wwwrun:www.</para>
</section>
@ -213,8 +211,8 @@
<section>
<title>Manual copy</title>
<para>Copy the files into the html-file scope of the web server.
For example /apache/htdocs or /var/www/html.</para>
<para>Copy the files into the html-file scope of the web server. For
example /apache/htdocs or /var/www/html.</para>
<para>Then set the appropriate file permissions inside the LAM
directory:</para>
@ -248,8 +246,8 @@
<title>With configure script</title>
<para>Instead of manually copying files you can also use the
included configure script to install LAM. Just run these commands
in the extracted directory:</para>
included configure script to install LAM. Just run these commands in
the extracted directory:</para>
<itemizedlist>
<listitem>
@ -275,8 +273,8 @@
</listitem>
<listitem>
<para>--with-web-root=DIRECTORY DIRECTORY is the name where
LAM should be installed (default /usr/local/lam)</para>
<para>--with-web-root=DIRECTORY DIRECTORY is the name where LAM
should be installed (default /usr/local/lam)</para>
</listitem>
</itemizedlist>
</section>
@ -295,8 +293,8 @@
</listitem>
<listitem>
<para>Select "Edit general settings" to setup global settings
and to change the <link linkend="a_configPasswords">master
<para>Select "Edit general settings" to setup global settings and
to change the <link linkend="a_configPasswords">master
configuration password</link> (default is "lam").</para>
</listitem>
@ -326,8 +324,8 @@
<para>memory_limit = 64M</para>
<para>For large installations (&gt;10000 LDAP entries) you may need
to increase the memory limit to 256M.</para>
<para>For large installations (&gt;10000 LDAP entries) you may need to
increase the memory limit to 256M.</para>
<para>If you run PHP with activated <ulink
url="http://www.hardened-php.net/suhosin/index.html">Suhosin</ulink>
@ -486,22 +484,21 @@
<section>
<title>Upgrading LAM or migrate from LAM to LAM Pro</title>
<para>Upgrading from LAM to LAM Pro is like installing a new LAM
version. Simply install the LAM Pro packages/tar.bz2 instead of the LAM
<para>Upgrading from LAM to LAM Pro is like installing a new LAM version.
Simply install the LAM Pro packages/tar.bz2 instead of the LAM
ones.</para>
<section>
<title>Upgrade LAM</title>
<para><emphasis role="bold">Backup configuration
files</emphasis></para>
<para><emphasis role="bold">Backup configuration files</emphasis></para>
<para>Configuration files need only to be backed up for .tar.bz2
installations. DEB/RPM installations do not require this step.</para>
<para>LAM stores all configuration files in the "config" folder.
Please backup the following files and copy them after the new version
is installed.</para>
<para>LAM stores all configuration files in the "config" folder. Please
backup the following files and copy them after the new version is
installed.</para>
<simplelist>
<member>config/*.conf</member>
@ -535,9 +532,8 @@
<para><emphasis role="bold">Install new LAM (Pro)
version</emphasis></para>
<para>Please <link linkend="a_install">install</link> the new LAM
(Pro) release. Skip the part about setting up LAM configuration
files.</para>
<para>Please <link linkend="a_install">install</link> the new LAM (Pro)
release. Skip the part about setting up LAM configuration files.</para>
<para><emphasis role="bold">Restore configuration
files</emphasis></para>
@ -545,9 +541,9 @@
<para>RPM:</para>
<para>Please check if there are any files ending with ".rpmsave" in
/var/lib/ldap-account-manager/config. In this case you need to
manually remove the .rpmsave extension by overwriting the package
file. E.g. rename default.user.rpmsave to default.user.</para>
/var/lib/ldap-account-manager/config. In this case you need to manually
remove the .rpmsave extension by overwriting the package file. E.g.
rename default.user.rpmsave to default.user.</para>
<para>DEB:</para>
@ -555,11 +551,11 @@
<para>tar.bz2:</para>
<para>Please restore your configuration files from the backup. Copy
all files from the backup folder to the config folder in your LAM Pro
installation. Do not simply replace the folder because the new LAM
(Pro) release might include additional files in this folder. Overwrite
any existing files with your backup files.</para>
<para>Please restore your configuration files from the backup. Copy all
files from the backup folder to the config folder in your LAM Pro
installation. Do not simply replace the folder because the new LAM (Pro)
release might include additional files in this folder. Overwrite any
existing files with your backup files.</para>
<para><emphasis role="bold">Final steps</emphasis></para>
@ -574,22 +570,28 @@
<section id="a_versUpgrade">
<title>Version specific upgrade instructions</title>
<para>You need to follow all steps from your current version to the new version. Unless explicitly noticed there is no need to install an intermediate release.</para>
<para>You need to follow all steps from your current version to the new
version. Unless explicitly noticed there is no need to install an
intermediate release.</para>
<section>
<title>5.6 -&gt; 5.7</title>
<para>No special actions needed.</para>
<para>Windows: The department attribute was changed from
"departmentNumber" to "department" to match Windows user manager. The
attribute "departmentNumber" is no more supported by the Windows
module. You will need to reactivate the department option in your
server profile on module settings tab.</para>
</section>
<section>
<title>5.5 -&gt; 5.6</title>
<para>Mail routing: No longer added by default. Use profile editor
to activate by default for new users/groups.</para>
<para>Mail routing: No longer added by default. Use profile editor to
activate by default for new users/groups.</para>
<para>Personal/Unix/Windows: no more replacement of e.g.
$user/$group on user upload</para>
<para>Personal/Unix/Windows: no more replacement of e.g. $user/$group
on user upload</para>
</section>
<section>
@ -618,8 +620,7 @@
<title>4.9 -&gt; 5.0</title>
<para>Samba 3: If you used logon hours then you need to set the
correct time zone on tab "Generel settings" in server
profile.</para>
correct time zone on tab "Generel settings" in server profile.</para>
</section>
<section>
@ -632,9 +633,9 @@
<title>4.4 -&gt; 4.5</title>
<para>LAM will no longer follow referrals by default. This is ok for
most installations. If you use LDAP referrals please activate
referral following for your server profile (tab General settings
-&gt; Server settings -&gt; Advanced options).</para>
most installations. If you use LDAP referrals please activate referral
following for your server profile (tab General settings -&gt; Server
settings -&gt; Advanced options).</para>
<para>The self service pages now have an own option for allowed IPs.
If your LAM installation uses IP restrictions please update the LAM
@ -642,21 +643,21 @@
<para>Password self reset (LAM Pro) allows to set a backup email
address. You need to <link
linkend="passwordSelfResetSchema_update">update</link> the LDAP
schema if you want to use this feature.</para>
linkend="passwordSelfResetSchema_update">update</link> the LDAP schema
if you want to use this feature.</para>
</section>
<section>
<title>4.3 -&gt; 4.4</title>
<para>Apache configuration: LAM supports Apache 2.2 and 2.4. This
requires that your Apache server has enabled the "version" module.
For Debian and Fedora this is the default setup. The Suse RPM will
try to enable the version module during installation.</para>
requires that your Apache server has enabled the "version" module. For
Debian and Fedora this is the default setup. The Suse RPM will try to
enable the version module during installation.</para>
<para>Kolab: User accounts get the object class "mailrecipient" by
default. You can change this behaviour in the module settings
section of your LAM server profile.</para>
default. You can change this behaviour in the module settings section
of your LAM server profile.</para>
<para>Windows: sAMAccountName is no longer set by default. Enable it
in server profile if needed. The possible domains for the user name
@ -688,17 +689,17 @@
following shells by default: /bin/bash, /bin/csh, /bin/dash,
/bin/false, /bin/ksh, /bin/sh.</para>
<para>Please update your server/self service profile if you would
like to change the list of valid login shells.</para>
<para>Please update your server/self service profile if you would like
to change the list of valid login shells.</para>
</section>
<section>
<title>3.9 -&gt; 4.0</title>
<para>The account profiles and PDF structures are now separated by
server profile. This means that if you edit e.g. an account profile
in server profile A then this change will not affect the account
profiles in server profile B.</para>
server profile. This means that if you edit e.g. an account profile in
server profile A then this change will not affect the account profiles
in server profile B.</para>
<para>LAM will automatically migrate your existing files as soon as
the login page is loaded.</para>
@ -728,9 +729,9 @@
</listitem>
<listitem>
<para>Please rename all files "*.rpmsave" and remove the
file extension ".rpmsave". E.g. "default.user.rpmsave" needs
to be renamed to "default.user".</para>
<para>Please rename all files "*.rpmsave" and remove the file
extension ".rpmsave". E.g. "default.user.rpmsave" needs to be
renamed to "default.user".</para>
</listitem>
<listitem>
@ -769,24 +770,23 @@
<section>
<title>3.5.0 -&gt; 3.6</title>
<para><emphasis role="bold">Debian users:</emphasis> LAM 3.6
requires to install FPDF 1.7. You can download the package <ulink
<para><emphasis role="bold">Debian users:</emphasis> LAM 3.6 requires
to install FPDF 1.7. You can download the package <ulink
url="http://packages.debian.org/search?keywords=php-fpdf&amp;searchon=names&amp;suite=all&amp;section=all">here</ulink>.
If you use Debian Stable (Squeeze) please use the package from
Testing (Wheezy).</para>
If you use Debian Stable (Squeeze) please use the package from Testing
(Wheezy).</para>
</section>
<section>
<title>3.4.0 -&gt; 3.5.0</title>
<para><emphasis role="bold">LAM Pro:</emphasis> The global
config/passwordMailTemplate.txt is no longer supported. You can
setup the mail settings now for each LAM server profile which
provides more flexibility.</para>
config/passwordMailTemplate.txt is no longer supported. You can setup
the mail settings now for each LAM server profile which provides more
flexibility.</para>
<para><emphasis role="bold">Suse/Fedora RPM
installations:</emphasis> LAM is now installed to
/usr/share/ldap-account-manager and
<para><emphasis role="bold">Suse/Fedora RPM installations:</emphasis>
LAM is now installed to /usr/share/ldap-account-manager and
/var/lib/ldap-account-manager.</para>
<para>Please note that configuration files are not migrated
@ -819,8 +819,8 @@
<title>3.0.0 -&gt; 3.1.0</title>
<para>LAM supported to set a list of valid workstations on the
"Personal" page. This required to change the LDAP schema. Since
3.1.0 this is replaced by the new "Hosts" module for users.</para>
"Personal" page. This required to change the LDAP schema. Since 3.1.0
this is replaced by the new "Hosts" module for users.</para>
<para>Lamdaemon: The sudo entry needs to be changed to
".../lamdaemon.pl *".</para>
@ -909,4 +909,4 @@
</listitem>
</orderedlist>
</section>
</chapter>
</chapter>