WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

This commit is contained in:
Roland Gruber 2015-03-15 17:58:01 +00:00
commit d8d51d502b
3154 changed files with 551962 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lam/.htaccess Normal file
View File

@ -0,0 +1,11 @@
<Files *>
Options +FollowSymLinks
<IfVersion < 2.3>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
DirectoryIndex index.html
</Files>

346
lam/COPYING Normal file
View File

@ -0,0 +1,346 @@
Most parts of LDAP Account Manager are licensed under the GNU GENERAL PUBLIC LICENSE.
See the copyright file for a detailed list of licenses.
-------------------------------------------------------------------------------------
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

816
lam/HISTORY Normal file
View File

@ -0,0 +1,816 @@
31.03.2015 4.9
- Requires PHP 5.3.2 or higher
- Templates for server profiles
- Unix/Personal: support SASL as password hash type
- PDF export: added option to print primary group members
- Use HTTP_X_REAL_IP/HTTP_X_FORWARDED_FOR to log IP addresses (RFE 120)
- LAM Pro:
-> Personal: support image file size limit and cropping (requires php-imagick) in self service
-> Password self reset: allow to enter custom security questions (RFE 115)
-> Unix groups (rfc2307bis): allow to sync members from group of (unique) names (RFE 116)
-> Self Service: support password change with old password (requires PHP >= 5.4.26)
- Fixed bugs:
-> Self Service shows password reuse error after password change was required
16.12.2014 4.8
- Active Directory: support paged result as workaround for size limit exceeded
- FreeRadius: support dialupAccess and radiusProfileDn
- Usability improvements
- LAM Pro:
-> Self service: added option if referrals should be followed
- fixed bugs:
-> missing LDAP_DEREF_NEVER in some cases (169)
07.10.2014 4.7.1
- fixed bugs:
-> Blank page and "User tried to access entry of type ..." log message when DN suffix does not exactly match case in LDAP
28.09.2014 4.7
- Nginx webserver support
- DHCP: support pooling of IP ranges (RFE 107)
- Personal: support pager attribute (hidden by default)
- Renamed config/lam.conf_sample to lam.conf.sample and config.cfg_sample to config.cfg.sample
- LAM Pro:
-> Password dialog: preset alternate email address with backup email address (RFE 111)
12.06.2014 4.6
- Unix groups: allow to disable membership management
- Extended LAM's internal password policies
- Lamdaemon: move home directory on server if changed
- Password policy check during typing
- LAM Pro:
-> Password self reset and user self registration support to set a header text
-> Sudo roles: support latest schema
-> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values
18.03.2014 4.5
- IMAP: allow dynamic admin user names by replacing wildcards with LDAP attributes
- Personal: allow to set fields read-only
- NIS mail aliases can be managed on user page
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
- Windows user/group: NIS support (msSFU30NisDomain, msSFU30Name)
- LAM Pro:
-> Allow to set single account types read-only
-> Support for organizationalRole entries
-> Separate IP restriction list for self service
-> Bind DLZ: support TXT/SRV records
-> Self Service: added language selection
-> Password self reset: support backup email address
-> Custom fields: support help texts
-> Support for Oracle databases (orclNetService) (RFE 104)
- fixed bugs:
-> PDF export for multiple entries does not work (163)
-> Personal: fixed photo upload if Imagick is not installed (161)
-> Use account filters for Unix membership management (165)
18.12.2013 4.4
- PyKota support: users, groups, printers, billing codes
- Kolab shared folder support
- New tool "Multi edit" allows LDAP operations on a large number of entries (e.g. adding attributes)
- Allow to set a custom label for each account type
- Unix: switch also additional membership if primary group is changed (RFE 108)
- Windows: fixed user name handling, sAMAccountName now optional
- Apache 2.4 support (requires Apache "version" module)
- Added Turkish, Ukrainian and US English translation
- LAM Pro:
-> Bind DLZ support
-> Samba/Shadow: display password change date in self service
-> Custom fields: support custom label and icon, auto-completion
-> User self registration: support constant attribute values
-> Self service: allow to set custom field labels
- Fixed bugs:
-> Format of photo in Personal tab (158)
25.09.2013 4.3
- Custom SSL CA certificates can be setup in LAM main configuration
- Unix user and group support for Samba 4
- Samba 3 groups: support local members
- Kolab: support group accounts and allowed senders/receivers for users
- SSH public key: support file upload and self service enhancements (RFE 101)
- DHCP: support more options (RFE 99)
- LAM Pro:
-> PPolicy: check password history for password reuse
-> Custom fields: read-only fields for admin interface and file upload for binary data
-> Custom scripts: support user self registration
-> Password self reset: Samba 3 sync, identification with login attribute, Samba 4 support
- Fixed bugs:
-> Custom fields: auto-adding object classes via profile editor fixed
-> PHP 5.5 compatibility
-> Lamdaemon: do not show message if home directory to delete was not found (154)
18.06.2013 4.2.1
- Fixed bugs:
-> Unix: suggested user name must be lower case
-> Quota: profile editor does not work in some cases
04.06.2013 4.2
- Samba 4 support: users, groups, hosts
- Unix: allow to change format for suggested user name
- LAM Pro:
-> Zarafa support for Samba 4
-> allow to hide buttons to create/delete entries for each account type
-> Password self reset: support new identification methods: user, email, user or email, employee number
-> Custom fields: support PDF, profiles and multi-value text fields
-> Personal: support password mail sending in file upload
19.03.2013 4.1
- Updated EDU person module (RFE 3599128)
- Personal: allow management of user certificates (RFE 1753030)
- Unix: Support Samba Unix Id pool for automatic UID/GID generation
- DHCP: support separated dhcpServer and dhcpService entries
- LAM Pro:
-> Support Qmail groups
- Fixed bugs:
-> changed user and group size limits (3601649)
06.01.2013 4.0.1
- support additional LDAP filters for account types
- allow to hide account types (that are required by other account types)
- fixed bugs:
-> missing directories config/pdf and config/profiles on fresh installations
17.12.2012 4.0
- account profiles and PDF structures are now bound to server profile
- IMAP: support "/" as path separator (RFE 3575692)
- show server profile name on config pages (RFE 3579768)
- LAM Pro:
-> Custom fields for admin interface
-> MIT Kerberos support
-> Qmail user support
25.09.2012 3.9
- Kolab 2.4 support
- Puppet support
- LAM Pro
-> support RFC2307bis automount entries
-> read-only fields in self service
- fixed bugs
-> Hidden tools are still shown on the "Tools" page (3546092)
19.07.2012 3.8
- quick (un)lock for users
- allow to disable tools
- LAM Pro:
-> Custom fields module allows to manage custom LDAP attributes in Self Service
-> Self service now supports user self registration
-> Separate group of names module for users allows to manage memberships if Unix module is not used (RFE 3504429)
-> Named object module for groups (used for rfc2307bis schema)
-> Password change page allows account (un)locking
-> Allow to send password mails on user edit page
-> Custom scripts: supports manual scripts that can be run from account edit pages
-> Zarafa 7.1 support (proxy URL for servers)
- fixed bugs
-> Asterisk extensions with same name (3528288)
25.03.2012 3.7
- Login: support bind user for login search
- Personal: added labeledURI and cosmetic changes, description is now multi-valued (RFE 3446363)
- Asterisk extensions: group extension entries by name and context
- File upload:
-> support custom scripts postCreate (LAM Pro)
-> PDF export
- New translation: Slovakian
- removed phpGroupWare support (project no longer exists)
- Use new password after self password change (RFE 3446350)
- LAM Pro:
-> Password self reset can send password confirmation and notification mails
-> Zarafa archiver support
-> Heimdal Kerberos support
- Fixed bugs:
-> DHCP: error message not displayed properly (3441975)
-> Profile loading not possible if required fields are not filled (3444948)
-> Tree view: unable to add object class (3446037)
-> Edit page: unable to move accounts to different OU
-> Self Service: support forced password changes (PPolicy) (3483907)
-> XSS security patch (3496624)
23.11.2011 3.6.1
- LAM Pro: fixed password reset function
22.11.2011 3.6
- support HTTP authentication for admin pages and self service
- new modules
-> authorizedServiceObject
-> FreeRadius
- LAM Pro
-> added password self reset feature
-> Zarafa 7 support
-> Zarafa support for dynamic groups, address lists and contacts
-> Unix: group of names can be managed on user edit page
- Fixed bugs:
-> Unix: check for upper-case characters in user name (3416180)
09.08.2011 3.5.0
- New modules:
-> "General information": shows internal data about accounts (e.g. creation time)
-> "Quota": manage filesystem quota inside LDAP (Linux DiskQuota) (RFE 1811449)
- Personal: New attributes o, employeeNumber, initials
- Unix: Support to create home directories on multiple servers and also for existing users
- Server information shows data from cn=monitor
- Lots of small improvements
- LAM Pro:
-> Automount: allow to create automount maps
-> Password policy: allow to (un)lock accounts
- Fixed bugs:
-> Owner attribute is multi-valued (3300727)
2011-04-25 3.4.0
- IMAP mailboxes:
-> support to read user name from uid attribute
-> added quota management
- Personal: added additional options for account profiles
- Mail aliases: sort receipients (RFE 3170336)
- Asterisk: support all attributes (can be disabled in configuration)
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
- LAM Pro:
-> support automount entries
-> Zarafa groups: allow combination with group of names
-> enhanced wildcards for custom scripts
-> Group of (unique) names: allow members to be optional
- Fixed bugs:
-> Renaming of default profile (3183920)
-> Profile editor: fixed problems with multi select
12.02.2011 3.3.0
- additional usability enhancements
- new IMAP module ("Mailbox (imapAccess)") allows to create/delete user mailboxes
- LAM Pro: enhanced Zarafa to support users and groups for "Send as" (new configuration option)
- PDF export: higher resolution for logos
- reduced number of LDAP queries
- lamdaemon: support journaled quotas
- Fixed bugs:
-> ignore comment lines in shells file (3107124)
-> home directory creation on file upload
28.10.2010 3.2.0
- large usability enhancements
- Shadow: allow to force password change when maximum password age is set
- DHCP: renamed module "Fixed IPs" to "Hosts", IP is now optional (3038797)
- PHP version 5.2.4 or higher required
- LAM Pro:
-> Zarafa support (user, group, server)
-> Password policy: allow to force password change (RFE 3026940)
-> Password reset page: mail subject, text and from address can be set in server profile
-> Self service: Asterisk (voicemail) password synchronisation
- Fixed bugs:
-> Email check did not include "+" (3033605)
-> Tab index on login page (3042622)
04.07.2010 3.1.1
- LAM Pro: fix for user self service
25.06.2010 3.1.0
- usability improvements
- Asterisk voicemail support
- new hosts module for user accounts to define valid login workstations (replaces inetOrgPerson schema hack) (2951116)
- PDF editor: descriptive fields
- lamdaemon:
-> sudo entry needs to be changed to ".../lamdaemon.pl *"
-> replaced PHP SSH2 with phpseclib
- LAM Pro
-> custom scripts: new options to hide executed commands and define if output is HTML or plain text
-> support sudo entry management (object class sudoRole)
- fixed bugs:
-> Asterisk password handling (patch 2979728)
-> Samba domain SID check (2994528)
-> language selection at login (2996335)
24.03.2010 3.0.0
- support to remove extension from an existing account: shadowAccount, sambaSamAccount, eduPerson
- file upload: allow to select account modules for upload
- removed frames
- Unix: automatic user name generation from first and last name (2492675)
- LAM Pro:
-> support OpenLDAP password policies (ppolicy)
-> manage host IP addresses (ipHost)
- fixed bugs:
-> Multi-delete not working (2931458)
-> Samba: can/must change password needs to be read from domain policy (2919236)
-> DNs which include "#" are not editable/deletable (2931461)
-> fixed configure/Makefile
-> Asterisk input fields and authentication realm (patch 2971792)
16.12.2009 2.9.0
- Asterisk support
- new tool: server information
- consolidated LAM documentation in new manual (docs/manual/index.html)
- DHCP: add host name to fixed IPs (RFE 2898948)
- LAM Pro:
-> enabled custom scripts for self service
-> support for nisObject object class
- fixed bugs:
-> unable to edit accounts with DNs that contain spaces next to a comma (2889473)
-> login method "LDAP search" has problems if LDAP server is down (2889414)
-> filter in account lists did not support non-ASCII letters
-> alias handling (2901248)
-> DHCP range check (2903267)
28.10.2009 2.8.0
- ability to hide fields: inetOrgPerson, sambaSamAccount
- compatibility with PHP 5.3
- one central button to change passwords on account pages
- removed support for Samba 2 accounts
- removed lamdaemonOld script
05.08.2009 2.7.0
- LAM Pro: allow to execute custom scripts
- log client IP at login attempt
- added separate configuration option to enable/disable TLS encryption
- Samba 3: allow to disable LM hashes (on by default) (RFE 2657140)
- DHCP: added description field and reordered fixed IP input fields
- fixed bugs:
* added additional check for creating home directories (2798489)
* support memcache for session storage (2811505)
08.04.2009 2.6.0
- support NIS netgroups
- support EDU person accounts (RFE 1413731)
- Personal: support departmentNumber attribute
- DHCP: allow file upload
- added config option to search LAM login users in LDAP (RFE 2494249)
- help messages are displayed as tooltips
- LAM Pro:
-> add businessCategory to self service (RFE 2494246)
-> allow to customize page headers and use custom CSS styles
21.01.2009 2.5.0
- LAM Pro:
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
-> added alias manangement (object classes alias + uidObject) (RFE 1912779)
- Shadow: module is now optional when creating new accounts
- Kolab:
-> account extension is now optional
-> can be used without Unix module
-> self service uses no extra LDAP suffix but uses global setting
- DHCP:
-> several bugfixes
-> added PDF support
-> support multiple Netbios name servers (RFE 2180179)
- Samba 3:
-> self service sets attribute "sambaPwdLastSet" on password change (LAM Pro)
-> password timestamps can be updated on password reset page (LAM Pro)
-> option to force password change on next login
-> profile options for time when the user can/must change the password
15.10.2008 2.4.0
- added DHCP management (donated by Siedl networks GmbH)
- requires PHP 5.1.2
- MHash dependendy replaced by Hash
- save last selected server profile from login page
- lamdaemon: allow to specify SSH port
- lamdaemon: added Syslog logging
- Unix: added profile options for lamdaemon
- LAM Pro: password reset page is able to unlock Samba accounts and sets shadowLastChange
- fixed bugs:
* problems with DN containing ( and ) (2059740)
* problem with gecos field in file upload (2103936)
30.04.2008 2.3.0
- added Polish translation
- support phpGroupWare accounts
- password policies
- redesigned PDF editor
- show mail addresses as link in account list
- Unix: allow primary group members to be added as memberUid
- Kolab: support LAM Pro self service
- LAM Pro: new account type for groupOf(Unique)Names
- fixed bugs:
-> XHTML headers should be removed (1912736)
23.01.2008 2.2.0
- account lists:
-> allow to switch sorting
-> added separate configuration page and store settings in cookies
-> list size can now be set individually for each account type on the list configuration page
-> new PDF buttons
- use suffix from account list as default for new accounts (patch 1823583)
- Security: passwords in configuration files are now saved as hash values
- improved design
- style fixes for Internet Explorer users
- Unix: allow to set host passwords (RFE 1754069)
- Unix: allow to generate random passwords for users
- Samba 3 groups: Samba part is now optional
- Personal: add object classes person and organizationalPerson for new accounts (RFE 1830033)
- new LDAP schema check on tests page
- LAM Pro:
-> added possibility for deskside support to reset passwords at account list page
-> access levels (read only, change passwords, write access) for server profiles
07.11.2007 2.1.0
- tabular design for account pages
- show DN on account pages
- Samba 3: made Samba account optional
- Samba 3: manages now terminal server settings
- fixed bugs:
-> LAM Pro: UTF-8 characters are invalid displayed on configuration page (1788752)
-> LAM works again on PHP 5.1.x (1792447)
-> Quota: managing group quotas does not work (1811728)
-> Samba 3 domains: lockout users after bad logon attempts must allow 0 - 999 (1814578)
08.08.2007 2.0.0
- new translations: Chinese (Simplified), Czech and Portuguese
- usability improvements
- LDAP accounts including child entries can now be moved
- group list can show primary members (RFE 1517679 and patch 1722460)
- more translated example texts (RFE 1702140)
- inetOrgPerson: now manages homePhone, roomNumber, businessCategory
- posixAccount: allow to create home directories in file upload (RFE 1665034)
- account lists: display buttons on top and bottom (RFE 1702136)
- fixed bugs:
-> OU editor: help images (1702132)
-> config editor: extra space (1702269)
-> fixed some inconsistent help entries (1694863)
-> user list: refreshing GID translation did not work (1719168)
-> allow uid as RDN attribute for inetOrgPerson (1740499)
-> PHP Warning: mcrypt_decrypt(): The IV parameter must be ... (1742543)
-> uid attribute no longer required for InetOrgPerson (1757215)
28.03.2007 1.3.0
- improved design
- user list can now display jpegPhoto attributes
- lamdaemon: support for multiple servers
- LAM Pro: users may change their photos (jpegPhoto)
- fixed bugs:
-> ShadowAccount: PDF entry for expire date was wrong (1658868)
-> Samba groups: fixed help entry (patch 1664542)
-> Debian package did not include lamdaemonOld.pl (1660493)
-> NIS mail aliases: allow more characters in alias name (1674198)
-> fixed syntax errors in some .htaccess files
-> security fix: HTML special characters in LDAP data were not escaped
Developers:
API changes:
- added listPrintTableCellContent() to class lamList
- added listPrintAdditionalOptions() to class lamList
- added preModifyActions() to class baseModule
- added postModifyActions() to class baseModule
- added preDeleteActions() to class baseModule
- added postDeleteActions() to class baseModule
24.01.2007 1.2.0
- Samba 3: better handling of date values
- Samba 3: Handling of locked accounts (RFE 1609076)
- LAM Pro: modules can define configuration settings (Unix: password hashing)
- LAM Pro: management of groupOfNames and groupOfUniqueNames entries (RFE 875482)
- fixed bugs:
-> Lamdaemon test did not work on PHP 4
-> InetOrgPerson: Problems with error messages (1628799)
Developers:
API changes:
- removed get_configDescription() from module interface
- added functions to handle configuration settings for LAM Pro
01.11.2006 1.1.1
- Lamdaemon: added test page (Tools -> Tests -> Lamdaemon test)
- LAM Pro: Samba passwords can now be synchronized with Unix password
- Shadow account: better management of expiration date
- fixed bugs:
-> Unix: password hashing problem (1562426)
-> Unix: No error message for wrong UID numbers in file upload
-> Filters in account lists get lost when sorting the table
20.09.2006 1.1.0
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
- Samba 2/3: "Use Unix password" now on by default (1517678)
Developers:
API changes:
- removed $post parameters from module functions (delete_attributes(),
process_...(), display_html_...()). Use $_POST instead.
- process_...() functions: returned messages are no longer grouped
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
10.08.2006 1.0.4
- added Russian translation
- Samba 3: added policies for domain objects
- inetLocalMailRecipient: print warning if local address is already in use
05.07.2006 1.0.3
- fixed bugs:
-> Kolab: fixed problem with message about missing password
-> Unix groups: fixed auto GID
-> Unix users/groups: fixed silent unlocking of passwords
-> Unix users/groups: removed invalid password option
-> Shadow: account expiration date was incorrect in some time zones
-> User list: fixed problems when deleting users and translated GIDs are activated (1503367)
24.05.2006 1.0.2
- security enhancements: session timeout, logging, host restrictions
- handle LDAP attribute aliases correctly
- fixed bugs:
-> PDF creation bug when GID translation is activated (1477111)
-> allow "@" in passwords (1477878)
-> Samba 2/3: fixed NT hashes
-> fixed handling of multi-value attributes (e.g. in inetLocalMailRecipient)
12.04.2006 1.0.1
- LAM can now be installed with "configure" and "make install"
- added workaround for misspelled object classes (e.g. sambaSAMAccount by smbldap-tools)
- Unix: merged password hash settings for Unix users and groups
- Samba 3: added Windows group to profile options
- security: LAM checks the session id and client IP
- fixed bugs:
-> Samba 3: hash values were wrong in some rare cases (1440021)
-> Samba 3: readded time zone selection for logon hours (1407761)
-> Unix: call of unknown function (1450464)
01.03.2006 1.0.0
- new architecture with support for more account types
- new translations: Traditional Chinese, Dutch
- fixed bugs:
-> Samba groups: editing of special groups fixed
-> changed check for mail addresses (patch 1403922)
-> fixed JPG upload when MCrypt is enabled
-> fixed login problems for AD servers
-> improved sorting of account lists
-> fixed language setting in default configuration profile
-> fixed PHP5 warnings (getdate() and mktime())
-> error messages in Samba domain module (1437425)
-> fixed expired passwords with shadowAccount module
-> added lamdaemon.pl compatibility and security patches by Tim Rice
08.02.2006 1.0.rc2
- new translation: Dutch
- fixed bugs:
-> changed check for mail addresses (patch 1403922)
-> fixed JPG upload when MCrypt is enabled
-> fixed login problems for AD servers
09.01.2006 1.0.rc1
- new architecture with support for more account types
- new translation: Traditional Chinese
- fixed bugs:
-> Samba groups: editing of special groups fixed
14.12.2005 0.5.3
- accounts are now deleted with subentries
- big update for Italian translation
- inetOrgPerson: support jpegPhoto images
- less restrictive input checks
- fixed bugs:
-> fixed problems with case-insensitive DNs
-> file upload did not work when max_execution_time=0 (1367957)
-> posixGroup: fixed help entries
16.11.2005 0.5.2
- New module for SSH public keys
- check file permissions on login page
- fixed bugs:
-> creation of home directories did not work
-> allow spaces in profile names (1333058)
-> fixed problem with magic_quotes_gpc in profile editor (1333069)
-> inetOrgPerson: deletion of postal address and fax number now works
19.10.2005 0.5.1
- Samba 3: added support for account expiration
- fixed bugs:
-> automatic UID/GID assignment did not fully work
-> PDF: additional groups for Unix users
-> inetOrgPerson: fixed mobile number
-> Samba 2/3: passwords fixed for file uploads (1311561)
-> Samba 3: fixed logon hours (patch 1311915)
-> Samba 3: loading of domain setting from profile did not work
-> Quota: profile settings fixed
-> reduced memory usage
28.09.2005 0.5.0
- Samba 2/3: added display name in account pages
- fixed bugs:
-> fixed error message when creating new accounts with shadowAccount
-> added missing help entries on main account page
-> Samba 2/3: fixed settings for password expiration, no password and deactivated account
-> changing of RDN caused problems in some cases
08.09.2005 0.5.rc3
- INFO messages no longer prevent changing to subpages of a module
- fixed bugs:
-> buttons on account page are better sorted
-> account module: some problems solved when used for user accounts
-> nisMailAlias: fixed missing RDN possibility
-> fixed conflicts when accounts were built with other base modules
-> Samba 2/3: setting allowed workstations failed
-> magic_quotes_gpc = Off prevented editing of accounts
-> fixed help links on Samba and Unix pages
18.08.2005 0.5.rc2
- allow user accounts based only on "account" module
- inetOrgPerson: allow setting a password if posixAccount is not active
- fixed bugs:
-> removed Blowfish encryption (bad performance)
-> Kolab now complains if no user password is set
08.08.2005 0.5.rc1
- Kolab 2 support
- added manager and post office box for inetOrgPerson
- Samba 3: added support for logon hours
- Samba 3: added sambaSID as possible RDN attribute
- improved error handling in profile editor
- now quotas can be set on CSV upload
- new logo
- fixed bugs:
-> several fixes for PHP5
-> fixes for PDF editor and output
-> password changing in tree view did not work
-> fixed changing of group memberships for users
28.07.2005 0.4.10
- PHP5 compatibility added
30.06.2005 0.5.alpha2
- added documentation about schemas
- PDF now uses UTF-8 fonts
- added possibility to create plain inetOrgPerson accounts
- fixed bugs:
-> set DN suffix and RDN on profile loading
-> several fixes for PDF editor
-> creating Samba hosts now works
11.05.2005 0.5.alpha1
- new modular architecture
-> possibility to create Unix-only accounts
-> plugins for more objectClasses planned
-> enhanced PDF output
-> enhanced file upload
-> enhanced editor for account profiles
-> dynamic configuration options (based on modules)
- all pages in UTF-8
- added developer documentation
- PHPDoc formated comments
- new plugin for managing MAC addresses (RFE 926017)
- new plugin for managing NIS mail aliases (RFE 1050036)
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
- schema browser
- tree view
09.03.2005 0.4.9
- fixed bugs:
fixed error messages when moving an user account
fixed problem with special group SIDs
lamdaemon.pl security fix
26.01.2005 0.4.8
- allow "%" at the beginning of Samba home/profile path (1107998)
- fixed bugs:
fixed IE fix ;-)
no more warnings for profiles with no additional groups set
19.12.2004 0.4.7
- added "*.exe" to Samba logon script regex (1081715)
- fixed bugs:
fixed doctype of main frame
removed syntax check for LDAP suffixes
fixed IE bug at login
fixed encoding in HTTP header
passwords with "'" are now handled correctly at login (1081460)
fixed Samba flags if multiple hosts were created
updated .htaccess files to be compatible with newer Apache versions
26.05.2004 0.4.6
- fixed bugs:
password hashes were not disabled correctly
street was copied to postal code on modify (938502)
underscore was not allowed for host names (934445)
deleting postal address or facsimile number failed (948616)
TLS error handling (958497)
smaller fixes on personal settings page
21.03.2004 0.4.5
- added French translation
- fixed bugs:
StatusMessages with additional variables did not work
Samba hosts had unnecessary objectClass shadowAccount (910084)
Samba host passwords were still wrong
LAM had problems with non-standard spelled object classes (907636)
Perl scripts did not work if Perl is not installed in /usr/bin/perl (913554)
problems when cn!=uid (915041)
home directories were not deleted by lamdaemon.pl (913552)
29.02.2004 0.4.4 (stable)
- fixed bugs:
plain posix groups could not be used as Samba 3 primary group
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
some smaller bugs in mass upload
Samba hash values for hosts were not correct
Unix passwords could be disabled but not reenabled
fixed problem with eval() in status.inc (894433)
08.02.2004 0.4.3
- new login layout
- added Hungarian and Japanese translations
- fixed bugs:
Samba paswords were sometimes empty for new users (892272)
links in list views may not work with web servers other than Apache
21.01.2004 0.4.2
- added config wizard
- MHash is only needed for PHP < 4.3
- use Blowfish for encryption instead of MCrypt
29.12.2003 0.4.1
- better error handling at login
- support spaces in DNs
- PDF text for users
- create missing OUs recursivly
- fixed bugs:
SMD5 passwords were wrong
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
Samba 2 accounts could not be created
29.10.2003 0.4 (Beta1)
- improved design
- improved documentation
- Fixed possible error which could delete entries if objectclass didn't fit
- Fixed many samba 3.0 related bugs, most related to SIDs
- edit group members directly
- support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN)
- PDF output for groups and hosts
31.08.2003 0.3 (Alpha 3)
- Samba 3 support
- manage Samba 3 domains
- multiple configuration files
- PDF output
- better mass creation
04.07.2003 0.2 (Alpha 2)
- support for multiple OUs + OU-Editor
- account creation via file upload
- profile editor
- experimental Samba 3 support
- fixed a lot of bugs
23.05.2003 0.1 (Alpha 1)
Initial release

35
lam/README Normal file
View File

@ -0,0 +1,35 @@
LAM - Readme
============
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
directory. LAM runs on any webserver with PHP5 support and connects to your
LDAP server unencrypted or via SSL/TLS.
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
address book entries, NIS mail aliases and MAC addresses. There is a tree
viewer included to allow access to the raw LDAP attributes. You can use
templates for account creation and use multiple configuration profiles.
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
https://www.ldap-account-manager.org/
Copyright (C) 2003 - 2014 Roland Gruber <post@rolandgruber.de>
Installation and documentation:
Please see the LAM manual in docs/manual/index.html.
Default password:
The default password to edit the configuration options is "lam".
Download:
You can get the newest version at https://www.ldap-account-manager.org/.
License:
LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.
Have fun!
The LAM development team

1
lam/VERSION Normal file
View File

@ -0,0 +1 @@
4.9.RC1

9
lam/config/.htaccess Normal file
View File

@ -0,0 +1,9 @@
<Files *>
<IfVersion < 2.3>
Order allow,deny
Deny from all
</IfVersion>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
</Files>

206
lam/config/addressbook.conf.sample Normal file
View File

@ -0,0 +1,206 @@
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://localhost:389
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=Manager,dc=my-domain,dc=com
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}T2yboe0j+a41sZZm4UZl6kEzbcI= q9uv7w==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=yourdomain,dc=org
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_minUID: 10000
modules: posixAccount_maxUID: 30000
modules: posixAccount_minMachine: 50000
modules: posixAccount_maxMachine: 60000
modules: posixGroup_minGID: 10000
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user
types: suffix_user: ou=People,dc=my-domain,dc=com
types: attr_user: #uid;#givenName;#sn;#mail
types: modules_user: inetOrgPerson
types: suffix_group: ou=group,dc=my-domain,dc=com
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
# enable TLS encryption
useTLS: yes
# follow referrals
followReferrals: false
# paged results
pagedResults: false
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=yourdomain,dc=org
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
modules: inetOrgPerson_hideDescription: false
modules: inetOrgPerson_hideStreet: false
modules: inetOrgPerson_hidePostOfficeBox: false
modules: inetOrgPerson_hidePostalCode: false
modules: inetOrgPerson_hideLocation: false
modules: inetOrgPerson_hideState: false
modules: inetOrgPerson_hidePostalAddress: false
modules: inetOrgPerson_hideRegisteredAddress: false
modules: inetOrgPerson_hideOfficeName: false
modules: inetOrgPerson_hideRoomNumber: false
modules: inetOrgPerson_hideTelephoneNumber: false
modules: inetOrgPerson_hideHomeTelephoneNumber: false
modules: inetOrgPerson_hideMobileNumber: false
modules: inetOrgPerson_hideFaxNumber: false
modules: inetOrgPerson_hidePager: true
modules: inetOrgPerson_hideEMailAddress: false
modules: inetOrgPerson_hideJobTitle: false
modules: inetOrgPerson_hideCarLicense: false
modules: inetOrgPerson_hideEmployeeType: false
modules: inetOrgPerson_hideBusinessCategory: false
modules: inetOrgPerson_hideDepartments: false
modules: inetOrgPerson_hideManager: false
modules: inetOrgPerson_hideOu: false
modules: inetOrgPerson_hideO: false
modules: inetOrgPerson_hideEmployeeNumber: false
modules: inetOrgPerson_hideInitials: false
modules: inetOrgPerson_hideLabeledURI: false
modules: inetOrgPerson_hideuserCertificate: false
modules: inetOrgPerson_hidejpegPhoto: false
modules: inetOrgPerson_hideUID: false
modules: inetOrgPerson_readOnly_businessCategory: false
modules: inetOrgPerson_readOnly_cn: false
modules: inetOrgPerson_readOnly_employeeType: false
modules: inetOrgPerson_readOnly_postalAddress: false
modules: inetOrgPerson_readOnly_uid: false
modules: inetOrgPerson_readOnly_title: false
modules: inetOrgPerson_readOnly_description: false
modules: inetOrgPerson_readOnly_st: false
modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
modules: inetOrgPerson_readOnly_mail: false
modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
modules: inetOrgPerson_readOnly_jpegPhoto: false
modules: inetOrgPerson_readOnly_carLicense: false
modules: inetOrgPerson_readOnly_labeledURI: false
modules: inetOrgPerson_readOnly_initials: false
modules: inetOrgPerson_readOnly_registeredAddress: false
modules: inetOrgPerson_readOnly_mobile: false
modules: inetOrgPerson_readOnly_sn: false
modules: inetOrgPerson_readOnly_o: false
modules: inetOrgPerson_readOnly_ou: false
modules: inetOrgPerson_readOnly_l: false
modules: inetOrgPerson_readOnly_pager: false
modules: inetOrgPerson_readOnly_userPassword: false
modules: inetOrgPerson_readOnly_employeeNumber: false
modules: inetOrgPerson_readOnly_postOfficeBox: false
modules: inetOrgPerson_readOnly_postalCode: false
modules: inetOrgPerson_readOnly_roomNumber: false
modules: inetOrgPerson_readOnly_street: false
modules: inetOrgPerson_readOnly_homePhone: false
modules: inetOrgPerson_readOnly_telephoneNumber: false
modules: inetOrgPerson_readOnly_departmentNumber: false
modules: inetOrgPerson_readOnly_manager: false
modules: inetOrgPerson_readOnly_givenName: false
modules: inetOrgPerson_jpegPhoto_maxWidth:
modules: inetOrgPerson_jpegPhoto_maxHeight:
modules: inetOrgPerson_jpegPhoto_maxSize:
types: filter_user:
types: customLabel_user:
types: filter_group:
types: customLabel_group:
types: hidden_user:
types: hideNewButton_user:
types: hideDeleteButton_user:
types: readOnly_user:
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolMultiEdit: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolSchemaBrowser: false

12
lam/config/config.cfg.sample Normal file
View File

@ -0,0 +1,12 @@
# password to add/delete/rename configuration profiles (default: lam)
password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==
# default profile, without ".conf"
default: lam
# log level
logLevel: 4
# log destination
logDestination: SYSLOG

63
lam/config/language Normal file
View File

@ -0,0 +1,63 @@
# LDAP Account Manager language configuration file
#
# Do not modify!
# Each line consists of a ":"-seperated entry. The first part is the locale name,
# the second is the character encoding and the third the language name.
# Catalan
ca_ES.utf8:UTF-8:Català (Catalunya)
# Czech
cs_CZ.utf8:UTF-8:Čeština (Česko)
# German
de_DE.utf8:UTF-8:Deutsch (Deutschland)
# GB English
en_GB.utf8:UTF-8:English (Great Britain)
# US English
en_US.utf8:UTF-8:English (USA)
# Spanish
es_ES.utf8:UTF-8:Español (España)
# French
fr_FR.utf8:UTF-8:Français (France)
# Italian
it_IT.utf8:UTF-8:Italiano (Italia)
# Hungarian
hu_HU.utf8:UTF-8:Magyar (Magyarország)
# Dutch
nl_NL.utf8:UTF-8:Nederlands (Nederland)
# Polish
pl_PL.utf8:UTF-8:Polski (Polska)
# Portuguese
pt_BR.utf8:UTF-8:Português (Brasil)
# Russian
ru_RU.utf8:UTF-8:Русский (Россия)
# Slovakian
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
# Turkish
tr_TR.utf8:UTF-8:Türkçe (Türkiye)
# Ukrainian
uk_UA.utf8:UTF-8:Українська (Україна)
# Japanese
ja_JP.utf8:UTF-8:日本語 (日本)
# Chinese (Traditional)
zh_TW.utf8:UTF-8:繁體中文 (台灣)
# Chinese (Simplified)
zh_CN.utf8:UTF-8:简体中文 (中国)

251
lam/config/samba3.conf.sample Normal file
View File

@ -0,0 +1,251 @@
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://localhost:389
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=Manager,dc=my-domain,dc=com
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}ahGvrvP2tLZCEChawYlRD0v5dFk= sSirVg==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=yourdomain,dc=org
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_minUID: 10000
modules: posixAccount_maxUID: 30000
modules: posixAccount_minMachine: 50000
modules: posixAccount_maxMachine: 60000
modules: posixGroup_minGID: 10000
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group,host,smbDomain
types: suffix_user: ou=People,dc=my-domain,dc=com
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
types: suffix_group: ou=group,dc=my-domain,dc=com
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup,sambaGroupMapping
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
# enable TLS encryption
useTLS: yes
# follow referrals
followReferrals: false
# paged results
pagedResults: false
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=yourdomain,dc=org
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
modules: posixGroup_gidGenerator: range
modules: posixGroup_sambaIDPoolDN:
modules: posixGroup_gidCheckSuffix:
modules: posixGroup_hidememberUid: false
modules: sambaSamAccount_timeZone: 0
modules: sambaSamAccount_lmHash: yes
modules: sambaSamAccount_hideHomeDrive: false
modules: sambaSamAccount_hideHomePath: false
modules: sambaSamAccount_hideProfilePath: false
modules: sambaSamAccount_hideLogonScript: false
modules: sambaSamAccount_hideSambaPwdLastSet: false
modules: sambaSamAccount_hideWorkstations: false
modules: sambaSamAccount_hideLogonHours: false
modules: sambaSamAccount_hideTerminalServer: false
modules: posixAccount_uidGeneratorUsers: range
modules: posixAccount_sambaIDPoolDNUsers:
modules: posixAccount_uidCheckSuffixUser:
modules: posixAccount_uidGeneratorHosts: range
modules: posixAccount_sambaIDPoolDNHosts:
modules: posixAccount_uidCheckSuffixHost:
modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
modules: posixAccount_hidegecos: false
modules: posixAccount_primaryGroupAsSecondary: false
modules: posixAccount_userNameSuggestion: @givenname@%sn%
modules: inetOrgPerson_hideDescription: false
modules: inetOrgPerson_hideStreet: false
modules: inetOrgPerson_hidePostOfficeBox: false
modules: inetOrgPerson_hidePostalCode: false
modules: inetOrgPerson_hideLocation: false
modules: inetOrgPerson_hideState: false
modules: inetOrgPerson_hidePostalAddress: false
modules: inetOrgPerson_hideRegisteredAddress: false
modules: inetOrgPerson_hideOfficeName: false
modules: inetOrgPerson_hideRoomNumber: false
modules: inetOrgPerson_hideTelephoneNumber: false
modules: inetOrgPerson_hideHomeTelephoneNumber: false
modules: inetOrgPerson_hideMobileNumber: false
modules: inetOrgPerson_hideFaxNumber: false
modules: inetOrgPerson_hidePager: true
modules: inetOrgPerson_hideEMailAddress: false
modules: inetOrgPerson_hideJobTitle: false
modules: inetOrgPerson_hideCarLicense: false
modules: inetOrgPerson_hideEmployeeType: false
modules: inetOrgPerson_hideBusinessCategory: false
modules: inetOrgPerson_hideDepartments: false
modules: inetOrgPerson_hideManager: false
modules: inetOrgPerson_hideOu: false
modules: inetOrgPerson_hideO: false
modules: inetOrgPerson_hideEmployeeNumber: false
modules: inetOrgPerson_hideInitials: false
modules: inetOrgPerson_hideLabeledURI: false
modules: inetOrgPerson_hideuserCertificate: false
modules: inetOrgPerson_hidejpegPhoto: false
modules: inetOrgPerson_readOnly_businessCategory: false
modules: inetOrgPerson_readOnly_cn: false
modules: inetOrgPerson_readOnly_employeeType: false
modules: inetOrgPerson_readOnly_postalAddress: false
modules: inetOrgPerson_readOnly_uid: false
modules: inetOrgPerson_readOnly_title: false
modules: inetOrgPerson_readOnly_description: false
modules: inetOrgPerson_readOnly_st: false
modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
modules: inetOrgPerson_readOnly_mail: false
modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
modules: inetOrgPerson_readOnly_jpegPhoto: false
modules: inetOrgPerson_readOnly_carLicense: false
modules: inetOrgPerson_readOnly_labeledURI: false
modules: inetOrgPerson_readOnly_initials: false
modules: inetOrgPerson_readOnly_registeredAddress: false
modules: inetOrgPerson_readOnly_mobile: false
modules: inetOrgPerson_readOnly_sn: false
modules: inetOrgPerson_readOnly_o: false
modules: inetOrgPerson_readOnly_ou: false
modules: inetOrgPerson_readOnly_l: false
modules: inetOrgPerson_readOnly_pager: false
modules: inetOrgPerson_readOnly_userPassword: false
modules: inetOrgPerson_readOnly_employeeNumber: false
modules: inetOrgPerson_readOnly_postOfficeBox: false
modules: inetOrgPerson_readOnly_postalCode: false
modules: inetOrgPerson_readOnly_roomNumber: false
modules: inetOrgPerson_readOnly_street: false
modules: inetOrgPerson_readOnly_homePhone: false
modules: inetOrgPerson_readOnly_telephoneNumber: false
modules: inetOrgPerson_readOnly_departmentNumber: false
modules: inetOrgPerson_readOnly_manager: false
modules: inetOrgPerson_readOnly_givenName: false
modules: inetOrgPerson_jpegPhoto_maxWidth:
modules: inetOrgPerson_jpegPhoto_maxHeight:
modules: inetOrgPerson_jpegPhoto_maxSize:
types: filter_user:
types: customLabel_user:
types: filter_group:
types: customLabel_group:
types: hidden_user:
types: hideNewButton_user:
types: hideDeleteButton_user:
types: readOnly_user:
types: hidden_group:
types: hideNewButton_group:
types: hideDeleteButton_group:
types: readOnly_group:
types: hidden_host:
types: hideNewButton_host:
types: hideDeleteButton_host:
types: readOnly_host:
types: suffix_host: ou=machines,dc=my-domain,dc=com
types: attr_host: #cn;#description;#uidNumber;#gidNumber
types: filter_host:
types: customLabel_host:
types: hidden_smbDomain:
types: hideNewButton_smbDomain:
types: hideDeleteButton_smbDomain:
types: readOnly_smbDomain:
types: suffix_smbDomain: dc=my-domain,dc=com
types: attr_smbDomain: #sambaDomainName;#sambaSID
types: filter_smbDomain:
types: customLabel_smbDomain:
types: modules_host: account,posixAccount,sambaSamAccount
types: modules_smbDomain: sambaDomain
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolMultiEdit: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolSchemaBrowser: false

1
lam/config/selfService/.placeholder Normal file
View File

@ -0,0 +1 @@

6
lam/config/templates/pdf/default.alias.xml Normal file
View File

@ -0,0 +1,6 @@
<pdf type="alias" filename="printLogo.jpg" headline="Alias information">
<section name="_uidObject_uid">
<entry name="aliasEntry_entry" />
<entry name="main_dn" />
</section>
</pdf>

7
lam/config/templates/pdf/default.asteriskExt.xml Normal file
View File

@ -0,0 +1,7 @@
<pdf type="asteriskExt" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_asteriskExtension_AstExtension">
<entry name="asteriskExtension_AstContext" />
<entry name="asteriskExtension_owners" />
<entry name="asteriskExtension_rules" />
</section>
</pdf>

6
lam/config/templates/pdf/default.automountType.xml Normal file
View File

@ -0,0 +1,6 @@
<pdf type="automountType" filename="printLogo.jpg" headline="Automount information">
<section name="_automount_cn">
<entry name="automount_description" />
<entry name="automount_automountInformation" />
</section>
</pdf>

7
lam/config/templates/pdf/default.bind.xml Normal file
View File

@ -0,0 +1,7 @@
<pdf type="bind" filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
<section name="_bindDLZ_dlzHostName">
<entry name="bindDLZ_aRecord" />
<entry name="bindDLZ_ptrRecord" />
<entry name="bindDLZ_mxRecord" />
</section>
</pdf>

20
lam/config/templates/pdf/default.dhcp.xml Normal file
View File

@ -0,0 +1,20 @@
<pdf type="dhcp" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_dhcp_settings_subnet">
<entry name="dhcp_settings_domainName" />
<entry name="dhcp_settings_leaseTime" />
<entry name="dhcp_settings_maxLeaseTime" />
<entry name="dhcp_settings_DNSserver" />
<entry name="dhcp_settings_gateway" />
<entry name="dhcp_settings_netbiosServer" />
<entry name="dhcp_settings_netbiosType" />
<entry name="dhcp_settings_subnetMask" />
<entry name="dhcp_settings_netMask" />
<entry name="ddns_DNSserver" />
<entry name="ddns_zone" />
<entry name="ddns_reverseZone" />
<entry name="range_ranges" />
</section>
<section name="Fixed IPs">
<entry name="fixed_ip_IPlist" />
</section>
</pdf>

8
lam/config/templates/pdf/default.gon.xml Normal file
View File

@ -0,0 +1,8 @@
<pdf type="gon" headline="Group information">
<section name="_groupOfNames_name">
<entry name="main_dn" />
<entry name="groupOfNames_description" />
<entry name="groupOfNames_owner" />
<entry name="groupOfNames_members" />
</section>
</pdf>

8
lam/config/templates/pdf/default.group.xml Normal file
View File

@ -0,0 +1,8 @@
<pdf type="group" headline="Group information">
<section name="_posixGroup_cn">
<entry name="main_dn" />
<entry name="posixGroup_description" />
<entry name="posixGroup_gidNumber" />
<entry name="posixGroup_memberUid" />
</section>
</pdf>

9
lam/config/templates/pdf/default.host.xml Normal file
View File

@ -0,0 +1,9 @@
<pdf type="host" filename="printLogo.jpg" headline="Host information">
<section name="_posixAccount_uid">
<entry name="main_dn" />
<entry name="posixAccount_description" />
<entry name="posixAccount_uidNumber" />
<entry name="posixAccount_primaryGroup" />
<entry name="sambaSamAccount_sambaDomainName" />
</section>
</pdf>

11
lam/config/templates/pdf/default.kolabSharedFolderType.xml Normal file
View File

@ -0,0 +1,11 @@
<pdf type="kolabSharedFolderType" filename="printLogo.jpg" headline="Shared folder information" foldingmarks="no">
<section name="_kolabSharedFolder_cn">
<entry name="kolabSharedFolder_mailHost" />
<entry name="kolabSharedFolder_kolabTargetFolder" />
<entry name="kolabSharedFolder_kolabFolderType" />
<entry name="kolabSharedFolder_delegate" />
<entry name="kolabSharedFolder_aliases" />
<entry name="kolabSharedFolder_kolabAllowSMTPSender" />
<entry name="kolabSharedFolder_kolabAllowSMTPRecipient" />
</section>
</pdf>

5
lam/config/templates/pdf/default.mailAlias.xml Normal file
View File

@ -0,0 +1,5 @@
<pdf type="mailAlias" filename="printLogo.jpg" headline="Mail alias information">
<section name="_nisMailAlias_alias">
<entry name="nisMailAlias_recipients" />
</section>
</pdf>

7
lam/config/templates/pdf/default.netgroup.xml Normal file
View File

@ -0,0 +1,7 @@
<pdf type="netgroup" filename="printLogo.jpg" headline="NIS netgroup information">
<section name="_nisnetgroup_cn">
<entry name="nisnetgroup_description" />
<entry name="nisnetgroup_subgroups" />
<entry name="nisnetgroup_members" />
</section>
</pdf>

7
lam/config/templates/pdf/default.nisObjectType.xml Normal file
View File

@ -0,0 +1,7 @@
<pdf type="nisObjectType" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_nisObject_cn">
<entry name="nisObject_nisMapName" />
<entry name="nisObject_nisMapEntry" />
<entry name="nisObject_description" />
</section>
</pdf>

6
lam/config/templates/pdf/default.oracleContextType.xml Normal file
View File

@ -0,0 +1,6 @@
<pdf type="oracleContextType" filename="printLogo.jpg" headline="Database information">
<section name="_oracleService_cn">
<entry name="oracleService_orclNetDescString" />
<entry name="oracleService_description" />
</section>
</pdf>

18
lam/config/templates/pdf/default.ppolicyType.xml Normal file
View File

@ -0,0 +1,18 @@
<pdf type="ppolicyType" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_ppolicy_cn">
<entry name="ppolicy_pwdMinAge" />
<entry name="ppolicy_pwdMaxAge" />
<entry name="ppolicy_pwdExpireWarning" />
<entry name="ppolicy_pwdGraceAuthnLimit" />
<entry name="ppolicy_pwdInHistory" />
<entry name="ppolicy_pwdCheckQuality" />
<entry name="ppolicy_pwdMinLength" />
<entry name="ppolicy_pwdLockout" />
<entry name="ppolicy_pwdLockoutDuration" />
<entry name="ppolicy_pwdMaxFailure" />
<entry name="ppolicy_pwdFailureCountInterval" />
<entry name="ppolicy_pwdMustChange" />
<entry name="ppolicy_pwdAllowUserChange" />
<entry name="ppolicy_pwdSafeModify" />
</section>
</pdf>

7
lam/config/templates/pdf/default.pykotaBillingCodeType.xml Normal file
View File

@ -0,0 +1,7 @@
<pdf type="pykotaBillingCodeType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
<section name="_pykotaBillingCode_pykotaBillingCode">
<entry name="pykotaBillingCode_pykotaBalance" />
<entry name="pykotaBillingCode_pykotaPageCounter" />
<entry name="pykotaBillingCode_description" />
</section>
</pdf>

11
lam/config/templates/pdf/default.pykotaPrinterType.xml Normal file
View File

@ -0,0 +1,11 @@
<pdf type="pykotaPrinterType" filename="printLogo.jpg" headline="Printer information" foldingmarks="no">
<section name="_pykotaPrinter_cn">
<entry name="pykotaPrinter_description" />
<entry name="pykotaPrinter_pykotaMaxJobSize" />
<entry name="pykotaPrinter_pykotaPricePerJob" />
<entry name="pykotaPrinter_pykotaPricePerPage" />
<entry name="pykotaPrinter_pykotaPassThrough" />
<entry name="pykotaPrinter_uniqueMember" />
<entry name="pykotaPrinter_parentUniqueMember" />
</section>
</pdf>

6
lam/config/templates/pdf/default.smbDomain.xml Normal file
View File

@ -0,0 +1,6 @@
<pdf type="smbDomain" filename="printLogo.jpg" headline="Samba domain information">
<section name="_sambaDomain_domainName">
<entry name="sambaDomain_domainSID" />
<entry name="sambaDomain_RIDbase" />
</section>
</pdf>

11
lam/config/templates/pdf/default.sudo.xml Normal file
View File

@ -0,0 +1,11 @@
<pdf type="sudo" filename="printLogo.jpg" headline="Sudo role">
<section name="_sudoRole_cn">
<entry name="sudoRole_sudoUser" />
<entry name="sudoRole_sudoHost" />
<entry name="sudoRole_sudoCommand" />
<entry name="sudoRole_sudoRunAsUser" />
<entry name="sudoRole_sudoRunAsGroup" />
<entry name="sudoRole_sudoOption" />
<entry name="sudoRole_description" />
</section>
</pdf>

35
lam/config/templates/pdf/default.user.xml Normal file
View File

@ -0,0 +1,35 @@
<pdf type="user" filename="printLogo.jpg" headline="User information">
<section name="Personal user information">
<entry name="inetOrgPerson_title" />
<entry name="inetOrgPerson_givenName" />
<entry name="inetOrgPerson_sn" />
<entry name="inetOrgPerson_street" />
<entry name="inetOrgPerson_postalCode" />
<entry name="inetOrgPerson_postalAddress" />
<entry name="inetOrgPerson_mail" />
<entry name="inetOrgPerson_telephoneNumber" />
<entry name="inetOrgPerson_mobileTelephoneNumber" />
<entry name="inetOrgPerson_facsimileTelephoneNumber" />
</section>
<section name="Unix settings">
<entry name="posixAccount_uid" />
<entry name="posixAccount_userPassword" />
<entry name="posixAccount_primaryGroup" />
<entry name="posixAccount_additionalGroups" />
<entry name="posixAccount_homeDirectory" />
<entry name="posixAccount_loginShell" />
<entry name="shadowAccount_shadowExpire" />
</section>
<section name="Windows settings">
<entry name="sambaSamAccount_displayName" />
<entry name="sambaSamAccount_sambaDomainName" />
<entry name="sambaSamAccount_sambaHomeDrive" />
<entry name="sambaSamAccount_sambaHomePath" />
<entry name="sambaSamAccount_sambaLogonScript" />
<entry name="sambaSamAccount_sambaProfilePath" />
<entry name="sambaSamAccount_sambaUserWorkstations" />
</section>
<section name="Quota Settings">
<entry name="quota_quotas" />
</section>
</pdf>

8
lam/config/templates/pdf/default.zarafaAddressListType.xml Normal file
View File

@ -0,0 +1,8 @@
<pdf type="zarafaAddressListType" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_zarafaAddressList_cn">
<entry name="zarafaAddressList_zarafaBase" />
<entry name="zarafaAddressList_zarafaFilter" />
<entry name="zarafaAddressList_zarafaAccount" />
<entry name="zarafaAddressList_zarafaHidden" />
</section>
</pdf>

10
lam/config/templates/pdf/default.zarafaDynamicGroupType.xml Normal file
View File

@ -0,0 +1,10 @@
<pdf type="zarafaDynamicGroupType" filename="printLogo.jpg" headline="LDAP Account Manager">
<section name="_zarafaDynamicGroup_cn">
<entry name="zarafaDynamicGroup_mail" />
<entry name="zarafaDynamicGroup_zarafaAliases" />
<entry name="zarafaDynamicGroup_zarafaBase" />
<entry name="zarafaDynamicGroup_zarafaFilter" />
<entry name="zarafaDynamicGroup_zarafaAccount" />
<entry name="zarafaDynamicGroup_zarafaHidden" />
</section>
</pdf>

BIN
lam/config/templates/pdf/logos/printLogo.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

1
lam/config/templates/profiles/default.alias Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.asteriskExt Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.automountType Normal file
View File

@ -0,0 +1 @@

3
lam/config/templates/profiles/default.bind Normal file
View File

@ -0,0 +1,3 @@
profname: default
ldap_suffix: -
ldap_rdn: cn

0
lam/config/templates/profiles/default.dhcp Normal file
View File

1
lam/config/templates/profiles/default.gon Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.group Normal file
View File

@ -0,0 +1 @@

0
lam/config/templates/profiles/default.host Normal file
View File

1
lam/config/templates/profiles/default.kolabSharedFolderType Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.mailAlias Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.netgroup Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.nisObjectType Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.oracleContextType Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.ppolicyType Normal file
View File

@ -0,0 +1 @@

3
lam/config/templates/profiles/default.pykotaBillingCodeType Normal file
View File

@ -0,0 +1,3 @@
profname: default
ldap_suffix: -
ldap_rdn: cn

3
lam/config/templates/profiles/default.pykotaPrinterType Normal file
View File

@ -0,0 +1,3 @@
profname: default
ldap_suffix: -
ldap_rdn: cn

1
lam/config/templates/profiles/default.smbDomain Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.sudo Normal file
View File

@ -0,0 +1 @@

19
lam/config/templates/profiles/default.user Normal file
View File

@ -0,0 +1,19 @@
shadowAccount_shadowWarning: 10
shadowAccount_shadowInactive: 10
shadowAccount_shadowMin: 1
shadowAccount_shadowMax: 365
sambaAccount_useunixpwd: true
sambaAccount_acctFlagsN: false
sambaAccount_acctFlagsX: true
sambaAccount_acctFlagsD: false
sambaAccount_homeDrive: U:
sambaSamAccount_useunixpwd: true
sambaSamAccount_sambaAcctFlagsN: false
sambaSamAccount_sambaAcctFlagsX: true
sambaSamAccount_sambaAcctFlagsD: false
sambaSamAccount_sambaHomeDrive: U:
sambaSamAccount_group: 513
posixAccount_homeDirectory: /home/$user
posixAccount_loginShell: /bin/bash
asteriskAccount_AstAccountHost: dynamic
asteriskAccount_AstAccountContext: default

1
lam/config/templates/profiles/default.zarafaAddressListType Normal file
View File

@ -0,0 +1 @@

1
lam/config/templates/profiles/default.zarafaDynamicGroupType Normal file
View File

@ -0,0 +1 @@

68
lam/config/unix.conf.sample Normal file
View File

@ -0,0 +1,68 @@
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
serverURL: ldap://localhost:389
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
admins: cn=Manager,dc=my-domain,dc=com
# password to change these preferences via webfrontend (default: lam)
passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=yourdomain,dc=org
# default language (a line from config/language)
defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain)
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_minUID: 10000
modules: posixAccount_maxUID: 30000
modules: posixAccount_minMachine: 50000
modules: posixAccount_maxMachine: 60000
modules: posixGroup_minGID: 10000
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group
types: suffix_user: ou=People,dc=my-domain,dc=com
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
types: suffix_group: ou=group,dc=my-domain,dc=com
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+

217
lam/config/windows_samba4.conf.sample Normal file
View File

@ -0,0 +1,217 @@
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://pdc.my-domain.com
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=Administrator,cn=users,dc=my-domain,dc=com
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}D05GxzVwo3vmuNLSNmkPiJ8x5u8= JgqZFQ==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=my-domain,dc=com
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_minUID: 10000
modules: posixAccount_maxUID: 30000
modules: posixAccount_minMachine: 50000
modules: posixAccount_maxMachine: 60000
modules: posixGroup_minGID: 10000
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group,host
types: suffix_user: dc=my-domain,dc=com
types: attr_user: #cn;#givenName;#sn;#mail
types: modules_user: windowsUser
types: suffix_group: dc=my-domain,dc=com
types: attr_group: #cn;#member;#description
types: modules_group: windowsGroup
types: suffix_host: CN=Computers,dc=my-domain,dc=com
types: attr_host: #cn;#description;#location
types: modules_host: windowsHost
types: suffix_smbDomain: dc=my-domain,dc=com
types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
types: modules_smbDomain: sambaDomain
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
# enable TLS encryption
useTLS: no
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=yourdomain,dc=org
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
types: filter_user:
types: filter_group:
types: filter_host:
types: filter_smbDomain:
types: hidden_group:
types: hidden_host:
types: hidden_smbDomain:
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolSchemaBrowser: false
modules: windowsGroup_hidemail: false
types: hidden_user:
modules: customScripts_scripts: user postModify echo $INFO.userPasswordClearText$
modules: customScripts_containsHTML: false
modules: customScripts_hideCommand: false
modules: zarafa_schema: ad
modules: zarafaUser_hideQuotaOverride: false
modules: zarafaUser_hideQuotaWarn: false
modules: zarafaUser_hideQuotaSoft: false
modules: zarafaUser_hideQuotaHard: false
modules: zarafaUser_hideSendAsPrivilege: false
modules: zarafaUser_hideSharedStoreOnly: false
modules: zarafaUser_hideResourceType: false
modules: zarafaUser_hideResourceCapacity: false
modules: zarafaUser_hideAccount: false
modules: zarafaUser_hideZarafaUserArchiveServers: false
modules: zarafaUser_hideUserServer: false
modules: zarafaUser_hideFeatures: false
modules: zarafaUser_hideAliases: false
modules: zarafaUser_sendAsAttribute: dn
modules: zarafaGroup_hideSendAsPrivilege: false
modules: zarafaServer_hideProxyURL: false
types: hidden_zarafaAddressListType:
types: suffix_zarafaAddressListType: OU=zarafa,DC=samba4,DC=test
types: filter_zarafaAddressListType:
types: attr_zarafaAddressListType: #cn;#zarafaBase;#zarafaFilter
types: modules_zarafaAddressListType: zarafaAddressList
types: hidden_zarafaDynamicGroupType:
types: suffix_zarafaDynamicGroupType: OU=zarafa,DC=samba4,DC=test
types: filter_zarafaDynamicGroupType:
types: attr_zarafaDynamicGroupType: #cn;#mail;#zarafaaliases;#zarafaBase;#zarafaFilter
types: modules_zarafaDynamicGroupType: zarafaDynamicGroup
modules: windowsGroup_hideotherMailbox: false
types: hideNewButton_user:
types: hideDeleteButton_user:
types: hideNewButton_group:
types: hideDeleteButton_group:
types: hideNewButton_host:
types: hideDeleteButton_host:
types: hideNewButton_zarafaDynamicGroupType:
types: hideDeleteButton_zarafaDynamicGroupType:
types: hideNewButton_zarafaAddressListType:
types: hideDeleteButton_zarafaAddressListType:
modules: windowsGroup_hidemanagedBy: true
modules: passwordSelfReset_questions: Bla1?+::+Bla2?
modules: posixGroup_gidGenerator: range
modules: posixGroup_sambaIDPoolDN:
modules: posixGroup_gidCheckSuffix:
modules: posixAccount_uidGeneratorUsers: range
modules: posixAccount_sambaIDPoolDNUsers:
modules: posixAccount_uidCheckSuffixUser:
modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
modules: posixAccount_hidegecos: false
modules: posixAccount_primaryGroupAsSecondary: false
modules: posixAccount_userNameSuggestion: @givenname@%sn%
modules: windowsUser_domains: my-domain.com
modules: windowsUser_hidesAMAccountName: false
tools: tool_hide_toolMultiEdit: false
# follow referrals
followReferrals: false
# paged results
pagedResults: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
modules: windowsGroup_hidemsSFU30Name: true
modules: windowsGroup_hidemsSFU30NisDomain: true
modules: windowsUser_hidemsSFU30Name: true
modules: windowsUser_hidemsSFU30NisDomain: true
types: customLabel_user:
types: customLabel_group:
types: customLabel_host:
types: customLabel_zarafaDynamicGroupType:
types: customLabel_zarafaAddressListType:
types: readOnly_user:
types: readOnly_group:
types: readOnly_host:
types: readOnly_zarafaAddressListType:

182
lam/copyright Normal file
View File

@ -0,0 +1,182 @@
This software is copyright (c) 2003 - 2014 by Roland Gruber
If you purchased a copy of LDAP Account Manager Pro then the following
files are licensed under the conditions which you accepted at purchase
time.
* templates/lists/changePassword.php
* templates/selfService/*
* lib/modules/aliasEntry.inc
* lib/modules/automount.inc
* lib/modules/bindDLZ.inc
* lib/modules/customFields.inc
* lib/modules/customScripts.inc
* lib/modules/device.inc
* lib/modules/groupOfNames.inc
* lib/modules/groupOfNamesUser.inc
* lib/modules/groupOfUniqueNames.inc
* lib/modules/heimdalKerberos.inc
* lib/modules/ipHost.inc
* lib/modules/mitKerberos.inc
* lib/modules/mitKerberosStructural.inc
* lib/modules/namedObject.inc
* lib/modules/nisObject.inc
* lib/modules/passwordSelfReset.inc
* lib/modules/oracleService.inc
* lib/modules/organizationalRole*.inc
* lib/modules/ppolicy.inc
* lib/modules/ppolicyUser.inc
* lib/modules/qmailUser.inc
* lib/modules/rfc2307bisAutomount.inc
* lib/modules/rfc2307bisPosixGroup.inc
* lib/modules/selfRegistration.inc
* lib/modules/sudoRole.inc
* lib/modules/uidObject.inc
* lib/modules/zarafaAddressList.inc
* lib/modules/zarafaContact.inc
* lib/modules/zarafaDynamicGroup.inc
* lib/modules/zarafaGroup.inc
* lib/modules/zarafaServer.inc
* lib/modules/zarafaUser.inc
* lib/types/alias.inc
* lib/types/bind.inc
* lib/types/automountType.inc
* lib/types/gon.inc
* lib/types/nisObjectType.inc
* lib/types/oracleContextType.inc
* lib/types/ppolicyType.inc
* lib/types/sudo.inc
* lib/types/zarafaAddressListType.inc
* lib/types/zarafaDynamicGroupType.inc
All other files are licensed under the conditions below.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
The complete license can be found in the file COPYING.
Some parts of this package have other, compatible licences. These are:
A:
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software to use, copy, modify, distribute, sublicense, and/or sell
copies of the software, and to permit persons to whom the software is furnished
to do so.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
B:
Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream
Vera is a trademark of Bitstream, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of the fonts accompanying this license ("Fonts") and associated
documentation files (the "Font Software"), to reproduce and distribute
the Font Software, including without limitation the rights to use,
copy, merge, publish, distribute, and/or sell copies of the Font
Software, and to permit persons to whom the Font Software is furnished
to do so, subject to the following conditions:
The above copyright and trademark notices and this permission notice
shall be included in all copies of one or more of the Font Software
typefaces.
The Font Software may be modified, altered, or added to, and in
particular the designs of glyphs or characters in the Fonts may be
modified and additional glyphs or characters may be added to the
Fonts, only if the fonts are renamed to names not containing either
the words "Bitstream" or the word "Vera".
This License becomes null and void to the extent applicable to Fonts
or Font Software that has been modified and is distributed under the
"Bitstream Vera" names.
The Font Software may be sold as part of a larger software package but
no copy of one or more of the Font Software typefaces may be sold by
itself.
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL
BITSTREAM OR THE GNOME FOUNDATION BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL,
OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONT
SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
Except as contained in this notice, the names of Gnome, the Gnome
Foundation, and Bitstream Inc., shall not be used in advertising or
otherwise to promote the sale, use or other dealings in this Font
Software without prior written authorization from the Gnome Foundation
or Bitstream Inc., respectively. For further information, contact:
fonts at gnome dot org.
C:
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License (LGPL) as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
For more details on the GNU Lesser General Public License,
see http://www.gnu.org/copyleft/lesser.html
D:
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Programs and licenses with other licenses and/or authors than the
main license and authors:
lib/fpdf.php A 2008 Olivier Plathey
lib/font/Vera* B 2003 Bitstream, Inc.
templates/lib/*wz_tooltip.js C Walter Zorn
lib/3rdParty/phpseclib D Jim Wigginton
templates/lib/*jquery*.js D 2010 John Resig, Paul Bakaus, Fred Heusschen
templates/lib/*jquery-validationEngine-*.js D 2010 Cedric Dugas and Olivier Refalo
templates/lib/*jquery-fineuploader-*.js D 2010 Andrew Valums

105
lam/docs/devel/FAQ.htm Normal file
View File

@ -0,0 +1,105 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Developer FAQ</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Developer FAQ<br>
</h1>
<br>
<div style="text-align: left;"><big><span style="font-weight: bold;">Q:
Where is the ldap/config object?</span></big><br>
<br>
<big><span style="font-weight: bold;">A:</span></big> The ldap object
is in <span style="color: rgb(204, 0, 0); font-weight: bold;">$_SESSION['ldap']</span>
and the config object in <span
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']</span>.<br>
<br>
<br>
</div>
<div style="text-align: left;"><br>
</div>
<div style="text-align: left;"><big><span style="font-weight: bold;">Q:
How can I make LDAP operations, where is the user name and password?</span></big><br>
<br>
<span style="font-weight: bold;"><big>A:</big> </span>LAM
automatically reconnects to the LDAP server on every page load. You can
use <span style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['ldap']-&gt;server()</span>
which is the LDAP server handle.<br>
Be sure to include ldap.inc before (automatically included for account
modules).<br>
<br>
<span style="font-weight: bold;">Example:</span> ldap_search(<span
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['ldap']-&gt;server()</span><span
style="color: rgb(204, 0, 0);"></span>, $suffix, $filter, $attributes)<br>
<br>
<br>
<br>
<big><span style="font-weight: bold;">Q: What is the LDAP suffix for
the different account types?</span></big><br>
<br>
<big><span style="font-weight: bold;">A:</span></big> Just call <span
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']-&gt;get_Suffix($scope)</span>
where $scope is the account type (user,group, ...).<br>
Be sure to include ldap.inc before (automatically included for account
modules).<br>
<br>
<span style="font-weight: bold;">Example:</span> $suffix = <span
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['config']-&gt;get_Suffix('user')</span><br>
<br>
<br>
<br>
<big><span style="font-weight: bold;">Q: How can I check if the user is
really logged in and not calling the scripts by hand?</span></big><br>
<br>
<big><span style="font-weight: bold;">A:</span></big> After the user
successfully logged in to LAM the variable <span
style="font-weight: bold; color: rgb(204, 0, 0);">$_SESSION['loggedIn']</span>
is set to true.<br>
<br>
<big><span style="font-weight: bold;"><br>
<br>
Q: What is the command for these error/warning/info messages?</span></big><br>
<br>
<big><span style="font-weight: bold;">A:</span></big> Your script must
include status.inc (automatically included for account
modules) to display these messages.<br>
The command is <span style="font-weight: bold;">StatusMessage(&lt;type&gt;,
&lt;headline&gt;, &lt;text&gt;[, &lt;variables&gt;])</span>.<br>
<br>
<span style="font-weight: bold;">Parameters:</span><br>
<ul>
<li><span style="font-weight: bold;">&lt;type&gt;:</span> message
type ("ERROR", "WARN", "INFO")</li>
<li><span style="font-weight: bold;">&lt;headline&gt;:</span>
headline for the message (may include format tags)<br>
</li>
<li><span style="font-weight: bold;">&lt;type&gt;:</span> text for
the message (may include format tags)</li>
<li><span style="font-weight: bold;">&lt;variables&gt;:</span>
optional, array of variables to include in headline/text<br>
The positions in headline/text must be marked with %s before.</li>
</ul>
<br>
<span style="font-weight: bold;">Format of special tags:</span><br>
<ul>
<li><span style="font-weight: bold;">{bold}</span>text<span
style="font-weight: bold;">{endbold}:</span> "text" is printed bold</li>
<li><span style="font-weight: bold;">{color=#123456}</span>text<span
style="font-weight: bold;">{endcolor}:</span> "text" is printed in
given color</li>
<li><span style="font-weight: bold;">{link=http://nodomain.org}</span>text<span
style="font-weight: bold;">{endlink}:</span> This will add a link to
http://nodomain.org which will be labeled "text"<br>
</li>
</ul>
<br>
<br>
<br>
</div>
</div>
</body>
</html>

44
lam/docs/devel/account_modules.htm Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Account modules</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<h1 style="text-align: center;">Account modules<br>
</h1>
<div style="text-align: center;"><img alt="base module" src="images/lam_baseModule.png" style="width: 531px; height: 207px;"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The account modules control all the
functionality which is specific for LDAP accounts or parts of them.
E.g. they define the account detail pages where the user can edit
accounts, the profile editor sections and much more. They are the core
of LAM.<br>
<br>
All account modules are saved in <span style="font-weight: bold;">lib/modules/</span>.<br>
If your module needs any include files etc. please save it in <span style="font-weight: bold;">lib/modules/&lt;name of your module&gt;.</span><br>
<br>
Please take a look at the <a href="mod_index.htm">module HowTo</a> for
an example to write your own modules.<br>
The complete specification for the module interface can be found <a href="phpdoc/modules/baseModule.html">here</a>.<br>
<br>
<h2>Superclass</h2>
All <span style="font-weight: bold;">account modules</span> should be
subclasses of the <a href="base_module.htm">baseModule</a>.<br>
This allows them to benefit from the meta data in the baseModule and
reduces very much the code since not the complete module interface has
to be implemented.<br>
<br>
<br>
<h2>Module detection</h2>
New modules can simply be copied to <span style="font-weight: bold;">lib/modules</span>.
LAM will check what files are inside the directory and provide the user
new modules automatically.<br>
There is no extra configuration file.<br>
<br>
<br>
</div>
</div>
</body></html>

141
lam/docs/devel/account_modules_lib.htm Normal file
View File

@ -0,0 +1,141 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Account modules (modules.inc)</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Account modules (modules.inc)<br>
</h1>
<br>
<span style="font-style: italic;">Modules.inc</span> provides the
interface to all module specific functions. It includes a list of
account independent function and the <span style="font-weight: bold;">accountContainer</span>
class. This class represents an LDAP account.<br>
You should never call module functions directly, always use a function
in <span style="font-style: italic;">modules.inc</span>.<br>
<br>
<h2>Account independent functions:</h2>
<br>
<h3>General functions:</h3>
<span style="font-weight: bold;">getModuleAlias:</span> This returns
the alias name of a module. It is used to label buttons or fieldsets.<br>
<br>
<span style="font-weight: bold;">parseHtml:</span> Converts the LAM
meta HTML code to real HTML code.<br>
<span style="font-weight: bold;"></span><br>
<br>
<h3>Functions for LAM configuration:</h3>
<span style="font-weight: bold;">is_base_module:</span> When the given
module is a <span style="font-style: italic;">base module</span> then
this returns <span style="font-style: italic;">true</span>. Every
account type needs exactly one <span style="font-style: italic;">base
module</span>.<br>
<br>
<span style="font-weight: bold;">getModulesDependencies:</span> Account
modules can specify dependencies to other modules. E.g. Samba accounts
always need a Unix part.<br>
<br>
<span style="font-weight: bold;">check_module_depends/check_module_conflicts:</span>
This function checks if all module dependencies are satisfied.<br>
<br>
<span style="font-weight: bold;">getAvailableModules:</span> Returns a
list of available modules. If you need a list of all active modules use
<span style="font-weight: bold;">$_SESSION['config']-&gt;</span><span
class="method-title"><span style="font-weight: bold;">get_AccountModules()</span>.</span><br>
<br>
<span style="font-weight: bold;">getConfigOptions:</span> Returns a
list of all configuration options which were defined by the modules.<br>
<br>
<span style="font-weight: bold;">getConfigDescriptions:</span> Returns
a list of all configuration descriptions and titles for the fieldsets.<br>
<br>
<span style="font-weight: bold;">checkConfigOptions:</span> Checks if
the user filled in valid values for each option.<br>
<br>
<br>
<h3>Account list functions:</h3>
<span style="font-weight: bold;">get_ldap_filter:</span> Each account
list shows only entries which match a given LDAP search filter.<br>
<br>
<br>
<h3>Profile/account pages:</h3>
<span style="font-weight: bold;">getRDNAttributes:</span> This returns
a list of possible LDAP <span style="font-style: italic;">RDN</span>
attributes. LAM needs this to build the <span
style="font-style: italic;">DN</span> for new accounts.<br>
<br>
<span style="font-weight: bold;">getProfileOptions:</span> Returns a
list of all profile options which were defined by the account modules.<br>
<br>
<span style="font-weight: bold;">checkProfileOptions:</span> Checks if
all module options are correct.<br>
<br>
<br>
<h3>Help functions:</h3>
<span style="font-weight: bold;">getHelp:</span> Returns a module help
entry.<br>
<br>
<br>
<h3>PDF functions:</h3>
<span style="font-weight: bold;">getAvailablePDFFields:</span> Returns
a list of possible PDF fields.<br>
<br>
<br>
<h3>Upload functions:</h3>
<span style="font-weight: bold;">getUploadColumns:</span> Returns a
list of possible upload columns and additional information like a
description, help entry and example value.<br>
<br>
<span style="font-weight: bold;">buildUploadAccounts:</span> Takes the
input of the CSV file and builds the LDAP accounts.<br>
<br>
<span style="font-weight: bold;">doUploadPostActions:</span> Manages
the execution of actions which need to be done after the accounts are
created.<br>
<br>
<br>
<h2>Class accountContainer:</h2>
This class represents a complete LDAP account. It manages all functions
which concern a specific LDAP entry.<br>
<br>
<h4>Important variables:</h4>
There are some class variables which can be of important use in the
account modules.<br>
<br>
<span style="font-weight: bold;">module:</span> List of account modules
(array('name' =&gt; 'object')).<br>
<br>
<span style="font-weight: bold;">isNewAccount:</span> This variable is <span
style="font-style: italic;">true</span> when the account is newly
created, <span style="font-style: italic;">false</span> if loaded from
LDAP.<br>
<br>
<h4>Function list:</h4>
<span style="font-weight: bold;">continue_main:</span> This function is
called when an account page is displayed. It generates the HTML code
for the account pages.<br>
<br>
<span style="font-weight: bold;"></span><span style="font-weight: bold;">save_module_attributes:</span>
Finds
differences between current and original account.<br>
<br>
<span style="font-weight: bold;">load_account:</span> Loads an LDAP
account.<br>
<br>
<span style="font-weight: bold;">new_account:</span> Creates a new
account.<br>
<br>
<span style="font-weight: bold;">save_account:</span> Saves an account
to LDAP.<br>
<br>
<span style="font-weight: bold;">get_pdfEntries:</span> Returns the PDF
values of an account.<br>
<br>
<br>
<br>
</body>
</html>

32
lam/docs/devel/account_pages.htm Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Account pages</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Account pages<br>
</h1>
<br>
The account pages are the user interface to create/modify LDAP
accounts. It allows setting basic attributes like the LDAP suffix and
is responsible to show module specific pages. <br>
<br>
<br>
The main script for the account pages is located in <span
style="font-style: italic;">templates/account/edit.php</span>. It has
a very simple content. If the page is loaded for the first time it
creates a new <span style="font-weight: bold;">accountContainer</span>
inside the session and tells it to load/create an LDAP account. Then it
calles the <span style="font-weight: bold;">continue_main()</span>
function of the <span style="font-weight: bold;">accountContainer</span>
object which prints all HTML output.<br>
<br>
Managing of user input etc. is completly made by the <span
style="font-weight: bold;">accountContainer</span>.<br>
<br>
</body>
</html>

47
lam/docs/devel/account_types.htm Normal file
View File

@ -0,0 +1,47 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Account types</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Account types<br>
</h1>
<div style="text-align: center;"><img alt="base module"
src="images/lam_baseType.png"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The account types define what kind of
accounts can be managed with LAM. If you want to create a new account
module which does not fit in the existing classes of users, groups and
hosts then you need your own account type.<br>
<br>
All account types are saved in <span style="font-weight: bold;">lib/types/</span>.<br>
<br>
Please take a look at the <a href="type_index.htm">type HowTo</a> for
an example to write your own types.<br>
The complete specification for the type interface can be found <a
href="types-specification.htm">here</a>.<br>
<br>
<h2>Superclass</h2>
All <span style="font-weight: bold;">account types</span> should be
subclasses of the <a href="base_type.htm">baseType</a>.<br>
This reduces very much the code since not the complete type interface
has
to be implemented.<br>
<br>
<br>
<h2>Type detection</h2>
New types can simply be copied to <span style="font-weight: bold;">lib/types</span>.
LAM will check what files are inside the directory and provide the user
new types automatically.<br>
There is no extra configuration file.<br>
<br>
<br>
</div>
</div>
</body>
</html>

43
lam/docs/devel/account_types_lib.htm Normal file
View File

@ -0,0 +1,43 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Account types (types.inc)</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Account types (types.inc)<br>
</h1>
<br>
<span style="font-style: italic;">Types.inc</span> is the interface to
the account types. It provides information about the type alias names,
descriptions and other things.<br>
<br>
<h2>Functions:</h2>
<br>
<h3>General functions:</h3>
<span style="font-weight: bold;">getAlias:</span> This returns
the alias name of a type. It is used to label buttons or fieldsets.<br>
<br>
<span style="font-weight: bold;">getDescription:</span> Returns a
description for the account type.<br>
<span style="font-weight: bold;"></span><br>
<br>
<h3>Functions for list views:</h3>
<span style="font-weight: bold;">getListClassName:</span> Here you can
specify your own class to handle the list view.&nbsp; This is needed to
label the buttons in the list view.<br>
<br>
<span style="font-weight: bold;">getDefaultListAttributes:</span>
Returns the default setting for the displayed list attributes. It is
used as default for the LAM configuration.<br>
<br>
<span style="font-weight: bold;">getListAttributeDescriptions:</span>
Returns a hash array which contains predefined, translated descriptions
of LDAP attributes.<br>
<br>
<span style="font-weight: bold;"></span><br>
</body>
</html>

65
lam/docs/devel/base_module.htm Normal file
View File

@ -0,0 +1,65 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Base module</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<h1 style="text-align: center;">Base module<br>
</h1>
<div style="text-align: center;"><img alt="base module" src="images/lam_baseModule.png" style="width: 531px; height: 207px;"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The <span style="font-weight: bold;">baseModule</span>
is the parent class of all account modules. <br>
It implements most functions of the <a href="phpdoc/modules/baseModule.html">module interface</a> and provides
the possibility to use <span style="font-style: italic;">meta data</span>
for the module functions.<br>
There are also some class variables which are useful for the child
classes.<br>
<br>
<br>
<h2>Meta data</h2>
The <span style="font-weight: bold;">baseModule</span> allows you to
not implement the <a href="phpdoc/modules/baseModule.html">module
interface</a> directly but to provide <span style="font-style: italic;">meta
data</span> which is interpreted by the <span style="font-weight: bold;">baseModule</span>.<br>
If you do not use certain functions of the interface the <span style="font-weight: bold;">baseModule</span> also provides dummy
functions. E.g. if your module needs no configuration option you can
just skip this function in your code and the <span style="font-weight: bold;">baseModule</span> will tell the
configuration part that there is no option.<br>
<br>
To <span style="font-style: italic;">define meta</span> data you have
to implement the function <span style="font-weight: bold; font-style: italic;">get_metaData()</span>.
This function must return a hash array with the meta options as array
keys.<br>
Please refer to the <a href="phpdoc/modules/baseModule.html">module
interface</a> for details about the format of <span style="font-style: italic;">meta data</span>.<br>
<br>
<br>
<h2>Functions<br>
</h2>
<span style="font-weight: bold;">get_scope():</span> This function
returns the account type ("user", "group", ...) of the module.<br>
<br>
For a list of <span style="font-style: italic;">meta data</span>
functions please refer to the <a href="phpdoc/modules/baseModule.html">module
interface</a>.<br>
<br>
<br>
<h2>Class variables</h2>
<span style="font-weight: bold;">$moduleSettings:</span> This variable
contains the configuration settings of all modules.<br>
<span style="font-weight: bold;">$base:</span> This is the name of the
parent <span style="font-style: italic;">accountContainer</span>
($_SESSION[$base]).<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
</div>
</body></html>

27
lam/docs/devel/base_type.htm Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Base type</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Base type<br>
</h1>
<div style="text-align: center;"><img alt="base type"
src="images/lam_baseType.png"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The <span style="font-weight: bold;">baseType</span>
is the parent class of all account types. <br>
It implements all functions of the <a href="types-specification.htm">type
interface</a>.<br>
<br>
However, you surely want to override most of the functions in your
account type class.<br>
</div>
</div>
</body>
</html>

62
lam/docs/devel/config.htm Normal file
View File

@ -0,0 +1,62 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>config.inc</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">config.inc</h1>
<br>
<br>
This file includes all functions needed to manage configuration
profiles. It includes classes for the profiles itself and the master
configuration (default profile, master password, etc.).<br>
<br>
There are also two global functions for general use: <span
style="font-style: italic;">setlanguage</span> and <span
style="font-style: italic;">metarefresh</span><br>
<br>
<h2>Meta refresh</h2>
The global function <span
style="font-weight: bold; font-style: italic;">metaRefresh()</span>
takes an URL as argument and prints all HTML code needed for a meta
refresh to this URL.<br>
<br>
<h2>Language</h2>
LAM uses <span style="font-style: italic;">gettext</span> to translate
the HTML pages to the different languages. Therefore some preferences
need to be set on every page load. This is done by <span
style="font-style: italic; font-weight: bold;">setlanguage()</span>.<br>
The function should be called directly after starting the session.<br>
<br>
The list of possible languages is stored in <span
style="font-style: italic;">config/language</span>. It includes the
locale name, the character encoding an the language name.<br>
All languages use UTF-8 as encoding because LDAP also stores values in
this format.<br>
<br>
<h2>Configuration profiles</h2>
Each configuration profile is saved in a single file in <span
style="font-weight: bold;">config/</span>.<br>
<br>
There are two types of configuration options:<br>
<ul>
<li>Static options (LDAP server settings, etc.)<br>
</li>
<li>Module options (UID/GID ranges)<br>
</li>
</ul>
All static options have a describing comment in the configuration file
to make it easier for the user to modify the values. The dynamic
options provided by the modules do not include a comment.<br>
<br>
<h2>Master configuration file</h2>
LAM stores the default configuartion profile and a master password in <span
style="font-style: italic;">config/config.cfg</span>.<br>
The master password is verified when the user wants to create/delete
configuration profiles.<br>
</body>
</html>

45
lam/docs/devel/config_files.htm Normal file
View File

@ -0,0 +1,45 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Configuration profiles</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Configuration profiles</h1>
<br>
LAM allows the user to store the configuration settings in <span
style="font-weight: bold;">profiles</span>. This makes it easy to
manage different LDAP servers. All profile files ae stored in <span
style="font-weight: bold;">config/</span> and are named <span
style="font-weight: bold;"><span style="font-style: italic;">&lt;name&gt;</span>.conf</span>.<br>
The <span style="font-weight: bold;">master configuration</span> file <span
style="font-style: italic;">config/config.cfg</span> only stores the
default profile and master password. It has the same file format as the
profiles.<br>
<br>
<h2>File format</h2>
LAM allows to store values and comments in the configuration files.
Only one type per line is allowed, it is not possible to mix comments
and values in the same line.<br>
<br>
<h3>Settings<br>
</h3>
<span style="font-weight: bold;">&lt;identifier&gt;: &lt;value&gt;<br>
<br>
</span>The first word in the line is taken as identifier for the
setting. It must be followed by a <span style="font-weight: bold;">":"</span>
and a space.<br>
The rest of the line is taken as the value for this setting.<br>
<br>
<h3>Comments</h3>
<span style="font-weight: bold;"># Comment</span><br
style="font-weight: bold;">
<br>
Comments always start with a <span style="font-weight: bold;">"#"</span>
as first character and end at the line end. LAM will ignore all lines
starting with a <span style="font-style: italic;">"#"</span>.<br>
</body>
</html>

78
lam/docs/devel/config_pages.htm Normal file
View File

@ -0,0 +1,78 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>LAM - Configuration pages</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Configuration pages</h1>
</div>
<br>
<div style="text-align: center;"><img
style="width: 620px; height: 319px;" alt="configuration"
src="images/lam_config.png"><br>
<div style="text-align: left;">
<h2>Configuration - Login (conflogin.php):</h2>
This is the start page of the configuration editor. The user can select
a profile for editing or go to the profile management page.<br>
Each account profile is protected with a password which is stored in
the profile.<br>
The list of possible profiles is returned by <span
style="font-style: italic; font-weight: bold;">getConfigProfiles()</span>
in config.inc, the default profile is returned by an object of class <span
style="font-weight: bold; font-style: italic;">CfgMain</span> from
config.inc.<br>
<br>
<br>
<h2>Configuration - Profile management (profmanage.php):</h2>
Here the user can add and modify configuration profiles or change the
configuration master password. <br>
The configuration master password prevents unauthorised users from
changing the profiles. The password is saved in config/config.cfg and
managed via the <span style="font-style: italic; font-weight: bold;">CfgMain</span>
class.<br>
<br>
<br>
<h2>Configuration - Main page (confmain.php):</h2>
This page presents all configuration settings for editing.<br>
Some of the settings are module independent (e.g. server settings,
language, ...) and displayed always.<br>
The others are set up by the account modules. Only settings of
currently selected modules are displayed.<br>
Users may also change the profile password on this page.<br>
<br>
<br>
<h2>Configuration - Module selection (confmodules.php):<br>
</h2>
On this page the user can select which account modules LAM should use.<br>
The list of possible modules is returned by <span
style="font-style: italic; font-weight: bold;">getAvailableModules()</span>
in modules.inc and checked for dependencies/conflicts with <span
style="font-weight: bold; font-style: italic;">check_module_depends()</span>
and <span style="font-weight: bold; font-style: italic;">check_module_conflicts()</span>.<br>
<br>
Each account type needs exactly one <span style="font-style: italic;">base
module</span>
which is the base of a account by providing a structural object class.<br>
<br>
<br>
<h2>Configuration - Save settings (confsave.php):<br>
</h2>
This script checks the input and displays possible error messages or an
overview of the saved settings.<br>
The static settings are set and checked with an object of class <span
style="font-style: italic; font-weight: bold;">Config</span> from
config.inc.<br>
The account modules manage the input validation for their fields and
are also able to return error messages. This is done with <span
style="font-weight: bold; font-style: italic;">checkConfigOptions()</span>
from modules.inc.<br>
<br>
</div>
</div>
</body>
</html>

BIN
lam/docs/devel/images/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
lam/docs/devel/images/lam_baseModule.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
lam/docs/devel/images/lam_baseType.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
lam/docs/devel/images/lam_config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
lam/docs/devel/images/lam_lists.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.4 KiB

BIN
lam/docs/devel/images/lam_overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
lam/docs/devel/images/lam_pdfEditor.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.2 KiB

BIN
lam/docs/devel/images/lam_profedit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
lam/docs/devel/images/lam_upload.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.5 KiB

131
lam/docs/devel/index.htm Normal file
View File

@ -0,0 +1,131 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>LAM development documentation</title>
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>LDAP Account Manager - Code overview</h1>
These documents are supposed to give developers who want to modify LAM
an overview of the codebase. It focuses mainly on what is done to
generate the HTML output and the most important functions provided by
the library files.<br>
<br>
<br>
<img src="images/lam_overview.png" alt="overview" align="middle" border="0"><br>
<br>
<br>
<br>
<div style="text-align: left;">
<table style="text-align: left; width: 100%;" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top; width: 33%;">
<h2>Web pages:</h2>
<ul>
<li><a href="login.htm">Login</a><br>
</li>
<li><a href="config_pages.htm">Configuration</a></li>
<li><a href="lists.htm">Account
lists</a></li>
<li><a href="tree_schema.htm">Tree view</a><br>
</li>
<li><a href="account_pages.htm">Account pages</a></li>
<li><a href="tools.htm">Tools</a></li>
<ul>
<li><a href="profile_editor.htm">Profile editor</a></li>
<li><a href="samba_domains.htm">Samba 3 domains</a></li>
<li><a href="upload.htm">File upload</a></li>
<li><a href="ou-edit.htm">OU editor</a></li>
<li><a href="pdf_editor.htm">PDF editor</a><br>
</li>
</ul>
</ul>
</td>
<td style="vertical-align: top; width: 33%;">
<h2>Libraries:</h2>
<ul>
<li><a href="account_modules_lib.htm">Account modules
(modules.inc)</a></li>
<li><a href="account_types_lib.htm">Account types (types.inc)</a><br>
</li>
<li><a href="pdf_libs.htm">PDF (pdf.inc, pdfstruct.inc)</a><br>
</li>
<li><a href="profiles.htm">Account profiles (profiles.inc)</a><br>
</li>
<li><a href="config.htm">Configuration (config inc)</a><br>
</li>
<li><a href="ldap.htm">LDAP
(ldap.inc)</a><br>
</li>
<li><a href="other_libs.htm">other libraries</a></li>
<ul>
<li><a href="other_libs.htm#lamdaemon">Lamdaemon</a><br>
</li>
</ul>
<ul>
<li><a href="other_libs.htm#lists">Account lists</a></li>
<li><a href="other_libs.htm#status">Status messages</a></li>
<li><a href="other_libs.htm#treeSchema">Tree view and schema
browser</a><br>
</li>
</ul>
</ul>
</td>
<td style="vertical-align: top; width: 33%;">
<h2>Configuration files:</h2>
<ul>
<li><a href="base_module.htm">Base module</a></li>
<li><a href="base_type.htm">Base type</a><br>
</li>
<li><a href="account_modules.htm">Account modules</a></li>
<li><a href="account_types.htm">Account types</a><br>
</li>
<li><a href="pdf_profiles.htm">PDF templates</a></li>
<li><a href="profile_files.htm">Account profiles</a></li>
<li><a href="config_files.htm">Configuration profiles</a><br>
</li>
</ul>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<table width="100%">
<tbody><tr valign="top">
<td width="25%">
<h2>Howtos</h2>
<ul>
<li><a href="mod_index.htm">Writing account modules</a></li>
<li><a href="type_index.htm">Defining other account types</a></li>
<li><a href="toolsHowTo.htm">Creating custom tools</a><br>
</li>
</ul>
</td>
<td align="center" width="25%">
<h2><a href="FAQ.htm">FAQ</a></h2>
</td>
<td width="25%">
<h2>Specifications</h2>
<ul>
<li><a href="phpdoc/modules/baseModule.html">Module specification</a></li>
<li><a href="types-specification.htm">Type specification<br>
</a></li>
</ul>
</td>
<td width="25%">
<h2><a href="upgrade.htm">Upgrade notes</a></h2>
</td>
</tr>
</tbody></table>
<br>
<br>
</div>
</div>
</body></html>

55
lam/docs/devel/ldap.htm Normal file
View File

@ -0,0 +1,55 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>ldap.inc</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">ldap.inc</h1>
<br>
<br>
This library provides the access to the LDAP server and its content.<br>
The <span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']</span>
object reconnects automatically to the LDAP server on every page load.<br>
<br>
<br>
<h2>1. Server handle</h2>
All PHP functions which access LDAP require a server handle as
parameter. This is managed by ldap.inc.<br>
You can access it with <span
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;server</span>.<br>
<br>
<br>
<h2>2. Object classes</h2>
Account modules may want to check if the current LDAP server supports
all required object classes.<br>
<span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;objectClasses
</span>contains a list of object classes and their attributes which is
read from the LDAP server.<br>
<br>
<br>
<h2>3. En-/Decryption</h2>
For security reasons sensitive data like user passwords should be
encrypted before storing in session.<br>
<span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;encrypt(&lt;string&gt;)</span>
encrypts a string and returns a binary object. This can be decrypted
with <span style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;decrypt(&lt;object&gt;)</span><br>
<br>
Ldap.inc will take care for the crypotographic key.<br>
<br>
<br>
<h2>4. Random values</h2>
Ldap.inc contains a random integer value which is much more secure than
calling <span style="font-style: italic;">mt_rand()</span>. The value
changes on every page load and is accessible in <span
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;rand</span><span
style="font-style: italic;">.</span><br>
If you need multiple values you can get a new value by calling <span
style="font-weight: bold; font-style: italic;">$_SESSION['ldap']-&gt;new_rand()</span><span
style="font-style: italic;">.</span><br>
<br>
</body>
</html>

95
lam/docs/devel/lists.htm Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>LAM - Account lists</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head><body>
<h1 style="text-align: center;">Account lists</h1>
<br>
<div style="text-align: center;"><img style="width: 496px; height: 177px;" alt="Account lists" src="images/lam_lists.png"><br>
</div>
<br>
<br>
<br>
The account lists are all built after the same schema. They provide a
list of found accounts which can be restricted by LDAP filters and the
LDAP OU (Organizational Unit).<br>
<br>
The list of LDAP attributes and thus table columns is taken from the
configuration profile (<span style="font-weight: bold; font-style: italic;">get_...listAttributes()</span>
in config.inc). Each account list has a separate list of attributes.<br>
Only these attributes are given the LDAP search as attribute parameter.<br>
There is also a predefined description list for the attributes in
lists.inc. The user may use other values by setting them in the
configuration profile.<br>
<br>
The number of accounts per page is limited by a list option. There will be links at the beginning and end of the
list if more accounts were found.<br>
<br>
Several common helper functions for sorting and some page elements
reside in lists.inc.<br>
<br>
<h2>1. Getting accounts from LDAP</h2>
Each account list has its own LDAP suffix which is saved in the
configuration profile. This is used as search base.<br>
The account modules provide an LDAP filter (<span style="font-weight: bold; font-style: italic;">get_ldap_filter()</span>
in modules.inc) to get only accounts of a special type.<br>
<br>
This list can be further reduced if the user provides an additional
LDAP filter with the filter boxes or selects another LDAP OU with the
drop-down-box.<br>
<br>
<h2>2. Caching LDAP accounts</h2>
The lists usually do not ask the LDAP server for an account list every
time the user changes the page. The accounts are cached in the session.<br>
<br>
A new LDAP search is done if the user:<br>
<ul>
<li>changes to another account list or tool</li>
<li>adds/modifies an account</li>
<li>selects the "refresh" button</li>
<li>adds additional LDAP filters or changes the LDAP OU<br>
</li>
</ul>
<br>
It is <span style="font-style: italic;">not</span> done if the user:<br>
<ul>
<li>changes the list pages if there are more accounts than what can
be shown</li>
<li>sorts the list</li>
</ul>
<br>
<h2>3. Adding/Editing accounts</h2>
There are buttons at the end of the page to add/delete accounts. Adding
accounts is done by account/edit.php and deleting by delete.php.<br>
<br>
The user can use the link in each account row to modify (in
accounts/edit.php) the account. This can also be done by double
clicking the row if Java Script is enabled.<br>
<br>
<br>
<h2>4. Export to PDF</h2>
The user can generate PDF files for the accounts. This is done by the <span style="font-style: italic; font-weight: bold;">createModulePDF()</span>
function from pdf.inc.<br>
<br>
<br>
<h2>5. Special abilities of some lists</h2>
<h3>5.1. The user list</h3>
If the attribute <span style="font-style: italic;">gidNumber</span> is
shown as table column then there will be an additional checkbox to
translate the GID to the group name.<br>
This checkbox is hidden if <span style="font-style: italic;">gidNumber</span>
is not part of the attribute list.<br>
<br>
<h3>5.2. The group list</h3>
If the attribute memberUID is shown as table column then all values of
this attribute are shown as links.<br>
These links redirect to userlink.php which tries to find the given user
and redirects to account/edit.php for account modifying.<br>
<br>
<br>
<br>
</body></html>

69
lam/docs/devel/login.htm Normal file
View File

@ -0,0 +1,69 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">Login<br>
</h1>
<div style="text-align: center;"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The <span style="font-style: italic;">login</span>
page is the first page the user sees when opening LAM. It manages LDAP
authentication and checks the environment of the user.<br>
<br>
<br>
<h2>login.php</h2>
The login page offers authentication, language selection and profile
selection. There are also some environment checks.<br>
<br>
<h3>Authentication</h3>
The list of possible users is loaded from the current active profile.
Only the RDN value is offered for selection by the user.<br>
When the user submits his password then a new <span
style="font-style: italic;">Ldap</span> object is created and LAM
tries to connect to the LDAP server.<br>
If the connection was successful the user is forwarded to the main
frame (main.php). The session variable <span
style="font-weight: bold; font-style: italic;">$_SESSION['loggedIn']</span>
is set to <span style="font-style: italic;">true</span>. This informs
the other PHP scripts that a valid user is connected (e.g. the user is
allowed to create account profiles).<br>
<br>
<h3>Language selection</h3>
The list of possible languages is read from <span
style="font-weight: bold;">config/language</span>. The current active
profile defines the preselected language and the language of the login
page itself.<br>
<br>
<h3>Profile selection<br>
</h3>
The user can change the active configuration profile at login. A list
of possible profiles is retrieved by <span
style="font-weight: bold; font-style: italic;">getConfigProfiles()</span>.<br>
If the profile is changed then the login replaces the config object in <span
style="font-weight: bold; font-style: italic;">$_SESSION['config']</span>
by a new one. Then the main login page is loaded and uses the new
values.<br>
<br>
<h3>Environment checks</h3>
LAM checks if all needed PHP extensions are installed.<br>
<ul>
<li><span style="font-weight: bold;">LDAP:</span> PHP needs LDAP
support</li>
<li><span style="font-weight: bold;">Gettext:</span> needed for
translation<br>
</li>
</ul>
<br>
<br>
<br>
</div>
</div>
</body>
</html>

376
lam/docs/devel/mod_accountPages.htm Normal file
View File

@ -0,0 +1,376 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - Account pages</title>
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - Account pages<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Loading the LDAP attributes<br>
</h2>
Every time the user selects an existing account to modify LAM will load
the complete LDAP entry of it. Your module then should select the
attributes which are useful for it.<br>
There are two variables in <span style="font-style: italic;">baseModule</span>
which should be used to store the attributes. The <span style="font-weight: bold;">$attributes</span> variable stores the
current attributes including changes the user made. The <span style="font-weight: bold;">$orig</span> variable stores the attributes
as they were originally when the account was loaded. This allows you to
see what changes were made.<br>
<br>
The <span style="font-weight: bold;">load_attributes()</span> function
in your module gets the complete attribute list from LDAP.<br>
In most cases you will not need to implement this function because the
parent class baseModule loads attributes based on your meta data.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span> uses an
object class and the <span style="font-style: italic;">'macAddress'</span>
attribute. Therefore we will save these two values.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This function loads all needed attributes into the
object.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @param array $attr an array as it is retured from
ldap_get_attributes<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['objectClass'] = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['macAddress'] = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $this-&gt;orig['objectClass'] =
array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $this-&gt;orig['macAddress'] =
array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (isset($attr['objectClass'])) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['objectClass'] = $attr['objectClass'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;orig['objectClass'] = $attr['objectClass'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (isset($attr['macAddress'])) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['macAddress'] = $attr['macAddress'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;orig['macAddress'] = $attr['macAddress'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return 0;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>2. Page display</h2>
Now that you have defined your subpages you will need one function for
each page to display it. The function must return <span style="font-style: italic;">meta HTML code</span> as defined in the <span style="font-style: italic;">modules specification</span>.<br>
This function is called <span style="font-weight: bold;">display_html_&lt;page
name&gt;()</span> where <span style="font-style: italic;">&lt;page
name&gt;</span> is the name of your subpage.<br>
<br>
See also baseModule::addSimpleInputTextField() and
baseModule::addMultiValueInputTextField()/processMultiValueInputTextField()
if you only want to add some simple text fields.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The
<span style="font-style: italic;">ieee802Device</span>
module has only one subpage called <span style="font-style: italic;">'attributes'</span>.<br>
<br>
The first half of the code displays the existing MAC addresses and the
second an input field for new values.<br>
The variable <span style="font-style: italic;">$this-&gt;attributes</span>
contains the LDAP attributes which are useful for this module.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This function will create the meta HTML code to
show a page with all attributes.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return htmlElement HTML meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">display_html_attributes</span>() {<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = new htmlTable();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $macCount = 0;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // list current MACs<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (isset($this-&gt;attributes['macAddress'])) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $macCount = sizeof($this-&gt;attributes['macAddress']);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; for ($i = 0;
$i &lt; sizeof($this-&gt;attributes['macAddress']); $i++) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlOutputText(_('MAC
address')));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $macInput = new htmlInputField('macAddress' . $i,
$this-&gt;attributes['macAddress'][$i]);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $macInput-&gt;setFieldSize(17);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $macInput-&gt;setFieldMaxLength(17);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement($macInput);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlButton('delMAC' . $i,
'del.png', true));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlHelpLink('mac'),
true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // input box for new MAC<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlOutputText(_('New MAC address')));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $newMacInput = new htmlInputField('macAddress', '');<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $newMacInput-&gt;setFieldSize(17);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $newMacInput-&gt;setFieldMaxLength(17);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement($newMacInput);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlButton('addMAC', 'add.png', true));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlHelpLink('mac'));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return-&gt;addElement(new htmlHiddenInput('mac_number', $macCount));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>3. Processing input data<br>
</h2>
Every time the user clicks on a submit button while your page is
displayed LAM will call a function in your module.<br>
This function is called <span style="font-weight: bold;">process_&lt;page
name&gt;()</span> where <span style="font-style: italic;">&lt;page
name&gt;</span> is the name of your subpage.<br>
<br>
If all input data is ok then return an empty array. If you return one or more error messages then the user will be
redirected to your page.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The
<span style="font-style: italic;">ieee802Device</span>
module has only one subpage called <span style="font-style: italic;">'attributes'</span>
and therefore only <span style="font-style: italic;">process_attributes()</span>.<br>
<br>
The function checks the input fields and fills the LDAP attributes. If
all is ok it will enable the user to move to another module page.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Write variables into object and do some regex
checks<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @param array $post HTTP-POST values<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">process_attributes</span>($post) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $errors = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['macAddress'] = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // check old MACs<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (isset($post['mac_number'])) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; for ($i = 0;
$i &lt; $post['mac_number']; $i++) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; if (isset($post['delMAC' . $i])) continue;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; if (isset($post['macAddress' . $i]) &amp;&amp;
($post['macAddress' . $i] != "")) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // check if address has correct
format<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (!get_preg($post['macAddress'
. $i], 'macAddress')) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $message =
$this-&gt;messages['mac'][0];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $message[] =
$post['macAddress' . $i];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $errors[] = $message;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['macAddress'][] = $post['macAddress' . $i];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // check new MAC<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (isset($post['macAddress'])
&amp;&amp; ($post['macAddress'] != "")) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // check if
address has correct format<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
(get_preg($post['macAddress'], 'macAddress')) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $this-&gt;attributes['macAddress'][] =
$post['macAddress'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; else {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $message =
$this-&gt;messages['mac'][0];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $message[] = $post['macAddress'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $errors[] = $message;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['macAddress'] =
array_unique($this-&gt;attributes['macAddress']);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $errors;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>4. Defining that your module is ready for user input and LDAP
add/modify</h2>
In most cases you will not need to implement these functions. The <span style="font-style: italic;">baseModule</span> will return <span style="font-style: italic;">true</span> for both functions.<br>
<br>
<span style="text-decoration: underline;"><br>
There are two functions which control the module status:</span><br style="text-decoration: underline;">
<br>
The <span style="font-weight: bold;">module_ready()</span> function
has to
return <span style="font-style: italic;">true</span> if the user may
move to your module page. If it is <span style="font-style: italic;">false</span>
the user will be shown an error message that your module is not yet
ready. You can use this if your module depends on input data from other
modules (e.g. you need the user name from posixAccount first).<br>
<br>
The second function is
<span style="font-weight: bold;">module_complete()</span>. The user
cannot do the LDAP operation if one or more modules return <span style="font-style: italic;">false</span>. This defines if all needed
input data for your module was entered.<br>
Use this function if you want to check that all required attributes are
set.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">sambaSamAccount</span>
module needs the user's <span style="font-style: italic;">uidNumber</span>
and <span style="font-style: italic;">gidNumber</span> before it can
accept input and the account needs a <span style="font-style: italic;">sambaSID</span>
before it can be saved.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This function is used to check if this module page
can be displayed.<br>
&nbsp;&nbsp;&nbsp; * It returns false if a module depends on data from
other modules which was not yet entered.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return boolean true, if page can be displayed<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">module_ready</span>() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
($_SESSION[$this-&gt;base]-&gt;module['posixAccount']-&gt;attributes['gidNumber'][0]=='')
return false;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
($_SESSION[$this-&gt;base]-&gt;module['posixAccount']-&gt;attributes['uidNumber'][0]=='')
return false;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
($this-&gt;attributes['uid'][0]=='') return false;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return true;<br>
&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This functions is used to check if all settings
for this module have been made.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return boolean true, if settings are complete<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">module_complete</span>() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (!$this-&gt;module_ready())
return false;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
($this-&gt;attributes['sambaSID'][0] == '') return false;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return true;<br>
&nbsp;&nbsp;&nbsp; }<br>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>5. Saving the LDAP attributes<br>
</h2>
In most cases you will not have to implement this option if you use <span style="font-weight: bold;">$this-&gt;attributes</span> and <span style="font-weight: bold;">$this-&gt;orig</span> to manage the LDAP
attributes. The <span style="font-style: italic;">baseModule</span>
will generate the save comands for you.<br>
<br>
When all modules report that they are ready for LDAP add/modify and the
user clicks on the add/modify button your module will be asked what
changes have to be made.<br>
This is done in the function <span style="font-weight: bold;">save_attributes()</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">kolabUser</span> module uses
this function to make sure that its object class is saved. Other
modules (e.g. quota) use it build the lamdaemon commands.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns a list of modifications which have to be
made to the LDAP account.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array list of modifications<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;This function returns an array with 3
entries:<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;array( DN1 ('add' =&gt; array($attr),
'remove' =&gt; array($attr), 'modify' =&gt; array($attr)), DN2 .... )<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;DN is the DN to change. It may be
possible to change several DNs (e.g. create a new user and add him to
some groups via attribute memberUid)<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;"add" are attributes which have to be
added to LDAP entry<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;"remove" are attributes which have to be
removed from LDAP entry<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;"modify" are attributes which have to
been modified in LDAP entry<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; function save_attributes() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // add object class if needed<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
(!isset($this-&gt;attributes['objectClass']) ||
!in_array('kolabInetOrgPerson', $this-&gt;attributes['objectClass'])) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;attributes['objectClass'][] = 'kolabInetOrgPerson';<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return parent::save_attributes();<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

98
lam/docs/devel/mod_basics.htm Normal file
View File

@ -0,0 +1,98 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - Basic concepts</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - Basic concepts<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Licensing</h2>
LAM is licensed under the <a href="http://www.gnu.org/licenses/gpl.txt">GNU
General Public License</a>. This means your plugins need a compatible
license.<br>
LAM is distributed with a copy of the GPL license.<br>
<br>
<h2>2. Naming and position in directory structure</h2>
<br>
Module names are usually named after the object class they manage.
However, you can use any name you want, it should be short and
containing only a-z and 0-9. The module name is only shown in the
configuration dialog, on all other pages LAM will show a provided <span style="font-style: italic;">alias</span> name.<br>
All account modules are stored in <span style="font-weight: bold;">lib/modules</span>.
The filename must end with <span style="font-weight: bold;">.inc</span>
and the file must have the same name as its inside class.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span>
Our example module will provide the <span style="font-weight: bold;">class
ieee802Devic</span><span style="font-style: italic; font-weight: bold;">e</span>,
therefore the file will be called <span style="font-weight: bold;">lib/modules/ieee802Devic</span><span style="font-style: italic; font-weight: bold;">e.inc</span>.<span style="font-style: italic;"></span><br>
<br>
<br>
<h2>3. Defining the class</h2>
All module classes have <span style="font-weight: bold;">baseModule</span>
as parent class. This provides common functionality and dummy functions
for all required class functions.<br>
<br>
<span style="font-weight: bold;">Example:</span><br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">/**<br>
* Provides MAC addresses for hosts.<br>
*<br>
* @package modules<br>
*/<span style="font-weight: bold;"><br>
class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span>
<span style="font-style: italic;">extends </span><span style="font-weight: bold;">baseModule</span> {<br>
<br>
}<br>
</td>
</tr>
</tbody>
</table>
<br>
<h2>4. Meta data</h2>
The module interface inludes a lot of required and optional functions.
Many of these functions do not need to be implemented directly in the
module, you can define <span style="font-weight: bold;">meta data</span>
for them and the <span style="font-weight: bold;">baseModule</span>
will do the rest.<br>
Providing <span style="font-weight: bold;">meta data</span> is
optional, you can implement the required functions in your class, too.<br>
<br>
The <span style="font-weight: bold;">baseModule</span> reads the <span style="font-weight: bold;">meta data</span> by calling <span style="font-weight: bold;">get_metaData()</span> in your class.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">get_metaData</span>() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // icon<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return['icon'] = 'user.png';<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
You will see this functions several times in the next parts of this
HowTo.<br>
<br>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

145
lam/docs/devel/mod_config.htm Normal file
View File

@ -0,0 +1,145 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - Configuration options</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<h1>Module HowTo - Configuration options<br>
</h1>
<div style="text-align: left;"><br>
There might be situations where you want to give the user the
possibility to make general settings which are not useful to place on
the account detail pages or profile editor.<br>
Therefore LAM allows the modules to define their own configuration
options. E.g. the <span style="font-style: italic;">posixAccount</span>
module uses this to define the ranges for the UIDs.<br>
LAM will display your configuration options only if the user also
selected your module.<br>
</div>
<div style="text-align: left;"><br>
<h2>1. Defining configuration options<br>
</h2>
First you have to define what options you want to offer the user. LAM
will display all options in one fieldset for each module. Please notice
that there will be no separation on account types if you module is
suitable for different account types.<br>
<br>
The configuration options are specified with <span style="font-weight: bold;">get_configOptions()</span>
or <span style="font-weight: bold;">meta['config_options']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">posixGroup</span> module offers several configuration options including the min/maximum values for GIDs.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; // configuration options<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $configContainer = new htmlTable();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $configContainer-&gt;addElement(new htmlSubTitle(_("Groups")), true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $minGidInput = new
htmlTableExtendedInputField(_('Minimum GID number'),
'posixGroup_minGID', null, 'minMaxGID');<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $minGidInput-&gt;setRequired(true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $configContainer-&gt;addElement($minGidInput, true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $maxGidInput = new
htmlTableExtendedInputField(_('Maximum GID number'),
'posixGroup_maxGID', null, 'minMaxGID');<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $maxGidInput-&gt;setRequired(true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $configContainer-&gt;addElement($maxGidInput, true);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return[<span style="color: red;">'config_options'</span>][<span style="color: red;">'group'</span>] = $configContainer;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
The min/maximum GID numbers are defined with simple text boxes.<br><br>
<h2>2. Checking user input</h2>
Probably you also want to check if the input data is syntactically
correct.<br>
The <span style="font-style: italic;">baseModule</span> already
provides different checks which can be activated with <span style="font-style: italic;">meta data</span>. However you can also do
the checking in the module.<br>
Implementing the function <span style="font-weight: bold;">check_configOptions()</span>
in your module will allow you to do the checks yourself. Basic checks
can be defined with <span style="font-weight: bold;">meta['config_checks']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">posixGroup</span> module only
needs to check if the GID numbers are correct. The password hash type
needs not to be checked as it is a selection.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp; &nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // configuration checks<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['posixGroup_minGID'] =
array (<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'type' =&gt;
'ext_preg',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'regex' =&gt;
'digit',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'required'
=&gt; true,<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'required_message' =&gt; $this-&gt;messages['gidNumber'][5],<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'error_message' =&gt; $this-&gt;messages['gidNumber'][5]);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['posixGroup_maxGID'] =
array (<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'type' =&gt;
'ext_preg',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'regex' =&gt;
'digit',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'required'
=&gt; true,<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'required_message' =&gt; $this-&gt;messages['gidNumber'][6],<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'error_message' =&gt; $this-&gt;messages['gidNumber'][6]);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'config_checks'</span>][<span style="color: rgb(255, 0, 0);">'group'</span>]['cmpGID'] = array (<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'type' =&gt;
'int_greater',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'cmp_name1'
=&gt; 'posixGroup_maxGID',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'cmp_name2'
=&gt; 'posixGroup_minGID',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'error_message' =&gt; $this-&gt;messages['gidNumber'][7]);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
The type <span style="font-weight: bold;">"ext_preg"</span> means that
the <span style="font-style: italic;">baseModule</span> will use the <span style="font-style: italic;">get_preg()</span> function in <span style="font-style: italic;">lib/account.inc</span> for the syntax
check. This function already contains regular expressions for the most
common cases.<br>
To check if the minimum GID is smaller than the maximum GID we define a
check for the nonexistant option "cmpGID" and define it as optional.
This will do the comparison check.<br>
<br>
<br>
</div>
</body></html>

56
lam/docs/devel/mod_ext.htm Normal file
View File

@ -0,0 +1,56 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Module HowTo - Defining required extensions</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Module HowTo - Defining required extensions<br>
</h1>
<div style="text-align: left;"><br>
Your account module might require special PHP extensions. LAM can check
this for you and display an error message at the login page.<br>
<br>
</div>
<div style="text-align: left;">You will need to implement the function <span
style="font-weight: bold;">getRequiredExtensions()</span> or use <span
style="font-weight: bold;">meta['extensions']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">posixAccount</span> module needs
to generate password hashes. Therefore it needs the Hash extension.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // PHP extensions<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return["extensions"] =
array("hash");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body>
</html>

321
lam/docs/devel/mod_general.htm Normal file
View File

@ -0,0 +1,321 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - General module options</title>
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - General module options<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Account types<br>
</h2>
LAM provides multiple account types (e.g. users, groups, hosts).<span style="font-weight: bold;"><br>
</span>A module can manage one or more account types.<br>
<br>
The types are specified with <span style="font-weight: bold;">can_manage()</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
Our <span style="font-style: italic;">ieee802Device</span>
module will be used only for host accounts.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns true if this module can manage accounts of the current type, otherwise false.<br>
&nbsp;&nbsp;&nbsp; * <br>
&nbsp;&nbsp;&nbsp; * @return boolean true if module fits<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; public function <span style="color: red;">can_manage()</span> {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $this-&gt;get_scope() == 'host';<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>2. Base modules<br>
</h2>
In LDAP every entry needs exactly one <span style="font-style: italic;">structural
object class</span>. Therefore all modules which provide a <span style="font-style: italic;">structural object class</span> are marked
as <span style="font-weight: bold;">base module</span>.<br>
<br>
This is done with <span style="font-weight: bold;">is_base_module()</span>
or <span style="font-weight: bold;">meta['is_base']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span>
module manages the structural object class "inetOrgPerson" and
therefore is a <span style="font-weight: bold;">base module</span>.<br>
If your module is not a base module you can skip the meta data for
this, default is <span style="font-style: italic;">false</span>.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // base module<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return["is_base"] = true;</span><br style="color: rgb(255, 0, 0);">
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>3. Alias name</h2>
The module name is very limited, therefore every module has an <span style="font-style: italic;">alias name</span>. This <span style="font-style: italic;">alias name</span> has no limitations and
can be translated. It may contain special characters but make sure that
it does not contain HTML special characters like "&lt;".<br>
The <span style="font-style: italic;">alias name </span>can be the
same for all managed <span style="font-style: italic;">account types</span>
or differ for each type.<br>
<br>
The <span style="font-style: italic;">alias name</span> is specified
with <span style="font-weight: bold;">get_alias()</span>
or <span style="font-weight: bold;">meta['alias']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
Our <span style="font-style: italic;">ieee802Device</span>
module will get the alias MAC address.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // alias name<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;$return["alias"] = _("MAC address");</span><br style="color: rgb(255, 0, 0);">
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>4. Dependencies</h2>
Modules can depend on eachother. This is useful if you need to access
attributes from other modules or the managed object classes of your
module are not structural.<br>
<br>
The dependencies are specified with <span style="font-weight: bold;">get_dependencies()</span>
or <span style="font-weight: bold;">meta['dependencies']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
Our <span style="font-style: italic;">ieee802Device</span>
module depends on the account module (because it is the only structural
module at this time).<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // module dependencies<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;$return['dependencies'] = array('depends' =&gt;
array('account'), 'conflicts' =&gt; array());</span><br style="color: rgb(255, 0, 0);">
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>5. Messages</h2>
There are many situations where you will display messages to the user.
The modules should define such messages at a common place to make it
easier to modify them without searching the complete file.<br>
The <span style="font-style: italic;">baseModule</span> offers the $<span style="font-weight: bold;">messages</span> variable for this. It
should be filled by a function called <span style="font-weight: bold;">load_Messages()</span>.<br>
The <span style="font-style: italic;">baseModule</span> will
automatically check if you have implemented this function and call it
at construction time.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
Now let our <span style="font-style: italic;">ieee802Device</span>
module define a message.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This function fills the error message array with
messages<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_Messages</span>() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $this-&gt;messages['mac'][0] =
array('ERROR', 'MAC address is invalid!');&nbsp; // third array value
is set dynamically<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>6. Managed object classes<br>
</h2>
<h2></h2>
You can tell LAM what object classes are managed by your module.<br>
LAM will then check the spelling of the objectClass attributes and
correct it automatically. This is useful if other applications (e.g.
smbldap-tools) also create accounts and the spelling is differnt.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
<br>
The <span style="font-style: italic;">ieee802Device</span> module
manages one object class.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // managed object classes<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;$return['objectClasses'] = array('ieee802Device');</span><br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>7. Known LDAP aliases<br>
</h2>
LDAP attributes can have several names (e.g. "cn" and "commonName" are
the same). If you manage such attributes then tell LAM about the alias
names.<br>
LAM will then convert all alias names to the given attribute names
automatically.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
<br>
The <span style="font-style: italic;">posixGroup</span> module manages
the "cn" attribute. This attribute is also known under the alias
"commonName".<br>
This way the module will never see attributes called "commonName"
because LAM renames them as soon as the LDAP entry is loaded.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // LDAP aliases<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;$return['LDAPaliases'] = array('commonName' =&gt;
'cn');</span><br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
<h2>8. Icon<br>
</h2>
You can specify a icon for you module. It will be displayed on the
account pages and other module specific places (e.g. file upload).<br>
The icons must be 32x32 pixels in size. The location is relative to the <span style="font-style: italic;">graphics</span> directory.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
<br>
The <span style="font-style: italic;">posixGroup</span> module uses the "tux.png" from the graphics directory.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // icon<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; <span style="color: rgb(255, 0, 0);">$return['icon'] = 'tux.png';</span><br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</body></html>

89
lam/docs/devel/mod_help.htm Normal file
View File

@ -0,0 +1,89 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Module HowTo - Help entries</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Module HowTo - Help entries<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Defining help entries<br>
</h2>
Your module should provide help for all input fields and other
important things.<br>
The LAM help system defines an extra ID range for each module. So you
are free in defining your own IDs.<br>
<br>
The help entries are specified with <span style="font-weight: bold;">get_help()</span>
or <span style="font-weight: bold;">meta['help']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span>
module needs help entries for the MAC address.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; $return = array();<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp; // help Entries</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;$return['help'] = array(</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'mac' =&gt; array(</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;"Headline"
=&gt; _("MAC address"),</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;"Text" =&gt;
_("This is the MAC address of the network card of the device (e.g.
00:01:02:DE:EF:18).")</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;),</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'macList' =&gt; array(</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;"Headline"
=&gt; _("MAC address list"),</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;"Text" =&gt;
_("This is a comma separated list of MAC addresses.")</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;));</span><br
style="color: rgb(255, 0, 0);">
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body>
</html>

58
lam/docs/devel/mod_index.htm Normal file
View File

@ -0,0 +1,58 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>LAM module HowTo</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo</h1>
<br>
<br>
<div style="text-align: left;">
<h2>Basic functions</h2>
<br>
</div>
<div style="text-align: left;">LAM can be easily extended to support
additional LDAP object classes and attributes.<br>
This document provides a step-by-step description to build an account
module. The <span style="font-style: italic;">ieee802Device</span>
module which provides MAC addresses for hosts is used as example.<br>
<br>
<h3><a href="mod_basics.htm">1. Basic concepts</a><br>
</h3>
<h3><a href="mod_general.htm">2. General module options</a></h3>
<h3><a href="mod_accountPages.htm">3. Account pages</a></h3>
<h3><a href="mod_help.htm">4. Help entries<br>
</a></h3>
<h3><a href="mod_pdf.htm">5. PDF output<br>
</a></h3>
<h3><a href="mod_upload.htm">6. File upload</a></h3>
<br>
<hr style="width: 100%; height: 2px;"><br>
<h2>Advanced functions</h2>
This part covers additional functionality of the modules which are only
needed by a minority of modules. The examples are taken from different
existing modules.<br>
<br>
<h3><a href="mod_profiles.htm">1. Account profiles</a></h3>
<h3><a href="mod_config.htm">2. Configuration options</a></h3>
<h3><a href="mod_upload2.htm">3. Advanced upload options</a></h3>
<h3><a href="mod_rdn.htm">4. Defining the RDN</a></h3>
<h3><a href="mod_ext.htm">5. Defining required PHP extensions</a></h3>
<h3><a href="mod_selfService.htm">6. Self service</a></h3>
<br>
<br>
</div>
</div>
</body></html>

100
lam/docs/devel/mod_pdf.htm Normal file
View File

@ -0,0 +1,100 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - PDF output</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - PDF output<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Defining possible PDF values<br>
</h2>
The first step to PDF output is defining what values your module
provides. This is needed for the PDF editor, otherwise the user will
not be able to select values from your module.<br>
<br>
The PDF values are specified with <span style="font-weight: bold;">get_pdfFields()</span>
or <span style="font-weight: bold;">meta['PDF_fields']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span>
module has only one attribute and therefore one PDF value: the MAC
address.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
[...]<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // available PDF fields<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return['PDF_fields'] = array(</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 'macAddress' =&gt; _('MAC address')</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; );</span><br style="color: rgb(255, 0, 0);">
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>2. Providing data to put into the PDF file<br>
</h2>
When the user wants to create a PDF file the LDAP account is loaded and
you module is asked for data to put into the PDF file.<br>
<br>
This is done with <span style="font-weight: bold;">get_pdfEntries()</span>. Please also see <span style="font-style: italic;">baseModule::addSimplePDFField() </span>for simple cases like below.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span>
module will return the MAC address list of the account.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp; &nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns a list of PDF entries<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; function get_pdfEntries() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
(sizeof($this-&gt;attributes['macAddress']) &gt; 0) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$return['ieee802Device_macAddress'] = '&lt;block&gt;&lt;key&gt;' .
_('MAC address list') . '&lt;/key&gt;&lt;value&gt;' . implode(', ',
$this-&gt;attributes['macAddress']) . '&lt;/value&gt;&lt;/block&gt;';<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

170
lam/docs/devel/mod_profiles.htm Normal file
View File

@ -0,0 +1,170 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - Account profiles</title>
<link rel="stylesheet" type="text/css" href="style/layout.css"><link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - Account profiles<br>
</h1>
<div style="text-align: left;"><br>
Account profiles make it easy to set default values for new accounts
and even to reset an existing account to default values.<br>
Your module should provide the possibility to define default values for
all attributes which do not differ for each account.<br>
</div>
<div style="text-align: left;"><br>
<h2>1. Defining possible profile options<br>
</h2>
The first step to account profiles is defining the attributes for which
the user can set default values. You will also have to define the type
(text, checkbox, ...) of the profile options.<br>
The profile editor then will display a fieldset for each module
containing its profile options.<br>
<br>
The profile options are specified with <span style="font-weight: bold;">get_profileOptions()</span>
or <span style="font-weight: bold;">meta['profile_options']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span>
module has only two attributes which may be set to a default value: job
title and employee type.<br>
The other attributes are account specific and not useful as profile
options.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // profile elements<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return[<span style="color: rgb(255, 0, 0);">'profile_options'</span>] = array(<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; new
htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title',
null, 'title'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; new htmlTableExtendedInputField(_('Employee type'), 'inetOrgPerson_employeeType', null, 'employeeType')<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; );<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
This defines two text boxes in the profile editor, one for the job
title and one for the employee type.<br>
Your profile options should also provide a help link because the description
of the input element might be not enough.<br>
<br>
<br>
<h2>2. Checking user input</h2>
Probably you also want to check if the input data is syntactically
correct.<br>
The <span style="font-style: italic;">baseModule</span> already
provides different checks which can be activated with <span style="font-style: italic;">meta data</span>. However you can also do
the checking in the module.<br>
Implementing the function <span style="font-weight: bold;">check_profileOptions()</span>
in your module will allow you to do the checks yourself. Basic checks
can be defined with <span style="font-weight: bold;">meta['profile_checks']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span> module only
needs some regular expression checks on the input. This can be done by
the <span style="font-style: italic;">baseModule</span>.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // profile checks<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'profile_checks'</span>][<span style="color: rgb(255, 0, 0);">'inetOrgPerson_title'</span>] = array(<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'type' =&gt;
'ext_preg',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'regex' =&gt;
'title',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'error_message' =&gt; $this-&gt;messages['title'][0]);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'profile_checks'</span>][<span style="color: rgb(255, 0, 0);">'inetOrgPerson_employeeType'</span>] =
array(<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'type' =&gt;
'ext_preg',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'regex' =&gt;
'employeeType',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'error_message' =&gt; $this-&gt;messages['employeeType'][0]);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
The type <span style="font-weight: bold;">"ext_preg"</span> means that
the <span style="font-style: italic;">baseModule</span> will use the <span style="font-style: italic;">get_preg()</span> function in <span style="font-style: italic;">lib/account.inc</span> for the syntax
check. This function already contains regular expressions for the most
common cases.<br>
<br>
<br>
<h2>3. Loading an account profile</h2>
When an account profile is loaded the modules have to check what values
they need for their internal data structures.<br>
The <span style="font-style: italic;">baseModule</span> already
provides the possibility to store profile values directly as LDAP
attributes in <span style="font-style: italic;">$this-&gt;attributes</span>.
This is done by defining profile-attribute mappings in <span style="font-weight: bold;">meta['profile_mappings']</span>.<br>
If you have other values than LDAP attributes or need some post
processing you can implement the function <span style="font-weight: bold;">load_profile()</span> in your module.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetLocalMailRecipient</span>
module only
needs a static mapping. This can be done by
the <span style="font-style: italic;">baseModule</span>.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; // profile mappings<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span style="color: rgb(255, 0, 0);">'profile_mappings'</span>] = array(<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'inetLocalMailRecipient_host' =&gt; 'mailHost'<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
In this example the profile option "inetLocalMailRecipient_host" is
stored as LDAP attribute "mailHost".<br>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

60
lam/docs/devel/mod_rdn.htm Normal file
View File

@ -0,0 +1,60 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Module HowTo - Defining the RDN</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Module HowTo - Defining the RDN<br>
</h1>
<div style="text-align: left;"><br>
Every LDAP DN starts with a RDN (relative DN). This is the value of a
LDAP attribute. Users usually use "uid", groups use "cn".<br>
You can provide a list of suitable RDN attributes for your module and
give them a priority, too.<br>
<br>
</div>
<div style="text-align: left;">You will need to implement the function <span
style="font-weight: bold;">get_RDNAttributes()</span> or use <span
style="font-weight: bold;">meta['RDN']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">posixAccount</span> module
offers to create accounts with DNs uid=foo,dc=.... and cn=foo,dc=...<br>
The uid attribute has a higher priority as it is the usual attribute
for Unix accounts.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // RDN attributes<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return["RDN"] = array("uid"
=&gt; "normal", "cn" =&gt; "low");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body>
</html>

268
lam/docs/devel/mod_selfService.htm Normal file
View File

@ -0,0 +1,268 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - Self service</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - Self service<br>
</h1>
<div style="text-align: left;"><br>
Self service is a LAM Pro feature. It allows your users to manage their own data (e.g. telephone numbers).<br>
<br>
</div>
<div style="text-align: left;">First you need to implement the function <span style="font-weight: bold;">getSelfServiceFields()</span> or use <span style="font-weight: bold;">meta['selfServiceFieldSettings']</span>. Each field
has an ID and a descriptive name that will be displayed on the self
service page.<br>
Your input fields may also be defined as read-only in the self service
profile editor. If your fields supports read-only then use
canSelfServiceFieldBeReadOnly() or <span style="font-weight: bold;">meta['selfServiceReadOnlyFields']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span> module
provides lots of possible input fields for the self service.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return['selfServiceFieldSettings'] =
array('firstName' =&gt; _('First name'), 'lastName' =&gt; _('Last
name'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'mail' =&gt;
_('Email address'), 'telephoneNumber' =&gt; _('Telephone number'),
'mobile' =&gt; _('Mobile number'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'faxNumber'
=&gt; _('Fax number'), 'street' =&gt; _('Street'), 'postalAddress'
=&gt; _('Postal address'), 'registeredAddress' =&gt; _('Registered
address'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'postalCode'
=&gt; _('Postal code'), 'postOfficeBox' =&gt; _('Post office box'),
'jpegPhoto' =&gt; _('Photo'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'homePhone'
=&gt; _('Home telephone number'), 'roomNumber' =&gt; _('Room number'),
'carLicense' =&gt; _('Car license'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'location'
=&gt; _('Location'), 'state' =&gt; _('State'), 'officeName' =&gt;
_('Office name'), 'businessCategory' =&gt; _('Business category'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'departmentNumber' =&gt; _('Department'), 'initials' =&gt;
_('Initials'), 'title' =&gt; _('Job title'), 'labeledURI' =&gt; _('Web
site'),<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'userCertificate' =&gt; _('User certificates'));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // possible self service read-only fields<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
&nbsp;$return['selfServiceReadOnlyFields'] = array('firstName',
'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;'postalAddress', 'registeredAddress', 'postalCode',
'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense',<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'location',
'state', 'officeName', 'businessCategory', 'departmentNumber',
'initials', 'title', 'labeledURI', 'userCertificate');<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
In very rare cases you need to specify self service search attributes.
These are used to identify the user inside LDAP. Common examples are
"uid" or "mail".<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span> module specifies several search attributes.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // self service search attributes<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
&nbsp;$return['selfServiceSearchAttributes'] = array('uid', 'mail',
'cn', 'surname', 'givenName', 'employeeNumber');<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
The HTML code for the user page is generated with the function <span style="font-weight: bold;">getSelfServiceOptions()</span>. It returns one table row for each input field.<br>
Please note that some fields may be defined as read-only
($readOnlyFields). If $passwordChangeOnly is set then no input fields
other than the bind password should be displayed (you will not get any
attribute values).<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">windowsUser</span> module uses
the addSimpleSelfServiceTextField() function from baseModule to print
the text field. You may also build the table row yourself if the input
field is more complex.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; &nbsp;* Returns the meta HTML code for each input field.<br>
&nbsp;&nbsp;&nbsp; &nbsp;* format: array(&lt;field1&gt; =&gt; array(&lt;META HTML&gt;), ...)<br>
&nbsp;&nbsp;&nbsp; &nbsp;* It is not possible to display help links.<br>
&nbsp;&nbsp;&nbsp; &nbsp;*<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param array $fields list of active fields<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param array $attributes attributes of LDAP account<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param boolean $passwordChangeOnly indicates
that the user is only allowed to change his password and no LDAP
content is readable<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param array $readOnlyFields list of read-only fields<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @return array list of meta HTML elements (field name =&gt; htmlTableRow)<br>
&nbsp;&nbsp;&nbsp; &nbsp;*/<br>
&nbsp;&nbsp;&nbsp; function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if ($passwordChangeOnly) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return
$return; // only password fields as long no LDAP content can be read<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$this-&gt;addSimpleSelfServiceTextField($return,
'physicalDeliveryOfficeName', _('Office name'), $fields, $attributes,
$readOnlyFields);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
Of course, the user input should also be validated before making any LDAP changes. This is done in <span style="font-weight: bold;">checkSelfServiceOptions()</span>.<br>
The return value includes any error messages to display and also all LDAP operations.<br>
Please note that some fields may be defined as read-only
($readOnlyFields). If $passwordChangeOnly is set then no input fields
other than the bind
password should be displayed (you will not get any attribute values).<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">inetOrgPerson</span> module has a field for the user's first name.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; &nbsp;* Checks if all input values are correct and returns the LDAP attributes which should be changed.<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;Return values:<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;messages: array of parameters to create status messages<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;add: array of attributes to add<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;del: array of attributes to remove<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;mod: array of attributes to modify<br>
&nbsp;&nbsp;&nbsp; &nbsp;* &lt;br&gt;info: array of values with
informational value (e.g. to be used later by pre/postModify actions)<br>
&nbsp;&nbsp;&nbsp; &nbsp;* <br>
&nbsp;&nbsp;&nbsp; &nbsp;* Calling this method does not require the existence of an enclosing {@link accountContainer}.<br>
&nbsp;&nbsp;&nbsp; &nbsp;*<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param string $fields input fields<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param array $attributes LDAP attributes<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param boolean $passwordChangeOnly indicates
that the user is only allowed to change his password and no LDAP
content is readable<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @param array $readOnlyFields list of read-only fields<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @return array messages and attributes
(array('messages' =&gt; array(), 'add' =&gt; array('mail' =&gt;
array('test@test.com')), 'del' =&gt; array(), 'mod' =&gt; array(),
'info' =&gt; array()))<br>
&nbsp;&nbsp;&nbsp; &nbsp;*/<br>
&nbsp;&nbsp;&nbsp; function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array('messages' =&gt;
array(), 'add' =&gt; array(), 'del' =&gt; array(), 'mod' =&gt; array(),
'info' =&gt; array());<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if ($passwordChangeOnly) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return; // skip processing if only a password change is done<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $attributeNames = array(); // list of attributes which should be checked for modification<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $attributesNew = $attributes;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // first name<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (in_array('firstName', $fields) &amp;&amp; !in_array('firstName', $readOnlyFields)) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $attributeNames[] = 'givenName';<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
(isset($_POST['inetOrgPerson_firstName']) &amp;&amp;
($_POST['inetOrgPerson_firstName'] != '')) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; if (!get_preg($_POST['inetOrgPerson_firstName'],
'realname')) $return['messages'][] = $this-&gt;messages['givenName'][0];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; else $attributesNew['givenName'][0] =
$_POST['inetOrgPerson_firstName'];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; elseif
(isset($attributes['givenName'])) unset($attributesNew['givenName']);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td></tr></tbody>
</table>
<br>
<br>
The self service also supports configuration settings for each module. See <span style="font-weight: bold;">getSelfServiceSettings() </span>or <span style="font-weight: bold;">meta['selfServiceSettings'] </span>to specify the options.<br>
You can validate the input with <span style="font-weight: bold;">checkSelfServiceSettings()</span>.<br>
Self service configuration settings are displayed on a separate tab in the self service profile editor.<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

162
lam/docs/devel/mod_upload.htm Normal file
View File

@ -0,0 +1,162 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Module HowTo - File upload</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<div style="text-align: center;">
<h1>Module HowTo - File upload<br>
</h1>
<br>
<br>
<div style="text-align: left;"><br>
<h2>1. Defining upload columns<br>
</h2>
If you want to support account creation via file upload you have to
define columns in the CSV file.<br>
Each column has an non-translated identifier, a description, help entry
and several other values.<br>
<br>
The upload columns are specified with <span style="font-weight: bold;">get_uploadColumns()</span>
or <span style="font-weight: bold;">meta['upload_columns']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span>
module has only one attribute and therefore one column: the MAC address.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // manages host accounts<br>
&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return["account_types"] = array("host");<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // upload fields<br>
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $return['upload_columns'] = array(</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;array(</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'name' =&gt;
'ieee802Device_mac',</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'description'
=&gt; _('MAC address'),</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'help' =&gt;
'mac',</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;'example'
=&gt; '00:01:02:DE:EF:18'</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; )</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">&nbsp;&nbsp; &nbsp;
&nbsp;&nbsp; );</span><br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $return;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>2. Building the accounts<br>
</h2>
When the user has uploaded the CSV file the modules have to transform
the input data to LDAP accounts.<br>
<br>
This is done with <span style="font-weight: bold;">build_uploadAccounts()</span>.
The function gets the input data and a list of LDAP accounts as
parameter.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">ieee802Device</span>
module has only one LDAP attribute - <span style="font-style: italic;">'macAddress'</span>
- and the <span style="font-style: italic;">'ieee802Device'</span>
objectClass which is added to all accounts.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * In this function the LDAP account is built up.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @param array $rawAccounts list of hash arrays
(name =&gt; value) from user input<br>
&nbsp;&nbsp;&nbsp; * @param array $partialAccounts list of hash arrays
(name =&gt; value) which are later added to LDAP<br>
&nbsp;&nbsp;&nbsp; * @param array $ids list of IDs for column position
(e.g. "posixAccount_uid" =&gt; 5)<br>&nbsp; &nbsp; * @param array $selectedModules list of selected account modules<br>
&nbsp;&nbsp;&nbsp; * @return array list of error messages if any<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">build_uploadAccounts</span>($rawAccounts,
$ids, &amp;$partialAccounts, $selectedModules) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $messages = array();<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; for ($i = 0; $i &lt;
sizeof($rawAccounts); $i++) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // add object
class<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
(!in_array("ieee802Device", $partialAccounts[$i]['objectClass']))
$partialAccounts[$i]['objectClass'][] = "ieee802Device";<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // add MACs<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if
($rawAccounts[$i][$ids['ieee802Device_mac']] != "") {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; $macs = explode(',',
$rawAccounts[$i][$ids['ieee802Device_mac']]);<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; // check format<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; for ($m = 0; $m &lt; sizeof($macs); $m++) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; if (get_preg($macs[$m],
'macAddress')) {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
$partialAccounts[$i]['macAddress'][] = $macs[$m];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; else {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $errMsg =
$this-&gt;messages['mac'][1];<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
array_push($errMsg, array($i));<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $messages[] =
$errMsg;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return $messages;<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body></html>

123
lam/docs/devel/mod_upload2.htm Normal file
View File

@ -0,0 +1,123 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Module HowTo - Advanced upload options</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<div style="text-align: center;">
<h1>Module HowTo - Advanced upload options<br>
</h1>
<div style="text-align: left;"><br>
The <span style="font-style: italic;">ieee802Device</span> module only
needs the basic upload functions for its functionality.<br>
However there are more possibilities for the modules to control the
file upload.<br>
</div>
<div style="text-align: left;"><br>
<h2>1. Module order<br>
</h2>
Your module might depend on the input values of another module. In this
case you probably want that your module is called as the second one.<br>
<br>
You can define dependencies to other modules with the function <span
style="font-weight: bold;">get_uploadPreDepends()</span> or <span
style="font-weight: bold;">meta['upload_preDepends']</span>.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">sambaGroupMapping</span> module
needs the group name to set the default <span
style="font-style: italic;">displayName</span>. Therefore it depends
on the <span style="font-style: italic;">posixGroup</span> module<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * Returns meta data that is interpreted by parent
class<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @return array array with meta data<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp;<span style="font-weight: bold;"> function</span>
get_metaData() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; $return = array();<br>
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; // upload dependencies<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$return[<span
style="color: rgb(255, 0, 0);">'upload_preDepends'</span>] =
array('posixGroup');<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
</td>
</tr>
</tbody>
</table>
<br>
<br>
<h2>2. Upload post actions<br>
</h2>
If your module does not only create an account but relates the account
with other existing LDAP entries you can do these modifications after
the account was created.<br>
This is useful for adding users to groups or setting quotas.<br>
<br>
You have to implement the function <span style="font-weight: bold;">doUploadPostActions()</span>
in your module. Since post actions are very special there is no <span
style="font-style: italic;">meta data</span> for this.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br
style="font-weight: bold; text-decoration: underline;">
<br>
The <span style="font-style: italic;">posixAccount</span> module
offers to put the user account in additional groups. This is done in
the post actions.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td style="vertical-align: top;">&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; * This function executes one post upload action.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @param array $data array containing one account in
each element<br>
&nbsp;&nbsp;&nbsp; * @param array $ids array(&lt;column_name&gt; =&gt;
&lt;column number&gt;)<br>
&nbsp;&nbsp;&nbsp; * @param array $failed list of accounts which were
not created successfully<br>
&nbsp;&nbsp;&nbsp; * @param array $temp variable to store temporary
data between two post actions<br>
&nbsp;&nbsp;&nbsp; * @return array current status<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt; array (<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;&nbsp; 'status' =&gt; 'finished' |
'inProgress'<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;&nbsp; 'progress' =&gt; 0..100<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt;&nbsp; 'errors' =&gt; array (&lt;array
of parameters for StatusMessage&gt;)<br>
&nbsp;&nbsp;&nbsp; * &lt;br&gt; )<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span
style="color: rgb(255, 0, 0);">doUploadPostActions</span>($data, $ids,
$failed, &amp;$temp) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [...]<br>
&nbsp;&nbsp;&nbsp; }<br>
</td>
</tr>
</tbody>
</table>
<br>
Please make sure that the actions in one call of <span
style="font-weight: bold;">doUploadPostActions()</span> are not very
time consuming (only one LDAP operation). Your function will be called
repeatedly until you give back the status "finished".<br>
This allows LAM to avoid running longer than the maximum execution time
by sending meta refreshes to the browser.<br>
<span style="font-weight: bold;"></span>
<h2><span style="font-weight: bold;"></span></h2>
</div>
</div>
</body>
</html>

37
lam/docs/devel/other_libs.htm Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Other libraries</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<h1 style="text-align: center;">Other libraries<br>
</h1>
<br>
<h2><a name="lamdaemon"></a>Lamdaemon (lamdaemon.pl)<br>
</h2>
<br>
<h2><a name="lists"></a>Account lists (lists.inc)</h2>
This file provides basic functions used by the account lists. They
cover major parts of the HTML output.<br>
There is also one list of LDAP attribute descriptions per account type.
They allow to have translated descriptions of the most common
attributes.<br>
<br>
<h2><a name="status"></a>Status messages (status.inc)</h2>
Status.inc provides the function <span style="font-weight: bold; font-style: italic;">StatusMessage()</span>
which can be used to display error, warning and information messages.<br>
The function uses preg_replace() to convert the special tags to HTML
tags. The message variables are included with printf().<br>
<br>
The parameters of <span style="font-weight: bold; font-style: italic;">StatusMessage()
</span>are described in the developer FAQ.<br>
<br>
<h2><a name="treeSchema"></a>Schema browser</h2>
The file schema.inc contains functions which are needed by
the schema browser.<br>
These functions were copied from <a href="http://sourceforge.net/projects/phpldapadmin/">phpLDAPadmin</a>
(PLA).<br>
<br>
</body></html>

32
lam/docs/devel/ou-edit.htm Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>OU editor</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">OU editor<br>
</h1>
<br>
<br>
This is a simple tool for creating and deleting organisational units
(OU) inside the LDAP tree.<br>
OUs can be managed for the LDAP suffixes of all account types.<br>
<br>
<h2>1. Creating OUs<br>
</h2>
<span style="font-weight: bold; font-style: italic;"></span>The user
provides the name of the new OU which can include a-z, 0-9, "_", "-"
and " ".<br>
LAM will then create a new OU object under the selected LDAP suffix.<br>
<br>
<h2>2. Deleting OUs</h2>
If the user selects to delete an OU he will be asked if he is really
sure and then the OU is deleted.<br>
There is no recursive deletion.<br>
<br>
</body>
</html>

108
lam/docs/devel/pdf_editor.htm Normal file
View File

@ -0,0 +1,108 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>PDF editor</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">PDF editor<br>
</h1>
<div style="text-align: center;"><br>
<img alt="" src="images/lam_pdfEditor.png"
style="width: 443px; height: 162px;"><br>
</div>
<div style="text-align: center;"><br>
<br>
<div style="text-align: left;">The <span style="font-style: italic;">PDF
editor</span> allows the user to create templates for the PDF output.<br>
These templates are saved as files in <span style="font-weight: bold;">config/pdf</span>.<br>
<br>
<h2>Pdfmain.php<br>
</h2>
This is the start page of the <span style="font-style: italic;">PDF
editor</span>. The user can select to add/modify/remove selected PDF
profiles.<br>
<br>
The list of existing PDF profiles is returned by <span
style="font-weight: bold;">getPDFStructureDefinitions()</span> in <span
style="font-style: italic;">pdfstruct.inc</span>. It includes all
structure names without file extensions for a given account type.<br>
<br>
Depending on the selection of the user he is forwarded to pdfpage.php
or pdfdelete.php.<br>
<br>
<h2>Pdfpage.php<br>
</h2>
The user can edit the PDF structures on this page.<br>
<br>
The structure is loaded with <span style="font-weight: bold;">loadPDFStructureDefinitions()</span>
from <span style="font-style: italic;">pdfstruct.inc</span>. If it
does not yet exist then the default structure is loaded.<br>
It is stored in <span style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>
(sections) and <span style="font-weight: bold; font-style: italic;">$_SESSION['currentPageDefinitions']</span>
(head line and logo).<br>
<br>
At the top of the page the head line and logo can be edited. The list
of available logos is retrieved with <span style="font-weight: bold;">getAvailableLogos()</span>
from <span style="font-style: italic;">pdfstruct.inc</span>.<br>
<br>
The sections on the left side are displayed like they are defined in <span
style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>.
Each item has links to move or delete it. Section titles may be changed.<br>
<br>
The list of available PDF entries on the right side is retrieved from <span
style="font-weight: bold;">getAvailablePDFFields()</span> in <span
style="font-style: italic;">modules.inc</span>.<br>
<br>
Near the bottom there the user can add a new section. The list of
available PDF entries is retrieved as above.<br>
<br>
When the user pushes one of the buttons or clicks on a link then there
are several actions:<br>
<ul>
<li><span style="font-weight: bold;">Abort button:</span> The user is
redirected back to <span style="font-style: italic;">pdfmain.php</span>.<br>
</li>
<li><span style="font-weight: bold;">Save button:</span> The
structure name is checked for correctness and the file is saved with <span
style="font-weight: bold;">savePDFStructureDefinitions()</span>
from <span style="font-style: italic;">pdfstruct.inc</span><span
style="font-weight: bold;">.</span></li>
<li><span style="font-weight: bold;">Add section button:</span> LAM
adds a static text or section to the structure.</li>
<li><span style="font-weight: bold;">Add entry button:</span> Adds a
new entry to the selected section.</li>
<li><span style="font-weight: bold;">Change name button:</span>
Changes the name of the section title or the section attribute.</li>
<li><span style="font-weight: bold;">Remove entry link:</span> If the
entry is a section then all parts of this section are removed.
Otherwise a single entry is removed.</li>
<li><span style="font-weight: bold;">Move up/down links:</span> The
entry or section is moved up or down.</li>
</ul>
<br>
<span style="font-weight: bold; font-style: italic;">$_SESSION['currentPDFStructure']</span>
is an array that contains all XML tags of the PDF structure. If you
want to modify the structure always remember to put the opening and
closing tags at the right place.<br>
<br>
<h2>Pdfdelete.php</h2>
When the user selected to delete a structure in <span
style="font-style: italic;">pdfmain.php</span> he is redirected to
this page.<br>
<br>
LAM will ask once again if the user is sure to delete the structure. If
this is the case the structure will be deleted with <span
style="font-weight: bold;">deletePDFStructureDefinition()</span> from <span
style="font-style: italic;">pdfstruct.inc</span>.<br>
<br>
<br>
<br>
<br>
</div>
</div>
</body>
</html>

41
lam/docs/devel/pdf_libs.htm Normal file
View File

@ -0,0 +1,41 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>PDF (pdf.inc, pdfstruct.inc)</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">PDF (pdf.inc, pdfstruct.inc)<br>
</h1>
<br>
These files control the management of PDF structures and creation of
PDF files.<br>
<br>
<br>
<h2>pdfstruct.inc</h2>
This file includes all functions which are needed to manage the PDF
structures. You can load/save/delete structures, get a list of
available structures and logos.<br>
<br>
<br>
<h2>pdf.inc</h2>
The pdf.inc library is used to create a PDF file. <br>
<br>
<span style="font-weight: bold;">createModulePDF()</span> takes a list
of <span style="font-style: italic;">accountContainer</span> objects
and a PDF structure as parameters. The function then creates a PDF
file, saves it to the <span style="font-style: italic;">tmp</span>
folder and returns the file name.<br>
<br>
<br>
The <span style="font-weight: bold;">lamPDF</span> class extends the <span
style="font-style: italic;">UFPDF</span> class and adds the LAM
specific header and footer.<br>
It also defines the used font. Currently only Bitstream-Vera is
supported.<br>
<br>
</body>
</html>

100
lam/docs/devel/pdf_profiles.htm Normal file
View File

@ -0,0 +1,100 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="content-type">
<title>PDF templates</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico">
</head>
<body>
<h1 style="text-align: center;">PDF templates<br>
</h1>
<br>
Every PDF structure is saved as a single file in <span
style="font-weight: bold;">config/pdf</span>. The
file extension is the account type (user, group, ...) plus ".xml" (e.g.
default.user.xml).<br>
<br>
<h2>Format</h2>
The root tag is <span style="font-weight: bold;">&lt;pdf&gt;</span>
with the attributes <span
style="font-weight: bold; font-style: italic;">filename</span> for the
logo and <span style="font-weight: bold; font-style: italic;">headline</span>
for the title.<br>
<br>
There are two types of subentries in &lt;pdf&gt;:<br>
<ul>
<li>sections</li>
<li>text<br>
</li>
</ul>
<h3>Sections:</h3>
Sections are parts of the PDF file where data from the account profiles
(e.g. LDAP attributes) is shown. Each section has a title and a list of
entries.<br>
<br>
The title is defined with the <span
style="font-weight: bold; font-style: italic;">name</span> attribute
inside the section tag. If the title begins with a "_" then LAM
interprets it as entry. This means that LAM will insert the value part
of this entry here.<br>
<br>
Each section has a list of subentries which are defined with the <span
style="font-weight: bold;">&lt;entry&gt;</span> tag. The have only one
attribute which is <span style="font-weight: bold;">name</span> and
contains the identifier of this entry.<br>
<br>
<h3>Text:</h3>
LAM allows to display a fixed text in the PDF which is defined with the
<span style="font-weight: bold;">&lt;text&gt;</span> tag. The text is
just written inside the tags.<br>
<br>
<br>
<br>
<span style="font-weight: bold;">Example:</span><br
style="font-weight: bold;">
<br>
&lt;pdf type="user" filename="printLogo.jpg" headline="LDAP Account
Manager"&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;text&gt;This document includes your personal
account settings.&lt;/text&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;section name="Personal User Infos"&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_givenName" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry name="inetOrgPerson_sn"
/&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_street" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_postalCode" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_postalAddress" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_mail" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_telephoneNumber" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_mobileTelephoneNumber" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="inetOrgPerson_facsimileTelephoneNumber" /&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;/section&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;section name="Unix User Settings"&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry name="posixAccount_uid"
/&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="posixAccount_userPassword" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="posixAccount_primaryGroup" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="posixAccount_additionalGroups" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="posixAccount_homeDirectory" /&gt;<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;entry
name="posixAccount_loginShell" /&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;/section&gt;<br>
&lt;/pdf&gt;<br>
<br>
<br>
</body>
</html>

72
lam/docs/devel/profile_editor.htm Normal file
View File

@ -0,0 +1,72 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta content="text/html; charset=ISO-8859-15" http-equiv="content-type"><title>Profile editor</title>
<link rel="stylesheet" type="text/css" href="style/layout.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico"></head><body>
<h1 style="text-align: center;">Profile editor<br>
</h1>
<div style="text-align: center;"><img alt="" src="images/lam_profedit.png" style="width: 354px; height: 236px;"><br>
</div>
<div style="text-align: center;"><br>
<div style="text-align: left;">The <span style="font-style: italic;">profile
editor</span> allows the user to set default values for new accounts.<br>
These defaults are saved as files in <span style="font-weight: bold;">config/profiles</span>.<br>
<br>
<h2>Profilemain.php<br>
</h2>
This is the start page of the <span style="font-style: italic;">profile
editor</span>. The user can select to add/modify/remove selected
account profiles.<br>
<br>
The list of existing account profiles is returned by <span style="font-weight: bold;">getAccountProfiles()</span> in <span style="font-style: italic;">modules.inc</span>. It includes all
profile names without file extensions.<br>
<br>
<h2>Profilepage.php<br>
</h2>
This script is used to display the account profile to the user. <br>
<br>
The profile options include the LDAP OU suffix and options provided by
the account modules.<br>
<br>
The values for the OU selection are read with <span style="font-weight: bold;">type->getSuffixList()</span>.<br>
<br>
The <span style="font-style: italic;">account modules</span> provide
all other profile options. The profile editor displays a separate
fieldset for each module containing its options.<br>
The function <span style="font-weight: bold;">print_option()</span>
manages the display of the different option types (checkbox, select,
...). The type of each option is saved in <span style="font-weight: bold;">$_SESSION['profile_types']</span>.<br>
See the <a href="phpdoc/modules/baseModule.html">modules specification</a>
for a complete list of supported types.<br>
<br>
The profiles have unique names under which they are saved. If a profile
with the same name already exists it will be overwritten.<br>
<br>
When the user selects to save the profile then
profilepage.php will check the input for correctness.<br>
First the values are converted to the correct type (checkbox -&gt;
Boolean) by checking <span style="font-weight: bold;">$_SESSION['profile_types']</span>.
Then LAM will replace all "\'" with&nbsp; "'" if <span style="font-style: italic;">magic_quotes_gpc</span> is on. Now the
input data is checked for correctness by calling <span style="font-weight: bold;">checkProfileOptions()</span>.<br>
The <span style="font-style: italic;">account modules</span> return a
list of
error messages if one or more options are incorrect. If there are
errors they will be displayed, otherwise the profile is
saved by calling <span style="font-weight: bold;">saveAccountProfile()</span>.<br>
<br>
<h2>Profiledelete.php</h2>
When the user selected to delete a profile in <span style="font-style: italic;">profilemain.php</span> he is redirected to
this page.<br>
<br>
LAM will ask once again if the user is sure to delete the profile. If
this is the case the profile will be deleted with <span style="font-weight: bold;">delAccountProfile()</span> from <span style="font-style: italic;">profiles.inc</span>.<br>
<br>
<br>
<br>
<br>
</div>
</div>
</body></html>

Some files were not shown because too many files have changed in this diff Show More