diff --git a/lam-0.4/COPYING b/lam-0.4/COPYING
new file mode 100644
index 00000000..5b6e7c66
--- /dev/null
+++ b/lam-0.4/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ , 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/lam-0.4/HISTORY b/lam-0.4/HISTORY
new file mode 100644
index 00000000..1d426fc3
--- /dev/null
+++ b/lam-0.4/HISTORY
@@ -0,0 +1,44 @@
+29.12.2003 0.4.1
+
+ - better error handling at login
+ - support spaces in DNs
+ - PDF text for users
+ - create missing OUs recursivly
+ - fixed bugs:
+ SMD5 passwords were wrong
+ primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
+ Samba 2 accounts could not be created
+
+
+29.10.2003 0.4 (Beta1)
+
+ - improved design
+ - improved documentation
+ - Fixed possible error which could delete entries if objectclass didn't fit
+ - Fixed many samba 3.0 related bugs, most related to SIDs
+ - edit group members directly
+ - support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN)
+ - PDF output for groups and hosts
+
+
+31.08.2003 0.3 (Alpha 3)
+
+ - Samba 3 support
+ - manage Samba 3 domains
+ - multiple configuration files
+ - PDF output
+ - better mass creation
+
+
+04.07.2003 0.2 (Alpha 2)
+
+ - support for multiple OUs + OU-Editor
+ - account creation via file upload
+ - profile editor
+ - experimental Samba 3 support
+ - fixed a lot of bugs
+
+
+23.05.2003 0.1 (Alpha 1)
+
+ Initial release
diff --git a/lam-0.4/INSTALL b/lam-0.4/INSTALL
new file mode 100644
index 00000000..c1492116
--- /dev/null
+++ b/lam-0.4/INSTALL
@@ -0,0 +1,45 @@
+
+Installation Instructions for LAM
+---------------------------------
+
+
+1. Requirements
+
+ - Apache webserver (SSL optional) with installed PHP-Module (PHP-Module with
+ ldap, gettext, mcrypt, mhash)
+ - Perl
+ - Openldap (>2.0)
+ - A web browser :-)
+
+ Getting mcrypt and mhash for Suse/RedHat:
+
+ Either you compile PHP4 yourself or you use some unofficial packages:
+
+ - Suse: ftp://ftp.suse.com/pub/people/poeml/mod_php4
+ - RedHat: http://ftp.horde.org/pub/RPMS
+
+
+2. Installation
+
+ * Extract package with:
+ tar xzf lam-version.tar.gz
+
+ * Copy files into the html-file scope of the webserver. For example
+ /apache/htdocs.
+
+ * Set appropriate file permissions:
+ - /lam/sess: write permission for apache user
+ - /lam/tmp: write permission for apache user
+ - /lam/config (with subdirectories): write permission for apache user
+ - /lam/lib: perl files must be set executable (See also
+ docs/readme.lamdeamon.pl)
+
+ * Configure config.cfg and create a configuration profile.
+ Copy config.cfg_sample to config.cfg and set the master password and default
+ profile.
+ Then use the web interface with the link "Configuration Login" (start file is /lam/index.html)
+ or configure LAM manually. (The default password to edit the options is "lam")
+
+ - Manually:
+ A default config file can be found in /lam/config/lam.conf_sample.
+ Change the necessary entries and rename it to /lam/config/lam.conf.
diff --git a/lam-0.4/README b/lam-0.4/README
new file mode 100644
index 00000000..1f1846b0
--- /dev/null
+++ b/lam-0.4/README
@@ -0,0 +1,88 @@
+
+LAM - Readme
+============
+
+ A set of PHP-scripts to administrate Unix and Samba accounts in a LDAP server.
+ LAM runs on any webserver with PHP4 support and connects to your LDAP server
+ unencrypted or via SSL.
+ The application manages accounts for users, groups and Samba hosts in
+ multiple organizational units. LAM supports the Samba 2.x schema and the
+ Samba 3 schema.
+
+ http://sourceforge.net/projects/lam/
+
+ Copyright (C) 2003 Michael Duergner
+ Roland Gruber
+ Tilo Lutz
+ Leonhard Walchshäusl
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ Requirements:
+ PHP4
+ Openldap (2.0 or greater)
+ A web-browser that supports CSS (Netscape 4.x is not recommended)
+
+ Summary:
+ With LAM you can easily manage user, group and machine accounts stored in
+ a LDAP server over a web interface. At the moment it supports:
+
+ - displaying the user/group/host/domain entries
+ - deleting entries
+ - adding new entries
+ - editing entries
+ - filtering and sorting
+ - account profiles
+ - access management
+ - multiple configuration profiles
+ - OU Editor
+ - User creation via file upload
+ - Samba 2 and 3 schema support
+
+ Important:
+ The standard password to edit the configuration options is "lam".
+
+ Download:
+ You can get the newest version at http://sourceforge.net/projects/lam/
+
+ Installation:
+ Please see the INSTALL file.
+
+ Known Bugs:
+ - If you fill in the Unix workstations field the LDAP add/modify operation
+ may fail. This is because the host attribute is provided only by
+ objectClass account which conflicts with inetOrgPerson.
+ If you want to use host restrictions, add the host attribute to
+ inetOrgPerson in your schema file.
+
+ Documentation:
+ Basic documentation available in /docs
+
+ Internationalization:
+ If you want to use a translated version of LAM be sure to install the
+ needed locales. See locale/ for a list of supported locales.
+ Debian users can add locales with "dpkg-reconfigure locales".
+
+ Security:
+ It is strongly recommended to use a SSL connection to your web server.
+
+ LAM needs to store your LDAP username + password in the session. The session
+ files are saved in sess/ and are accessible only by the web server. To increase
+ security username and password are encrypted with AES (256 bit). The key and iv
+ are generated at random when you log in. They are stored in two cookies.
+
+
+ Have fun!
+ The LAM devel team
diff --git a/lam-0.4/TODO b/lam-0.4/TODO
new file mode 100644
index 00000000..dc536405
--- /dev/null
+++ b/lam-0.4/TODO
@@ -0,0 +1,13 @@
+stable
+
+???
+
+
+0.5
+
+- check security
+
+0.4.2
+
+- add install wizard
+- remove MCrypt functions (use Blowfish)
diff --git a/lam-0.4/config/.htaccess b/lam-0.4/config/.htaccess
new file mode 100644
index 00000000..11c59d17
--- /dev/null
+++ b/lam-0.4/config/.htaccess
@@ -0,0 +1,4 @@
+
+ Order allow,deny
+ Deny from all
+
diff --git a/lam-0.4/config/config.cfg_sample b/lam-0.4/config/config.cfg_sample
new file mode 100644
index 00000000..120aed1c
--- /dev/null
+++ b/lam-0.4/config/config.cfg_sample
@@ -0,0 +1,5 @@
+# password to add/delete/rename configuration profiles
+password: lam
+
+# default profile, without ".conf"
+default: lam
diff --git a/lam-0.4/config/lam.conf_sample b/lam-0.4/config/lam.conf_sample
new file mode 100644
index 00000000..88fd6d74
--- /dev/null
+++ b/lam-0.4/config/lam.conf_sample
@@ -0,0 +1,80 @@
+# LDAP Account Manager configuration
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+serverURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be seperated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend
+passwd: lam
+
+# suffix of users
+# e.g. ou=People,dc=yourdomain,dc=org
+usersuffix: ou=people,dc=my-domain,dc=com
+
+# suffix of groups
+# e.g. ou=Groups,dc=yourdomain,dc=org
+groupsuffix: ou=groups,dc=my-domain,dc=com
+
+# suffix of Samba hosts
+# e.g. ou=machines,dc=yourdomain,dc=org
+hostsuffix: ou=machines,dc=my-domain,dc=com
+
+# suffix of Samba 3 domains
+# e.g. ou=domains,dc=yourdomain,dc=org
+domainsuffix: ou=domains,dc=my-domain,dc=com
+
+# minimum and maximum UID numbers
+minUID: 10000
+maxUID: 20000
+
+# minimum and maximum GID numbers
+minGID: 10000
+maxGID: 20000
+
+# minimum and maximum UID numbers for Samba Hosts
+minMachine: 25000
+maxMachine: 35000
+
+# list of attributes to show in user list
+# entries can either be predefined values (e.g. '#cn' or '#uid')
+# or individual ones (e.g. 'uid:User ID' or 'host:Host Name')
+# values have to be seperated by semicolons
+userlistAttributes: #uid;#givenName;#sn;#uidNumber;#gidNumber
+
+# list of attributes to show in group list
+# entries can either be predefined values (e.g. '#cn' or '#gidNumber')
+# or individual ones (e.g. 'cn:Group Name')
+# values have to be seperated by semicolons
+grouplistAttributes: #cn;#gidNumber;#memberUID;#description
+
+# list of attributes to show in host list
+# entries can either be predefined values (e.g. '#cn' or '#uid')
+# or individual ones (e.g. 'cn:Host Name')
+# values have to be seperated by semicolons
+hostlistAttributes: #cn;#description;#uidNumber;#gidNumber
+
+# maximum number of rows to show in user/group/host lists
+maxlistentries: 30
+
+# default language (a line from config/language)
+defaultLanguage: en_GB:ISO-8859-1:English (Britain)
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Set to "yes" only if you use the new Samba 3.x schema.
+samba3: yes
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).
+pwdhash: SSHA
+
diff --git a/lam-0.4/config/language b/lam-0.4/config/language
new file mode 100644
index 00000000..241ed065
--- /dev/null
+++ b/lam-0.4/config/language
@@ -0,0 +1,12 @@
+# LDAP Account Manager Language Configuration file
+
+# Each line consists of a : seperated entrys. The first entry is the link to the language definition, the second is the language description. Further entries are not used yet.
+# Normally you don't have to edit this file manually. It is modified automatically when you add a new language in the Configuration-Site.
+
+# Englisch Language
+en_GB:ISO-8859-1:English (Britain)
+
+# German Language
+de_DE:ISO-8859-15:Deutsch (Deutschland)
+
+
diff --git a/lam-0.4/config/pdf/lam.txt b/lam-0.4/config/pdf/lam.txt
new file mode 100644
index 00000000..09a72df5
--- /dev/null
+++ b/lam-0.4/config/pdf/lam.txt
@@ -0,0 +1,4 @@
+dies ist ein test $general_username test2
+3
+4
+5
diff --git a/lam-0.4/config/profiles/groups/default.prg b/lam-0.4/config/profiles/groups/default.prg
new file mode 100644
index 00000000..d148bc8e
--- /dev/null
+++ b/lam-0.4/config/profiles/groups/default.prg
@@ -0,0 +1,2 @@
+
+
diff --git a/lam-0.4/config/profiles/hosts/default.prh b/lam-0.4/config/profiles/hosts/default.prh
new file mode 100644
index 00000000..e69de29b
diff --git a/lam-0.4/config/profiles/users/default.pru b/lam-0.4/config/profiles/users/default.pru
new file mode 100644
index 00000000..8ece1d0d
--- /dev/null
+++ b/lam-0.4/config/profiles/users/default.pru
@@ -0,0 +1,15 @@
+general_homedir: /home/$user
+general_shell: /bin/bash
+unix_password_no: 0
+unix_pwdwarn: 10
+unix_pwdallowlogin: 10
+unix_pwdminage: 1
+unix_pwdmaxage: 365
+unix_pwdexpire: 1893452400
+unix_deactivated: 0
+smb_password_no: 0
+smb_useunixpwd: 1
+smb_flagsD: 0
+smb_flagsX: 1
+smb_homedrive: U:
+smb_smbhome: \\server\$user
diff --git a/lam-0.4/debian/README.Debian b/lam-0.4/debian/README.Debian
new file mode 100644
index 00000000..7a526b31
--- /dev/null
+++ b/lam-0.4/debian/README.Debian
@@ -0,0 +1,20 @@
+Access to the webfrontend:
+
+ - If you configured Apache(-SSL) at installation
+ you can access LDAP Account Manager via
+ http://localhost/lam or https://host.domain/lam.
+
+ - Otherwise you will have to setup your webserver
+ to load /usr/share/ldap-account-manager/index.html
+ which is the start file.
+
+
+Configuration:
+
+ All settings can be edited via the webfrontend. The default
+ password for the configuration is "lam". However you can
+ also edit the configuration files directly.
+ The configuration files are /etc/ldap-account-manager/config.cfg
+ and /var/lib/ldap-account-manager/config/lam.conf.
+
+
diff --git a/lam-0.4/debian/changelog b/lam-0.4/debian/changelog
new file mode 100644
index 00000000..6584b1a5
--- /dev/null
+++ b/lam-0.4/debian/changelog
@@ -0,0 +1,55 @@
+ldap-account-manager (0.4.1-1) unstable; urgency=low
+
+ * Updated to new upstream version (0.4.1)
+
+ -- Roland Gruber Fri, 29 Dec 2003 21:19:27 +0100
+
+ldap-account-manager (0.4-4) unstable; urgency=low
+
+ * added debconf template for alias name
+
+ -- Roland Gruber Sun, 16 Nov 2003 16:03:55 +0100
+
+ldap-account-manager (0.4-3) unstable; urgency=low
+
+ * copied access control from .htaccess files to apache.conf
+
+ -- Roland Gruber Sat, 1 Nov 2003 13:22:56 +0100
+
+ldap-account-manager (0.4-2) unstable; urgency=low
+
+ * fixed error in postinst script
+ * added dependency php4-mhash
+
+ -- Roland Gruber Thu, 30 Oct 2003 16:19:45 +0100
+
+ldap-account-manager (0.4-1) unstable; urgency=low
+
+ * Updated to Beta 1 release (0.4)
+
+ -- Roland Gruber Mon, 13 Oct 2003 20:23:29 +0200
+
+ldap-account-manager (0.3-1) unstable; urgency=low
+
+ * Updated to Alpha 3 Release.
+
+ -- Roland Gruber Fri, 29 August 2003 17:04:00 +0200
+
+ldap-account-manager (0.2-1) unstable; urgency=low
+
+ * Updated to Alpha 2 Release.
+
+ -- Roland Gruber Sat, 2 July 2003 18:42:00 +0200
+
+ldap-account-manager (0.1-2) unstable; urgency=low
+
+ * Fixed missing directory config/profiles/groups.
+
+ -- Roland Gruber Sat, 4 June 2003 18:19:00 +0200
+
+ldap-account-manager (0.1-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Roland Gruber Sat, 3 May 2003 21:14:23 +0200
+
diff --git a/lam-0.4/debian/copyright b/lam-0.4/debian/copyright
new file mode 100644
index 00000000..76dbc36d
--- /dev/null
+++ b/lam-0.4/debian/copyright
@@ -0,0 +1,17 @@
+This package was debianized by Roland Gruber on
+Sat, 3 May 2003 21:14:23 +0200.
+
+It was downloaded from http://www.sf.net/projects/lam
+
+Upstream Author(s): Roland Gruber
+
+Copyright:
+
+This software is copyright (c) 2003 by Tilo Lutz, Roland Gruber, Michael Duergner
+and Leo Walchshaeusl.
+
+You are free to distribute this software under the terms of
+the GNU General Public License.
+On Debian systems, the complete text of the GNU General Public
+License can be found in /usr/share/common-licenses/GPL file.
+
diff --git a/lam-0.4/debian/lam.apache.conf b/lam-0.4/debian/lam.apache.conf
new file mode 100644
index 00000000..f20db90a
--- /dev/null
+++ b/lam-0.4/debian/lam.apache.conf
@@ -0,0 +1,48 @@
+
+Alias /lam /usr/share/ldap-account-manager
+
+
+ Options +FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+ DirectoryIndex index.html
+
+
+
+ Options -Indexes
+
+
+
+ Options -Indexes
+ Order allow,deny
+ Deny from all
+
+
+
+ Options -Indexes
+ Order allow,deny
+ Deny from all
+
+
+
+ Options -Indexes
+
+ Order allow,deny
+ Deny from all
+
+
+ Order allow,deny
+ Allow from all
+
+
+ Order allow,deny
+ Allow from all
+
+
+
+
+ Options -Indexes
+ Order allow,deny
+ Deny from all
+
diff --git a/lam-0.4/debian/packages b/lam-0.4/debian/packages
new file mode 100644
index 00000000..a0d95e83
--- /dev/null
+++ b/lam-0.4/debian/packages
@@ -0,0 +1,195 @@
+## debian/packages for ldap-account-manager
+
+Source: ldap-account-manager
+Section: web
+Priority: extra
+Maintainer: Roland Gruber
+Standards-Version: 3.5.9
+Home-Page:
+Description: Webfrontend to manage Samba and Unix accounts
+Origin: debian
+Copyright: GPL
+ Copyright 2003 Tilo Lutz, Roland Gruber, Michael Duergner, Leo Walchshaeusel
+Major-Changes:
+
+Package: ldap-account-manager
+Architecture: all
+Depends: php4 | php4-cgi, php4-ldap , php4-mcrypt , php4-mhash , apache | apache-ssl | httpd, perl, wwwconfig-common, debconf
+Suggests: ldap-server, sudo
+Conflicts: php4-apc
+Description: Webfrontend for managing Unix and Samba accounts in a LDAP directory
+ LDAP Account Manager (LAM) runs on an existing webserver. LAM
+ supports LDAP connections via SSL and TLS. It uses the
+ Samba 2.x or Samba 3 schema and manages user, group and host
+ accounts. You can use templates for account creation and use
+ multiple configuration profiles. Account information can be
+ exported as PDF file. There is also a script
+ included which manages quota and homedirectories, you have to
+ setup sudo if you want to use it. LAM is translated to
+ English and German.
+Install: sh
+ yada install -data -into /usr/share/ldap-account-manager index.html
+ yada install -data -into /var/lib/ldap-account-manager/tmp tmp/.htaccess
+ yada install -data -into /var/lib/ldap-account-manager/config config/.htaccess
+ yada install -data -into /var/lib/ldap-account-manager/config config/language
+ yada install -data -into /var/lib/ldap-account-manager/config config/shells
+ yada install -data -into /var/lib/ldap-account-manager/config config/lam.conf_sample
+ yada install -conffile -subdir ldap-account-manager -as config.cfg config/config.cfg_sample
+ ln -s /etc/ldap-account-manager/config.cfg $ROOT/var/lib/ldap-account-manager/config/config.cfg
+ yada install -dir /var/lib/ldap-account-manager/config/profiles
+ yada install -data -into /var/lib/ldap-account-manager/config/profiles/users config/profiles/users/*.pru
+ yada install -data -into /var/lib/ldap-account-manager/config/profiles/groups config/profiles/groups/*.prg
+ yada install -data -into /var/lib/ldap-account-manager/config/profiles/hosts config/profiles/hosts/*.prh
+ yada install -dir /var/lib/ldap-account-manager/config/pdf
+ yada install -doc docs/README.*
+ yada install -data -into /usr/share/ldap-account-manager/graphics graphics/*.jpg
+ yada install -data -into /usr/share/ldap-account-manager/graphics graphics/*.png
+ yada install -data -into /usr/share/ldap-account-manager/help help/help.inc
+ yada install -data -into /usr/share/ldap-account-manager/lib lib/.htaccess
+ yada install -data -into /usr/share/ldap-account-manager/lib lib/*.inc
+ yada install -data -into /usr/share/ldap-account-manager/lib lib/*.php
+ yada install -data -into /usr/share/ldap-account-manager/lib lib/*.js
+ yada install -exec -into /usr/share/ldap-account-manager/lib lib/*.pl
+ yada install -data -into /usr/share/ldap-account-manager/lib/font lib/font/*.php
+ yada install -data -into /usr/share/ldap-account-manager/lib/font/makefont lib/font/makefont/*.php
+ yada install -data -into /usr/share/ldap-account-manager/lib/font/makefont lib/font/makefont/*.map
+ yada install -dir /usr/share/ldap-account-manager/locale
+ yada install -dir /usr/share/ldap-account-manager/locale/de_DE
+ yada install -data -into /usr/share/ldap-account-manager/locale/de_DE/LC_MESSAGES locale/de_DE/LC_MESSAGES/messages.?o
+ yada install -data -into /var/lib/ldap-account-manager/sess sess/.htaccess
+ yada install -data -into /usr/share/ldap-account-manager/style style/*.css
+ yada install -data -into /usr/share/ldap-account-manager/templates templates/*.php
+ yada install -data -into /usr/share/ldap-account-manager/templates/account templates/account/*.php
+ yada install -data -into /usr/share/ldap-account-manager/templates/config templates/config/*.php
+ yada install -data -into /usr/share/ldap-account-manager/templates/lists templates/lists/*.php
+ yada install -data -into /usr/share/ldap-account-manager/templates/profedit templates/profedit/*.php
+ yada install -conffile -subdir ldap-account-manager -as apache.conf debian/lam.apache.conf
+ yada install -doc -as changelog HISTORY
+ yada install -doc -as changelog.Debian debian/changelog
+ yada install -doc TODO
+ yada install -doc debian/README.Debian
+ yada install -doc README
+Templates:
+ Template: ldap-account-manager/webserver
+ Type: select
+ Choices: Apache, Apache-SSL, Both, None
+ Default: ${webserver}
+ Description: Which webserver would you like to configure automatically?
+ LDAP Account Manager supports any webserver that supports PHP4, but this
+ automatic configuration process only supports Apache and Apache-SSL. Selecting
+ Apache without SSL can be a security risk and is not recommended.
+ If you choose to configure Apache(-SSL) LAM can be accessed at http(s)://localhost/lam
+ .
+ Template: ldap-account-manager/alias
+ Type: string
+ Default: lam
+ Description: Enter alias:
+ LAM will add an alias to your httpd.conf which allows you to
+ access LAM at http(s)://localhost/lam. If you want an alias other than
+ "lam" please specify it here.
+Config: bash
+ db_subst "ldap-account-manager/webserver" "webserver" "Apache" || true
+ db_input medium "ldap-account-manager/webserver" || true
+ db_go
+ db_input low "ldap-account-manager/alias" || true
+ db_go
+Preinst: bash
+ if [ ! -d /var/lib/ldap-account-manager ]; then \
+ mkdir /var/lib/ldap-account-manager; fi
+ if [ ! -h /usr/share/ldap-account-manager/config ]&&[ -d /usr/share/ldap-account-manager/config ]; \
+ then mv /usr/share/ldap-account-manager/config /var/lib/ldap-account-manager/config; fi
+ if [ ! -h /usr/share/ldap-account-manager/sess ]&&[ -d /usr/share/ldap-account-manager/sess ]; \
+ then mv /usr/share/ldap-account-manager/sess /var/lib/ldap-account-manager/sess; fi
+Postinst: bash
+ if [ ! -h /usr/share/ldap-account-manager/config ]; then\
+ ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
+ if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
+ ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
+ if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
+ ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
+ chown www-data /etc/ldap-account-manager/config.cfg
+ chmod 600 /etc/ldap-account-manager/config.cfg
+ chown www-data /var/lib/ldap-account-manager/sess
+ chown www-data /var/lib/ldap-account-manager/tmp
+ chown -R www-data /var/lib/ldap-account-manager/config
+ chown www-data /var/lib/ldap-account-manager/tmp
+ if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
+ then cp /var/lib/ldap-account-manager/config/lam.conf_sample /var/lib/ldap-account-manager/config/lam.conf; \
+ chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
+ chmod 600 /var/lib/ldap-account-manager/config/*.conf
+ if [ "$1" = "configure" ]; then
+ db_get "ldap-account-manager/alias"
+ alias="$RET"
+ perl -pi -e "s/Alias \/.* \/usr\/share\/ldap-account-manager/Alias \/$alias \/usr\/share\/ldap-account-manager/g"\
+ /etc/ldap-account-manager/apache.conf
+ db_get "ldap-account-manager/webserver"
+ webserver="$RET"
+ case "$webserver" in
+ Apache) webservers="apache";;
+ Apache-SSL) webservers="apache-ssl";;
+ Both) webservers="apache apache-ssl";;
+ *) webservers="";;
+ esac
+ .
+ . /usr/share/wwwconfig-common/php.get
+ .
+ for server in $webservers; do
+ if [ "$phpver" = "php4" ]; then
+ extension=".php"
+ typestr="application/x-httpd-php"
+ . /usr/share/wwwconfig-common/apache-addtype_all.sh
+ [ "$status" = "uncommented" -o "$status" = "added" -o "$status" = "lineadded" ] && restart="$server $restart"
+ fi
+ .
+ . /usr/share/wwwconfig-common/apache-php.sh
+ [ "$status" = "uncomment" ] && restart="$server $restart"
+ .
+ includefile=/etc/ldap-account-manager/apache.conf
+ . /usr/share/wwwconfig-common/apache-include_all.sh
+ [ "$status" = "uncomment" -o "$status" = "include" ] && restart="$server $restart"
+ .
+ index=index.php
+ . /usr/share/wwwconfig-common/apache-index_all.sh
+ [ "$status" = "added" ] && restart="$server $restart"
+ done
+ .
+ servers="apache-ssl apache"
+ . /usr/share/wwwconfig-common/restart.sh
+ fi
+Postrm: bash
+ if [ -f /etc/apache/httpd.conf \
+ -a -f /usr/share/wwwconfig-common/apache-uninclude_all.sh ]; then
+ db_get "ldap-account-manager/webserver" || true
+ webserver="$RET"
+ case "$webserver" in
+ Apache) webservers="apache";;
+ Apache-SSL) webservers="apache-ssl";;
+ Both) webservers="apache apache-ssl";;
+ *) webservers="";;
+ esac
+ includefile=/etc/ldap-account-manager/apache.conf
+ .
+ if [ "$1" = "purge" ]; then
+ for server in $webservers; do
+ . /usr/share/wwwconfig-common/apache-uninclude_all.sh
+ if [ "$status" = "purge" ]; then
+ restart="$restart $server"
+ fi
+ done
+ test -d /etc/ldap-account-manager && rm -rf /etc/ldap-account-manager
+ fi
+ .
+ if [ "$1" = "remove" ]; then
+ for server in $webservers; do
+ . /usr/share/wwwconfig-common/apache-cominclude_all.sh
+ if [ "$status" = "comment" ]; then
+ restart="$restart $server"
+ fi
+ done
+ fi
+ .
+ servers="apache-ssl apache"
+ . /usr/share/wwwconfig-common/restart.sh
+ fi
+ if [ "$1" = "purge" ]; then
+ rm -r -f /usr/share/ldap-account-manager; rm -r -f /var/lib/ldap-account-manager; fi
diff --git a/lam-0.4/docs/README.fpdf b/lam-0.4/docs/README.fpdf
new file mode 100644
index 00000000..cad36274
--- /dev/null
+++ b/lam-0.4/docs/README.fpdf
@@ -0,0 +1,298 @@
+
+
+
+FAQ
+
+
+
+
+1. What's exactly the license of FPDF? Are there any usage restrictions?
+
FPDF is Freeware (it is stated at the beginning of the source file). There is no usage
+restriction. You may embed it freely in your application (commercial or not), with or
+without modification.
+2. When I try to create a PDF, a lot of weird characters show on the screen. Why?
+
These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of
+IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly
+without launching Acrobat. This happens frequently during the development stage: on the least
+script error, an HTML page is sent, and after correction, the PDF arrives.
+
+To solve the problem, simply quit and restart IE. You can also go to another URL and come
+back.
+
+To avoid this kind of inconvenience during the development, you can generate the PDF directly
+to a file and open it through the explorer.
+3. I try to generate a PDF and IE displays a blank page. What happens?
+
First of all, check that you send nothing to the browser after the PDF (not even a space or a
+carriage return). You can put an exit statement just after the call to the Output() method to
+be sure.
+
+If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in
+conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should
+test your application with as many IE versions as possible (at least if you're on the Internet).
+The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the
+more that it causes other problems, see the next question). The GET works better but may fail
+when the URL becomes too long: don't use a query string with more than 45 characters. However, a
+tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a
+formular, you can add a hidden field at the last position:
+
+
+
+The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching).
+See question 5 for a workaround.
+
+
+To avoid all these problems in a reliable manner, two main techniques exist:
+
+
+- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in
+the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat
+5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in
+IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask
+before opening this type of file" and choose Open. From now on, PDF files will open
+automatically in an external Acrobat window.
+
+The drawback of the method is that you need to alter the client configuration, which you can do
+in an intranet environment but not for the Internet.
+
+
+- Use a redirection technique. It consists in generating the PDF in a temporary file on the
+server and redirect the client on it (by using JavaScript, not the Location HTTP header which
+also causes trouble). For instance, at the end of the script, you can put the following:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>";
+
+
+Then create the getpdf.php file with this:
+
+
+
+
+<?php
+$f=$HTTP_GET_VARS['f'];
+//Check file (don't skip it!)
+if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))
+ die('Incorrect file name');
+if(!file_exists($f))
+ die('File does not exist');
+//Handle special IE request if needed
+if($HTTP_ENV_VARS['USER_AGENT']=='contype')
+{
+ Header('Content-Type: application/pdf');
+ exit;
+}
+//Output PDF
+Header('Content-Type: application/pdf');
+Header('Content-Length: '.filesize($f));
+readfile($f);
+//Remove file
+unlink($f);
+exit;
+?>
+
+
+This method works in most cases but IE6 can still experience trouble. The "ultimate" method
+consists in redirecting directly to the temporary file. The file name must therefore end with .pdf:
+
+
+
+
+//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+rename($file,$file.'.pdf');
+$file.='.pdf';
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>";
+
+
+This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do
+some cleaning in order to delete the temporary files. For instance:
+
+
+
+This function deletes all files of the form tmp*.pdf older than an hour in the specified
+directory. You may call it where you want, for instance in the script which generates the PDF.
+
+
+Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the
+redirection.
+4. I send parameters using the POST method and the values don't appear in the PDF.
+
It's a problem affecting some versions of IE (especially the first 5.5). See the previous
+question for the ways to work around it.
+5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.
+
It's a problem affecting some versions of IE. To work around it, add the following line before
+session_start():
+
+
+
+
+session_cache_limiter('private');
+
+
+or do a redirection as explained in question 3.
+6. When I'm on SSL, IE can't open the PDF.
+
The problem may be fixed by adding this line:
+
+
+
+Header('Pragma: public');
+
+
+
+7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".
+
When the decimal separator is configured as a comma before including a file, there is a
+bug in PHP and decimal numbers
+get truncated. Therefore you shouldn't make a call to setlocale() before including the class.
+On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a
+setlocale() call.
+8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".
+
Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per
+pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more.
+9. I try to put an image and Acrobat says "There was an error processing a page. Wrong operand type".
+
You have to give at least one dimension; height and width can't be both equal to zero.
+10. I'd like to put my image in real size in the PDF. How can I convert pixels to mm?
+
An image has no "real size". The dimension it is given in the document is arbitrary. Except if
+you want to impose a particular resolution (for instance 72dpi, which is the one typically used
+on screen display), in which case the ratio between the pixel width and the resolution gives the
+dimension.
+11. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)
+
You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return,
+neither before nor after. The script outputs something at line X.
+12. I try to display a variable in the Header method but nothing prints.
+
You have to use the global keyword, for instance:
+
+
+
+
+13. I defined the Header and Footer methods in my PDF class but nothing appears.
+
You have to create an object from the PDF class, not FPDF:
+
+
+
+$pdf=new PDF();
+
+
+
+14. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.
+
You have to enclose your string with double quotes, not single ones.
+15. I try to put the euro symbol but it doesn't work.
+
The standard fonts have the euro character at position 128. You can define a constant like this
+for convenience:
+
+
+
+
+define('EURO',chr(128));
+
+
+
+16. I draw a frame with very precise dimensions, but when printed I notice some differences.
+
To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box.
+17. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?
+
All printers have physical margins (different depending on the model), it is therefore impossible
+to remove them and print on the totality of the paper.
+18. What's the limit of the file sizes I can generate with FPDF?
+
There is no particular limit. There are some constraints however:
+
+
+- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents,
+especially with images, this limit may be reached (the file being built into memory). The
+parameter is configured in the php.ini file.
+
+
+- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily
+reached. It is configured in php.ini and may be altered dynamically with set_time_limit().
+
+
+- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and
+reach the limit, it will be lost. It is therefore advised for very big documents to
+generate them in a file, and to send some data to the browser from time to time (for instance
+page 1, page 2... with flush() to force the output). When the document is finished, you can send
+a redirection on it with JavaScript or create a link.
+
+Remark: even when the browser goes in time-out, the script may continue to run on the server.
+19. Can I modify a PDF with FPDF?
+
No.
+20. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?
+
No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from
+a PDF. It is provided with the Xpdf package:
+
+http://www.foolabs.com/xpdf/
+21. Can I convert an HTML page to PDF with FPDF?
+
No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
+
+http://www.easysw.com/htmldoc/
+23. How can I activate the protections on a PDF? I'd like to prevent people from copying the text or modifying the document.
+
You can't for the moment. The feature will be implemented in the future.
+
+
diff --git a/lam-0.4/docs/README.hosts b/lam-0.4/docs/README.hosts
new file mode 100644
index 00000000..6176ab75
--- /dev/null
+++ b/lam-0.4/docs/README.hosts
@@ -0,0 +1,28 @@
+The attribute "host" is only in objectclass account.
+Unfortunatly "account" conflicts with
+"inetorgperson". so there's no perfect way to use
+both.
+
+In order to get attribute host working you have to
+modify schema/inetoergperson and include host:
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 $ host )
+ )
+
diff --git a/lam-0.4/docs/README.lamdaemon.pl b/lam-0.4/docs/README.lamdaemon.pl
new file mode 100644
index 00000000..9d9b9834
--- /dev/null
+++ b/lam-0.4/docs/README.lamdaemon.pl
@@ -0,0 +1,84 @@
+lamdaemon.pl is used to modify quota and homedirs
+on a remote or local host via ssh.
+If you want wo use it you have to set up many
+thins to get it work.
+
+1. Set values in LDAP Account manager
+ * Set the remote or local host in the configuration
+ (e.g. 127.0.0.1)
+ * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
+
+
+2. Set up sudo
+ The perlskript has to run as root (very ugly I know but
+ I haven't found any other solution). Therefor we need
+ a wrapper, sudo.
+ Edit /etc/sudoers on host homedirs or quotas should be used
+ and add the following line:
+ $admin All= NOPASSWD: $path
+ $admin is the adminuser from lam and $path
+ is the path include the filename of lamdaemon.pl
+ e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
+ At the moment the password is a paramteter of lamdaemon.pl
+ Therefore you should disable logging so the password doesn't
+ apear in any logfile
+ This can be done by adding the following line:
+ Defaults:$admin !syslog
+
+3. Set up perl
+ We need some external perl-modules, Quota and Net::SSH::Perl
+ Th install them, run:
+ perl -MCPAN -e shell
+ install Quota
+ install Net::SSH::Perl
+ Please answer all questions to describe your system
+ Every additional needed module should be installed
+ automaticly
+ LDAP isn't used by lamdaemon.pl anymore
+
+ I installed Math::Pari, a needed module, by hand.
+ I had many problems to install Math::Pari, a module needed
+ by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case).
+ I found the following solution to prevent this bug:
+ * Download and untar pari (http://www.parigp-home.de)
+ * Download and untar Math::Pari
+ * run perl Makefile.PL
+ * edit Makefile and libPARI/Makefile
+ Replace line "OPTIMIZE = -O3 --pipe" with
+ "OPTIMIZE = -O1 --pipe".
+ * run make
+ * run make install
+
+4. Set up ssh
+ On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config
+ to get lamdaemon.pl work
+ I had some problems to log in with ssh if the password hash of the
+ admin-user was encrypted with {SSHA}. I had to change encryption
+ for admin-accounts to {CRYPT} to get ssh work.
+
+5. Test lamdaemon.pl
+ I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl
+ with the following attributes to test it:
+ lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
+ $ssh-server is the remote host lamdaemon.pl should be run
+ $lam_path_on_host is the path to lamdaemon.pl on remote host
+ $admin-username is the name of the user which is allowed to run lamdaemon.pl
+ as root. It's the same user in /etc/sudoers
+ $admin-password is the password of admin-user
+ *test is the command which tells lamdaemon.pl to test settings
+
+ You have to run the coammd as the user your webserver is running as, e.g.
+
+ wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
+ 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test
+
+ You should get the following response:
+ Net::SSH::Perl successfully installed.
+ sudo set up correctly.
+ Perl quota module successfully installed.
+ If you have'nt seen any error lamdaemon.pl should set up successfully.
+
+Now everything should work fine
+
+This is a very incomplete Documention for Beta-Release only.
+Pleas send a mail to TiloLutz@gmx.de if you have any suggsestion
diff --git a/lam-0.4/docs/README.openldap b/lam-0.4/docs/README.openldap
new file mode 100644
index 00000000..8e69be4f
--- /dev/null
+++ b/lam-0.4/docs/README.openldap
@@ -0,0 +1,21 @@
+Some basic hints to configure the openLDAP server:
+
+SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts
+ change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values.
+
+INDICES: Indices will improve the performance when searching for entries in the LDAP directory.
+ The following indices are recommended:
+
+ index objectClass eq
+ index default sub
+ index uidNumber eq
+ index gidNumber eq
+ index memberUid eq
+ index cn,mail,surname,givenname eq,subinitial
+ # Samba 2.x
+ index rid eq
+ index primaryGroupID eq
+ # Samba 3.x
+ index sambaSID eq
+ index sambaPrimaryGroupSID eq
+ index sambaDomainName eq
diff --git a/lam-0.4/docs/README.security b/lam-0.4/docs/README.security
new file mode 100644
index 00000000..aace300c
--- /dev/null
+++ b/lam-0.4/docs/README.security
@@ -0,0 +1,36 @@
+
+1. Use of SSL
+
+ The data which is transfered between you and the LAM server is very sensitive.
+ Please always use SSL encrypted connections between LAM and your browser to
+ protect yourself against network sniffers.
+
+
+2. LDAP+SSL and TLS
+
+ LAM should start TLS automatically if possible. LDAP+SSL will be used if you use
+ ldaps://servername in your configuration file.
+
+
+3. Chrooted servers
+
+ If your server is chrooted and you have no access to /dev/random or /dev/urandom
+ this can be a security risk. LAM stores your LDAP password encrypted in the session.
+ LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible.
+ Therefore the key can be easily guessed.
+ An attaker needs read access to the session file (e.g. by another Apache instance) to
+ exploit this.
+
+
+4. LDAP-password protection
+
+ Your LDAP-password is stored encrypted in the session file. The key and IV to decrypt
+ it are stored in two cookies. We use AES to encrypt the passwort.
+
+
+5. Protection of new user passwords
+
+ These passwords are, if stored in the session file, encrypted with the same key and IV
+ as your LDAP-password.
+
+
diff --git a/lam-0.4/docs/README.shells b/lam-0.4/docs/README.shells
new file mode 100644
index 00000000..313cd97e
--- /dev/null
+++ b/lam-0.4/docs/README.shells
@@ -0,0 +1,13 @@
+
+config/shelld is a symbolic link to /etc/shells
+which should contain all valid shells for new
+users.
+Unforutnatly some debian installations don't have
+/bin/false and /bin/true in /etc/shells.
+It's also possible valid shells differs completly
+because /etc/shells on another host should be used.
+
+If you want to use your own list of shells copy /etc/shells
+to config/shells and change it to your benefits.
+
+If you have questions feel free to mail me: TiloLutz@gmx.de
diff --git a/lam-0.4/graphics/banner.jpg b/lam-0.4/graphics/banner.jpg
new file mode 100644
index 00000000..6cae7cf0
Binary files /dev/null and b/lam-0.4/graphics/banner.jpg differ
diff --git a/lam-0.4/graphics/error.png b/lam-0.4/graphics/error.png
new file mode 100644
index 00000000..cab3b994
Binary files /dev/null and b/lam-0.4/graphics/error.png differ
diff --git a/lam-0.4/graphics/info.png b/lam-0.4/graphics/info.png
new file mode 100644
index 00000000..1e75231a
Binary files /dev/null and b/lam-0.4/graphics/info.png differ
diff --git a/lam-0.4/graphics/printLogo.jpg b/lam-0.4/graphics/printLogo.jpg
new file mode 100644
index 00000000..6cae7cf0
Binary files /dev/null and b/lam-0.4/graphics/printLogo.jpg differ
diff --git a/lam-0.4/graphics/select.png b/lam-0.4/graphics/select.png
new file mode 100644
index 00000000..4f01a983
Binary files /dev/null and b/lam-0.4/graphics/select.png differ
diff --git a/lam-0.4/graphics/warn.png b/lam-0.4/graphics/warn.png
new file mode 100644
index 00000000..85588276
Binary files /dev/null and b/lam-0.4/graphics/warn.png differ
diff --git a/lam-0.4/help/extFileExample.php b/lam-0.4/help/extFileExample.php
new file mode 100644
index 00000000..fece4d7d
--- /dev/null
+++ b/lam-0.4/help/extFileExample.php
@@ -0,0 +1,28 @@
+
+
+
+
diff --git a/lam-0.4/help/help.inc b/lam-0.4/help/help.inc
new file mode 100644
index 00000000..ae0a98b5
--- /dev/null
+++ b/lam-0.4/help/help.inc
@@ -0,0 +1,313 @@
+ array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Login"),
+ "Text" => _("Please enter the configuration password. This is NOT your LDAP password. It is stored in your .conf-file. If this is the first time you log in, enter \"lam\".")),
+ "201" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Server address"),
+ "Text" => _("This is the server address of your LDAP server. Use ldap:// for standard LDAP connections and ldaps:// for encrypted (require server certificates) connections. The port value is optional.") .
+ "
" .
+ _("Examples") .
+ ":
" .
+ _("ldap://localhost:389 connects to localhost using a standard LDAP connection on port 389") .
+ " " .
+ _("ldaps://141.40.146.133 connects to 141.40.146.133 using an encrypted LDAP connection.") .
+ "
" .
+ _("Note") .
+ ":
" .
+ _("When using ldaps:// be sure to use exactly the same IP/domain name as in your certificate!")),
+ "202" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("User/Group/Host suffix"),
+ "Text" => _("This is the suffix of the LDAP tree from where to search for user/group/host entries. Only entries in these subtrees will be displayed in the user/group/host list. When creating a new accont this will be the DN where it is saved.") .
+ "
".
+ _("Examples").
+ ":
".
+ _("ou=People,dc=yourcompany,dc=com will read and store all accounts in this subtree.")),
+ "203" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("UID number"),
+ "Text" => _("These are the minimum and maximum numbers to use for user IDs when creating new user accounts. The range has to be different from that of machines. New user accounts will always get the highest number in use plus one.")),
+ "204" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("GID number"),
+ "Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one.")),
+ "205" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Machine number"),
+ "Text" => _("These are the minimum and maximum numbers to use for machine IDs when creating new accounts for Samba hosts. The range has to be different from that of users. New host accounts will always get the highest number in use plus one.")),
+ "206" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("List attributes"),
+ "Text" => _("This is the list of attributes to show in the user/group/host list. The entries can either be predefined values, \"#value\", or individual ones, \"value:description\". Several entries are seperated by semicolons.") .
+ "
" .
+ _("Users") .
+ ": #uid, #uidNumber, #gidNumber, #cn, #host, #givenName, #sn, #homeDirectory, #loginShell, #mail, #gecos".
+ " " .
+ _("Groups") .
+ ": #cn, #gidNumber, #memberUID, #member, #description".
+ " " .
+ _("Hosts") .
+ ": #uid, #cn, #rid, #description"),
+ "207" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Valid users"),
+ "Text" => _("This is a list of valid DN entries of all users that are allowed to login to LDAP Account Manager. The user names have to be separated by semicolons.") .
+ "
" .
+ _("Example") .
+ ": cn=admin,dc=yourdomain,dc=org;cn=manager,dc=yourdomain,dc=org"),
+ "208" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Maximum list entries"),
+ "Text" => _("This is the number of rows to show in the user/group/host list. If more entries are found the list will be split into several pages.")),
+ "209" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Default language"),
+ "Text" => _("Defines the language of the login window and sets this language as the default language. Users can change the language at login.")),
+ "210" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Script path"),
+ "Text" => _("This is the absolute path to an external script for setting quotas and creating home directories.").
+ "
".
+ _("Use it at your own risk and read the documentation for lamdaemon before you use it!").
+ "",
+ "SeeAlso" => "TODO link to lamdaemon doku"),
+ "211" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Script server"),
+ "Text" => _("This is the server where the lamdaemon script is stored. LDAP Account Manager will make a SSH connection to this server with username and password provided at login.").
+ "
".
+ _("Use it at your own risk and read the documentation for lamdaemon before you use it!").
+ "",
+ "SeeAlso" => "TODO link to lamdaemon doku"),
+ "212" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Change password"),
+ "Text" => _("If you want to change the current preferences password, please enter it here.")),
+ "213" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Samba version"),
+ "Text" => _("If you use Samba 3.x with the new LDAP schema say \"yes\" here, otherwise \"no\".").
+ "
".
+ _("LAM will not work if version is wrong!").
+ ""),
+ "214" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Cache timeout"),
+ "Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")),
+ "215" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Password hash type"),
+ "Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")),
+ "216" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Text for user PDF"),
+ "Text" => _("This text will appear on top of every user PDF file.")),
+ "230" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Add profile"),
+ "Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
+ "231" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Rename profile"),
+ "Text" => _("Please enter the new name of the profile. The name may contain letters, numbers and -/_.")),
+ "232" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Delete profile"),
+ "Text" => _("This will delete the selected profile.")),
+ "233" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Set profile password"),
+ "Text" => _("This changes the password of the selected profile.")),
+ "234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
+ "Text" => _("This changes the profile which is selected by default at login.")),
+ "235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"),
+ "Text" => _("If you want to change your master configuration password, please enter it here.")),
+ "236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"),
+ "Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
+ // 300 - 399
+ // Roland Gruber
+ // profile editor
+ "301" => array ("ext" => "FALSE", "Headline" => _("Profile Editor") . " - " . _("Set Unix password for Samba"),
+ "Text" => _("If set to \"yes\" the Windows password will be the same as the Unix one.").
+ "
".
+ _("If unsure say \"yes\" here.")),
+ "302" => array ("ext" => "FALSE", "Headline" => _("Profile Editor") . " - " . _("User can change password"),
+ "Text" => _("If set to \"yes\" the user will be able to change his Windows password.").
+ "